cloud-user-base.com

https://cloud-user-base.com/iz5cw?utm_campaign=KV_726722336807197_0503_374_tsr_132&fbid=1231364054987195&utm_content=7sfx1en&cid=1_sales_701_ww_2460_m_fi&bid=BID&subid=2hf5i5.37b.13ios

172.67.187.165 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

5 days ⚠

HTTP

200 · 19.5s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Swyftx: Crypto Exchange, Buy & Sell Crypto"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Swyftx

Vendors

27/27

Status

completed

✓ eset✓ norton✓ openphish✓ avast✓ bitdefender✓ brightcloud✓ sophos✓ yandex✓ microsoft✓ google✓ avg✓ apple✓ emsisoft✓ apwg✓ netcraft✓ urlscan✓ cisa✓ urlquery✓ spamhaus✓ phishtank✓ phishreport✓ mcafee✓ threatyeti✓ kaspersky✓ virustotal✓ urlabuse✓ fortiguard

KB/IOK Matches (1)—

swyftx-clone-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

Swyftx

Unknown

cryptocurrency | finance | technology | ecommerce · 4/5/2026

Summary

The page at cloud-user-base.com presents Swyftx branding and a Swyftx page title, but the domain is a new, non-official domain. The site loads Swyftx-like UI elements and assets, including a Swyftx page title, logo usage, and SPA-style asset loading, indicating impersonation designed to harvest credentials. This is a typosquat/brand impersonation attempt aimed at credential collection on a domain spoofing the legitimate Swyftx service.

Attack Techniques (3)

Typosquatting/brand impersonation via non-official domain (cloud-user-base.com)Page title impersonation (Swyftx branding in HTML title) and visible branding on UIZero static login form in HTML but likely credential capture via dynamically rendered forms

Indicators of Compromise (1)

▸No static login form in HTML; SPA likely renders credential capture via JavaScript

Risk AssessmentUsed in abuse reports

This domain impersonates Swyftx, a recognized crypto exchange, using a newly registered domain and a page title that matches the brand. The HTML source shows an SPA structure with multiple external analytics scripts, and the page loads Swyftx-like branding and assets from cloud-user-base.com, which is not the legitimate Swyftx domain. The combination of brand impersonation, a very new domain, and embedded analytics promises data exfiltration via dynamically rendered forms. The presence of a blockable WAF or scanner-evasion indicators is not explicit, but the site actively loads tracking beacons and third-party scripts, increasing risk of credential harvesting. Recommend urgent takedown actions to prevent credential theft and brand abuse.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence