coinspot.system-apps-updates.com

https://coinspot.system-apps-updates.com/zecdz?utm_campaign=VG_2770547209948392_0203_LAND213.1_1-1-1&fbid=1505961980967484&utm_content=17coinspot1en&cid=1_AU_701_2760_mj_DwInCu&bid=BID&subid=2hf5i5.349.11k67

172.67.199.194 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

76 days

HTTP

200 · 16.5s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Screenshot of coinspot.system-apps-updates.com

Zoom

Title: "CoinSpot"

Save

Domain Intelligence: system-apps-updates.com

Scanned 2 times since Mar 3, 2026, 02:06 AM UTC

✗ Critical (100)

Registered-domain escalation

Submit system-apps-updates.com as the primary IOC, enriched with evidence from hostile subdomains like coinspot.system-apps-updates.com.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (1)—

coinspot-clone-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

CoinSpot

Credential Phishing

finance | cryptocurrency | ecommerce · 4/5/2026

Summary

The page presents CoinSpot branding and content, but is hosted on coinspot.system-apps-updates.com, a domain that contains the CoinSpot name yet is not the official CoinSpot domain. The page title matches CoinSpot, and numerous assets and UI elements mimic CoinSpot’s branding, including logos and messaging about CoinSpot services. The domain impersonation and SPA-like structure are designed to capture credentials, with external analytics and chat widgets loaded from third-party hosts.

Attack Techniques (5)

Typosquatting/brand-in-domain: domain includes 'coinspot' but is under system-apps-updates.comBrand impersonation: page title 'CoinSpot' and CoinSpot-like UI identical to official siteCloned SPA with dynamic credential capture: static HTML has no forms; forms rendered by JavaScript bundlesBrand asset loading from external domains: logos and UI assets loaded from coinspot.system-apps-updates.comUser tracking/analytics beacons: Posthog and Cloudflare beacons loaded to exfiltrate data

Indicators of Compromise (6)

▸DOMAIN: coinspot.system-apps-updates.com

▸URL path contains 'zecdz' with UTM parameters referencing CoinSpot-like campaign

▸Page title CoinSpot and presence of CoinSpot logos (logo-DsXr1j0B.svg, big-logo-DvGZqmBj.svg) loaded from the suspect domain

▸Static HTML contains no forms; SPA likely renders credentials via assets/index-DzPpPMgU.js

▸External scripts loaded from coinspot.system-apps-updates.com and PostHog CDN, plus Cloudflare beacon

▸SSL cert issued to system-apps-updates.com; domain age 76 days; DNS uses Cloudflare nameservers

Risk AssessmentUsed in abuse reports

Scanner indicates deliberate impersonation of CoinSpot with brand-in-domain signals and page title matching CoinSpot. The site loads multiple analytics and tracking scripts (PostHog, Cloudflare beacon) and appears to render forms dynamically via JavaScript, which is typical of credential capture pages. The domain is a non-official host leveraging CoinSpot branding, and the SSL cert is valid but tied to the suspect domain. Given the domain impersonation, SPA-based credential collection risk is high; abuse teams should treat this as credential phishing and take proactive action.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence