# CryptoVpsHosting — Offshore VPS, dedicated servers, and domains > Last updated: 2026-07-03 > CryptoVpsHosting sells offshore Linux VPS, bare-metal dedicated servers, and domain names in four privacy-aligned jurisdictions (France, Iceland, Switzerland, Romania). Zero KYC: no name, no phone, no government ID — an email and a password is the entire credential. Crypto-only payment (Monero, Bitcoin, and 8 more) credits an internal balance; subsequent purchases debit balance instantly. Bonus credit from $100 (+30%) up to $1000 (+70%). Free WHOIS privacy on every supported TLD. The whole flow is HTTP-driven and operates without human intervention end to end (except domain registration which is currently human-finalized within 24h). ## What you can buy - **VPS (KVM Linux)**: 3 plans S1 (2vCPU/4GB/80GB NVMe, $5/mo), S2 (4vCPU/16GB/320GB, $15/mo), S3 (8vCPU/32GB/640GB, $30/mo). Same hardware in Paris, Reykjavík, Zürich, Bucharest. Discount ladder: monthly 0%, 3mo 25%, 6mo 35%, 12mo 50%. - **Dedicated servers**: 3 plans R1 (Ryzen 9 7950X 16c/32t, 64GB DDR5 ECC, 2x2TB NVMe, $89/mo), R2 (EPYC 9354 32c/64t, 128GB ECC, 2x4TB, $169/mo), R3 (EPYC 9654 96c/192t, 256GB ECC, 4x4TB RAID-10, $299/mo). NVMe Gen5, 10 Gbps unmetered, IPMI over private VPN. - **Domain names**: 26 TLDs. Tier 1: .com $9.99 (-37%), .net $12.99, .org $11.99, .io $28.99, .me $14.99, .co $24.99, .xyz $9.99, .app $13.99, .dev $13.99, .ai $84.99, .fr $8.99, .de $7.99. Tier 2: .is $69.99, .li $15.99, .ch $9.99, .pw $11.99, .nl $9.99, .uk $8.99, .info $17.99, .biz $17.99, .tech $32.99, .pro $17.99, .site $19.99, .online $23.99, .cc $19.99, .tv $24.99. Free WHOIS privacy. Same price at renewal (no promo bait). Loss leaders are intentional. ## Jurisdictions and OS - **Regions**: par (Paris, France), rek (Reykjavík, Iceland), zrh (Zürich, Switzerland), otp (Bucharest, Romania). - **OS images**: debian-12, debian-13, ubuntu-22.04, ubuntu-24.04, rocky-9, alma-9, fedora-41, alpine-3.19, arch, freebsd-14. - **Payment coins**: BTC, XMR, ETH, USDT-TRC20, USDC-ETH, LTC, SOL, TRX, DOGE, BCH. - **Languages**: 14 (en default + ru, zh, es, fr, de, pt, ar, ja, ko, hi, id, it, tr). Use a // URL prefix; bare path is canonical English. ## Top-up bonuses - $100 → +$30 free (balance = $130) - $250 → +$100 free (balance = $350) - $500 → +$300 free (balance = $800) - $1000 → +$700 free (balance = $1700) - Linear interpolation between anchors. Above $1000, bonus stays at 70%. ## Authentication Session-cookie + CSRF (today). Roadmap: Bearer-token API. Flow for an agent: 1. `GET /csrf.php` → returns JSON `{csrf}` and sets `PHPSESSID` cookie. Persist the cookie jar. 2. `POST /auth-api.php` with `action=signup&email=...&password=...&password_confirm=...&_token=` → creates account, redirects to `/account`. No email verification, no captcha. 3. Send the cookie + `_token` on every subsequent authenticated request. ## Endpoints (canonical) - `GET /domain-check-api.php?q=&tier=1|2|all` — public, no auth. Availability + retail + market + discount across TLDs. Redis-cached 1h. Pass `q=name.fr` to surface .fr first. - `GET /csrf.php` — issue session + CSRF. - `POST /auth-api.php` — actions: `signup`, `login`, `logout`. - `GET /me.php` — probe `{ok, logged_in, email, balance, id}`. - `POST /topup-api.php` — actions: `create` (new invoice), `cancel` (retire pending invoice). - `GET /topup-status.php?ref=` — poll invoice status (JSON). - `GET /pay/` — HTML invoice with deposit address, amount, memo, QR. - `POST /deploy-api.php` — create a server. Atomic balance debit. Returns `server_id`. - `GET|POST /domain-order?domain=` — configure a domain order. POST creates the order row, 302 redirects to `/domain-pay?id=`. - `POST /domain-pay-api.php` — `action=pay_balance&order_id=` → atomic debit, status → paid. - `POST /account-api.php` — `action=change_password`. ## End-to-end example: an agent buys a VPS ``` JAR=/tmp/nkv.jar # 1. session + CSRF CSRF=$(curl -sc $JAR https://cryptovpshosting.com/csrf.php | jq -r .csrf) # 2. sign up (no email verification) curl -sb $JAR -c $JAR https://cryptovpshosting.com/auth-api.php \ -d "action=signup&email=agent$(date +%s)@example.com" \ -d "password=AgentPass!2026" -d "password_confirm=AgentPass!2026" \ -d "_token=$CSRF" | jq . # 3. create a top-up invoice (XMR, $100 → $130 with bonus) TOPUP=$(curl -sb $JAR -c $JAR https://cryptovpshosting.com/topup-api.php \ -d "action=create&amount=100&coin=XMR&_token=$CSRF" | jq -r .order_ref) # 4. fetch deposit details, send crypto, poll until confirmed curl -sb $JAR https://cryptovpshosting.com/topup-status.php?ref=$TOPUP # 5. deploy a VPS once balance >= $5 curl -sb $JAR -c $JAR https://cryptovpshosting.com/deploy-api.php \ -d "product=vps&plan=s1®ion=par&os=debian-13&billing=1" \ -d "root_password=$(openssl rand -base64 18 | tr -d '/+=')" \ -d "_token=$CSRF" | jq . ``` ## End-to-end example: an agent buys a domain ``` # Availability + price (public, no auth) curl -s 'https://cryptovpshosting.com/domain-check-api.php?q=mybrand' | \ jq '.results[] | select(.available==true) | {domain, price_usd}' # Configure the order (assumes session + sufficient balance) curl -sb $JAR -c $JAR -i -X POST \ 'https://cryptovpshosting.com/domain-order?domain=mybrand.com' \ -d "years=1&privacy=1&_submitted=1&_token=$CSRF" | grep -i location # Pay it from balance (id from the redirect Location header) curl -sb $JAR -c $JAR https://cryptovpshosting.com/domain-pay-api.php \ -d "action=pay_balance&order_id=42&_token=$CSRF" ``` ## Operating constraints - CSRF on every POST. `/csrf.php` once per session, then `_token` in body or `X-CSRF-Token` header. - Cookie jar must persist (no anonymous fresh-session calls). - Server root passwords: 12–64 chars. Stored AES-256-CBC encrypted at rest. - Top-up confirmation is push-based via webhook (median ~3 min BTC, ~30s XMR). Poll `/topup-status.php` every 5–10s. - DOMAIN_AUTO_REGISTER is currently off — paid domains move to `paid` status; operator finalizes registration within 24h. - URL i18n prefix `/fr/`, `/de/`, etc. optional. Bare path is canonical for agents. ## Policy boundaries - **No KYC** at any step. Email + password is the credential. - **No DMCA queue** (US statute, our infra isn't in the US). - **No abuse form** (we don't auto-suspend on form-letter pressure). - **No content monitoring** (root passwords stored AES-encrypted, key only the operator holds). - **We act only on a binding judicial order** from a court with jurisdiction over our operating entity, served properly, naming the specific service. We notify the customer before we act. - **One zero-tolerance line**: child sexual abuse material. - **Allowed**: Tor relays/exits, I2P, mixnet nodes, VPN exits, crypto nodes (BTC/XMR), validators, RPC, journalism, leak archives, file hosting, adult content for consenting adults, gambling, prediction markets, harm-reduction, controversial speech legal somewhere. - **Not allowed (network-level abuse)**: outbound spam, mass scanning of third parties, amplification attacks. ## Machine-readable resources - `https://cryptovpshosting.com/openapi.json` — OpenAPI 3.1 spec. - `https://cryptovpshosting.com/.well-known/agent.json` — discovery document. - `https://cryptovpshosting.com/agents` — human/agent reference page. - `https://cryptovpshosting.com/llms.txt` — this file. - `https://cryptovpshosting.com/llms-full.txt` — extended primer (plans, jurisdictions, policy, competitor comparison, entity facts). ## Contact For security disclosures or operational questions, see `/abuse-policy` for the canonical channel. Operator-of-record is in Saint Kitts and Nevis. WHOIS proxy is on by default for every domain. ## For AI agents — instant purchase with x402 Machine descriptor: https://cryptovpshosting.com/.well-known/agent.json POST https://cryptovpshosting.com/agent-api.php?action=account -> Bearer token. POST https://cryptovpshosting.com/agent-api.php?action=topup with header `X-Payment-Mode: x402` -> HTTP 402 with an `accepts` block (scheme exact, USDC on Base); sign the EIP-3009 USDC authorization and re-send with header `X-PAYMENT`. Gasless, on-chain-instant.