MalwareTips
DANGEROUS

Brand impersonation — not the real site

Active cybercrime forum hosting database breaches, leaked credentials, and illegal marketplace with explicit fraud allowance and KuCoin impersonation. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Security Review

Is spear.cx legit or a scam?

Our verdict:Dangerous· 21/100

Active cybercrime forum hosting database breaches, leaked credentials, and illegal marketplace with explicit fraud allowance and KuCoin impersonation.

Top reasons
Site explicitly permits fraud in its help documentation: 'Fraud is allowed, as long as it fits into one of the many forums.'Operates active marketplace for stolen databases, leaked credentials, stealer logs, and illegal tools with 11,387+ posts across marketplace sections.Impersonates KuCoin with clone-site infrastructure and user accounts posing as KuCoin administrators.
spear.cxScanned 54m ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 49·MT 8
Category tags
cybercrime forumdata breach marketplacefraud facilitator#Phishing#Clone Site#Data Harvester#Crypto Fraud95% MT confidence
Technical red flags (2)
Impersonates KuCoinScam-network signals (45/100)
Warning signals (1)
Domain is 8 months old

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
Data unavailable
Domain Age
8 months old
Registered Oct 5, 2025
MT Intelligence
Dangerous
Critical likelihood · 95% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust8/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
Spear.cx operates as a dedicated cybercrime marketplace and forum. The site's own help documentation states 'Fraud is allowed, as long as it fits into one of the many forums,' establishing intent to facilitate illegal activity. The forum hosts thousands of threads across sections dedicated to stolen databases, stealer logs, leaked tools, and marketplace services including middleman fraud facilitation. Our research identified the site as a KuCoin clone with impersonation accounts ('ADMIN KuCoin VN') and confirmed it functions as a successor to known breach forums like BreachForums. The domain is 245 days old with valid SSL but no legitimate business registration, and it actively funnels users to Telegram — a common herding channel for crypto scams. The combination of explicit fraud allowance, active marketplace infrastructure, credential harvesting, and clone-site patterns establishes this as a malicious cybercrime operation.
Full dossier
Analysis complete

Page Content

The site presents itself as 'Spear — a com and marketplace forum' with sections for exclusive database breaches, leaks, and an active marketplace. The forum structure includes dedicated sections for stolen databases (3,281 posts), stealer logs (639 posts), leaked tools (4,091 posts), and marketplace services. The site's own help documentation explicitly permits fraud within designated forums. Brand impersonation is present: the forum hosts threads and accounts impersonating KuCoin (flagged as 'ADMIN KuCoin VN'), and the site functions as a KuCoin clone.

Infrastructure

Hosted on IP 185.178.208.183 with an abuse score of 0/100 but 1 abuse report on record. SSL certificate is valid (Let's Encrypt R12) with 51 days to expiry. The domain loads an external Tor hidden service (spear4h2potiyk43oilufhuq2jqbioyaizcs7xttlyw75s5ykwxpxlid.onion) and links to Telegram (@t.me), a common herding channel for crypto fraud. No contact email, postal address, or legitimate business information is provided.

Domain History

Domain registered 245 days ago with privacy protection disabled. No legitimate business registration, LLC, or corporate records exist. The site is referenced in threat intelligence as a successor to BreachForums and is tracked by cybersecurity researchers alongside other known cybercrime forums.

Web Reputation

The site is known in dark web monitoring and threat intelligence circles as an active cybercrime forum. An interview attributed to the operators claims 'We are first forum open to data breaches and crypto scams... We allow anything, except RAAS and CSAM.' The site has been mentioned in cybersecurity reports tracking threat actors and is listed in malware/URL databases. No consumer reviews or legitimate business reputation exists.

Risk Factors
7
  • Site explicitly permits fraud in its help documentation: 'Fraud is allowed, as long as it fits into one of the many forums.'
  • Operates active marketplace for stolen databases, leaked credentials, stealer logs, and illegal tools with 11,387+ posts across marketplace sections.
  • Impersonates KuCoin with clone-site infrastructure and user accounts posing as KuCoin administrators.
  • Funnels users to Telegram and external Tor hidden service — common herding channels for crypto scams and fraud coordination.
  • No legitimate business registration, contact information, or postal address; operates as anonymous cybercrime infrastructure.
  • Referenced in threat intelligence as successor to BreachForums and tracked alongside known cybercrime forums by security researchers.
  • Hosts stolen data from major breaches (Arkansas State Crime Lab, voter data, corporate databases) and facilitates middleman fraud services.
AI Recommendation
Do not visit, register on, or interact with this site. Spear.cx is a documented cybercrime forum that facilitates fraud, hosts stolen data, and operates an illegal marketplace. Report the domain to law enforcement and your internet service provider.
Scam network detected
2 linked domains correlated

Spear.cx operates as a clearnet cybercrime forum with infrastructure linking to Tor hidden services and Telegram. The site impersonates KuCoin and functions as a clone of the legitimate exchange. It is part of a known ecosystem of cybercrime forums tracked by threat intelligence researchers and serves as a marketplace for stolen data, leaked credentials, and illegal services.

spear4h2potiyk43oilufhuq2jqbioyaizcs7xttlyw75s5ykwxpxlid.onionkucoin.com (impersonated)
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of spear.cx
LIVE RENDER
spear.cx
1Impersonates KuCoin

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for spear.cx, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
8 months
Registered Oct 2025
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones kucoin.com
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports
Key findings
7 headline facts from open-web research
  • spear.cx is a clearnet cybercrime forum with sections for database breaches, leaks, leaked tools, and an active marketplace including middleman services (1,106 threads, 11,387 posts, 5,576 members as of crawl).
  • Self-description: "Spear is a com and marketplace forum. We have exclusive database breaches and leaks plus an active marketplace."
  • Rules explicitly state: "Fraud is allowed, as long as it fits into one of the many forums" while banning scamming other members; proxy selling allowed with seller responsibility.
  • Referenced in threat intelligence as a successor/alternative to BreachForums; hosts leaks such as Arkansas State Crime Lab data, fluchos.com breach, Success.com database, voter data, and others by actors like kittykatkrew.
  • Interview on justpaste.it claims: "We are first forum open to data breaches and crypto scams... We allow anything, except RAAS and CSAM."
  • X account @Spearcx promotes leaks and posts from the forum; mentioned in cybersecurity reports alongside Exploit.in, BreachForums for tracking threat actors.
  • No traditional scam reports, Trustpilot, or consumer reviews found; listed in some malware/URL databases but primarily known in dark web monitoring contexts.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • spear.cx Help Documentsopen

    "Fraud is allowed, as long as it fits into one of the many forums."

  • Dark Web Informer (X)open

    "New Forum: Spear spear[.]cx"

Impersonation / typosquat
Clone of kucoin.com

Page contains 'ADMIN KuCoin VN' threads/accounts (banned for leeching); user message flags KuCoin impersonation/clone attempt; forum hosts marketplace likely including crypto-related fraud

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research identified spear.cx as a documented cybercrime forum with explicit fraud allowance. The site's help documentation states 'Fraud is allowed, as long as it fits into one of the many forums.' The forum is referenced in threat intelligence reports as a successor to BreachForums and is tracked by cybersecurity researchers alongside other known cybercrime marketplaces. An attributed operator interview claims the site is 'first forum open to data breaches and crypto scams.' The site hosts thousands of posts related to stolen databases, leaked credentials, and illegal marketplace services. No consumer reviews, business registration, or legitimate reputation sources were found.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

High correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Funnels users into Telegram — common herding channel for crypto scams.
  • Evidence confirms this site is a clone of kucoin.com.
Linked signals (2)
t.meClone of kucoin.com

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Sandbox Render
Sandbox capture incomplete — no traffic recorded
Requests made0
Unique IPs0
Countries0
Detected brandsNone

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbers04-03-2026
Postal addressNot listed
Linked social profiles2
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No postal address visible on the page.
  • Page impersonates KuCoin on a non-official domain.
  • Phone number listed (04-03-2026).
  • Links to 2 social profiles.

Domain & Encryption

Domain History
Age8 months old
RegistrarHidden
RegisteredOct 5, 2025
ExpiresOct 5, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · R12
ExpiresJul 29, 2026 (51d)
Self-signedNo
Hosting & Technology
HostingDDOS-GUARD LTD
Server locationRU
Web serverddos-guard

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://spear.cx/
  • 2200https://spear.cx/

Server Reputation

Hosting
CountryUnknown
NetworkUnknown
IP addressUnknown
Abuse Intelligence
Confidence score0%
Reports on file1
ISPDDOS-GUARD LTD
Usage typeContent Delivery Network

Scam-Type Likelihood

3 scam-type patterns detected
Scam-Type Likelihood

3 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
High likelihood
75/100
  • Page claims to be KuCoin.
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.
Crypto Fraud
Moderate likelihood
33/100
  • AI analyst tagged this as crypto fraud / wallet-drainer.
  • AI analyst categorised the site as crypto-themed.
Phishing
Low-level signals
10/100
  • AI analyst tagged this as phishing.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with spear.cx

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

spear4h2potiyk43oilufhuq2jqbioyaizcs7xttlyw75s5ykwxpxlid.oniont.me

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags spear.cx as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — spear.cx scored 21/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. spear.cx presents a valid TLSv1.3 certificate issued by Let's Encrypt · R12, expiring in 51 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • spear.cx is 8 months old, registered on 10/5/2025. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. spear.cx is not currently listed on the major browser blocklist feeds that modern browsers use.
  • spear.cx resolves to an IP operated by DDOS-GUARD LTD in RU (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

Final Verdict

0
Trust / 100
Final Verdict·spear.cx
DANGEROUS

Spear.cx is a clearnet cybercrime forum that explicitly permits fraud, hosts stolen databases and leaked tools, operates a marketplace for illegal goods, and impersonates KuCoin. Do not visit or interact with this site.

Do not visit, register on, or interact with this site. Spear.cx is a documented cybercrime forum that facilitates fraud, hosts stolen data, and operates an illegal marketplace. Report the domain to law enforcement and your internet service provider.

AV engines
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust36
anistream.one
2m ago
Read the review
Dangeroustrust39
daxorin.cfd
2m ago
Read the review
Dangeroustrust42
softserveclothing.com
5m ago
Read the review
Dangeroustrust39
cineby.cc
1h ago
Read the review
Dangeroustrust25
linkrdr.cc
1h ago
Read the review
Dangeroustrust45
app-hydrexvote.today
1h ago
Read the review
Dangeroustrust40
openthreatdata.com
2h ago
Read the review
Dangeroustrust36
freeonlinek.top
2h ago
Read the review
Dangeroustrust32
darkforums.su
2h ago
Read the review
Dangeroustrust39
ibs.royalcrowncorp.com
2h ago
Read the review
Dangeroustrust28
app.zaewex.com
2h ago
Read the review
Dangeroustrust35
tepomex.com
3h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.