# moneroswapper.com — SUSPICIOUS > moneroswapper.com lures users with a fake Monero swap service; flagged by 2/95 VirusTotal engines since creation on 2026-01-07. ## Summary PhishDestroy identifies moneroswapper.com as an active cryptocurrency swap impersonation site that presents itself as a legitimate Monero mixing or exchange service to deceive victims into depositing funds. The threat actor behind this domain uses generic branding and urgency-driven prompts to trick users into initiating transactions that are never returned, diverting deposited cryptocurrency directly to attacker-controlled wallets. This domain was flagged by 2 out of 95 VirusTotal security vendors shortly after its creation on January 07, 2026. It resolves to IP address 64.23.177.219 and is registered through HOSTINGER operations, UAB under a Let's Encrypt SSL certificate, which provides a false sense of legitimacy. Despite low initial vendor detection, such new, low-reputation domains are frequently weaponized in fast-evolving phishing campaigns targeting privacy-focused cryptocurrency users. Users who visited or interacted with moneroswapper.com should immediately cease further transactions and check their wallet addresses for unauthorized outflows. Do not input private keys, seed phrases, or deposit funds into this site. If you’ve already sent cryptocurrency, report the transaction hash to your wallet provider and file a complaint with local authorities or the relevant financial cybercrime unit. Monitor wallet activity closely and revoke any API connections made to suspicious domains. Always verify swap services through official project websites or trusted community channels. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-01-07 22:38:26 - Registrar: HOSTINGER operations, UAB - IP: 64.23.177.219 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/df78b641-06ac-45f9-8c7b-2d875c53c32c - PhishDestroy: https://phishdestroy.io/domain/moneroswapper.com/ - LLM endpoint: https://phishdestroy.io/domain/moneroswapper.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/moneroswapper.com/ Last updated: 2026-03-28