cryptodataoperations.net

https://cryptodataoperations.net/x58h7?utm_campaign=CS-AU-0902-1191-Logo1-459BGX522XBq561&utm_content=CS-AU-Logo1&cid=CS-213.1-AU-992AU1-1191-Big-973cvh157GOM495&fbid=1575234746926596&utm_medium=paid&utm_source=fb&utm_id=6943848615827&utm_term=6947884997227

104.21.82.104 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

28 days

HTTP

200 · 18.3s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

cryptodataoperations.net

Credential Phishing

finance | technology | cryptocurrency | ecommerce · 4/5/2026

Summary

This site presents as a crypto-themed portal but is hosted at cryptodataoperations.net, a domain created only 28 days ago and registered under Global Domain Group LLC. The page content and assets mimic a content-heavy, image-driven portal rather than a standard crypto exchange, but the domain name heavily signals impersonation of the Crypto.com brand (cryptodataoperations contains 'crypto' and the risk signals flag impersonation). The static HTML shows SPA-like behavior with dynamic content and a suspicious external script loaded from Cloudflare Insights, suggesting potential credential capture through runtime UI.

Attack Techniques (5)

Typosquat/brand impersonation via domain containing 'crypto' and similarity to Crypto.comSingle-Page Application (SPA) rendering forms/credential capture via JavaScriptExternal tracking/telemetry script loaded from a CDN (cloudflareinsights beacon) to blend in trafficBrand/logo/content alignment to Crypto branding to mislead visitorsNewly created domain (28 days old) used for credential harvesting

Indicators of Compromise (7)

▸DOMAIN: cryptodataoperations.net (brand similarity signal to Crypto.com)

▸External script: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

▸Resource: 1 external script and multiple image assets loaded from cryptodataoperations.net

▸POST request: https://cryptodataoperations.net/cdn-cgi/rum? (204) indicating potential data collection telemetry

▸SSL cert issued by Google Trust Services to cryptodataoperations.net, valid 23 Jan 2026 to 23 Apr 2026

▸Domain age: 28 days, recently registered

▸No static HTML forms; SPA behavior implies credential capture via JavaScript

Risk AssessmentUsed in abuse reports

Scanner detected a newly registered domain that imitates Crypto branding and serves a single-page interface with credential collection potential. The domain cryptodataoperations.net is used to impersonate a known brand, supported by the brand similarity signal in the domain intelligence. The page sources and network requests indicate SPA-generated UI with brand-tailored visuals, plus an outbound POST to a rum endpoint and a Cloudflare Insights script, suggesting data exfiltration components. The combination of impersonation signals, very young domain age, and active content loading of brand-like assets warrants high scrutiny and takedown action. Recommend suspending the domain and blocking hosting to prevent credential harvesting and distribute abuse alerts to registrars.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence