VirusTotal
2 det.
sim-pleswap[.]org
Domain Security & Threat Intelligence Report
“SimpleSwap | Exchange Crypto | SimpleSwap io”
0
Risk Score
Data coverage
VirusTotal
2 / 95
URLQuery
no det.
OTX
no pulses
CF Radar
suspicious
URLScan
report ready
DNS blocks
none
SSL
valid, 66d
WHOIS
20d old
Screenshot
captured
Redirect chain
not probed
CDN bypass
n/a
URLQuery
no det.
OTX
no pulses
CF Radar
Suspicious
URLScan
Report ↗
DNS Security
no dets
Gridinsoft
—
SSL
Let's Encrypt
Age
20d
Status
Live
DestroyList
Listed
Reports Sent
1
02
Forensic brief
Analyst brief · auto-generated
PhishDestroy identifies sim-pleswap.org as an active crypto credential theft page masquerading as the legitimate SimpleSwap.io exchange platform. This domain employs brand impersonation to trick users into surrendering wallet credentials or transaction approvals, typical behavior of a crypto drainer kit. The page title mirrors SimpleSwap’s branding, leveraging visual similarity to bypass user scrutiny and facilitate unauthorized fund transfers. This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal detection score of 0/95, registered through Dynadot Inc, resolving to IP address 176.125.242.151, created on April 02, 2026, secured with a Let's Encrypt SSL certificate, and currently not blocked by Google Safe Browsing. It remains absent from major threat intelligence blocklists, increasing exposure to potential victims. As of this report, sim-pleswap.org remains active and poses a moderate but evolving risk due to low detection coverage and active hosting. Immediate actions include blocking the domain at DNS and network levels, updating endpoint protection signatures, and warning users to verify URLs via official SimpleSwap.io channels. While current intelligence suggests low immediate threat due to limited propagation, the domain’s recent creation and zero detections indicate a high potential for escalation. Continuous monitoring is advised as this campaign may expand rapidly across social media and phishing channels.
03
Threat response pipeline
30+ Proprietary Parsers
Distributed scanning of Google Ads, SEO-manipulated results, Twitter/X, YouTube & Telegram campaigns.
Infrastructure Analysis
dnstwist & typosquatting detection.
Community Intelligence
Real-time ingestion via Telegram Bot & partner intelligence feeds.
Threat Ingested
sim-pleswap.org detected and queued for full analysis.
55+ Vendor Submissions
Threat data submitted to 55+ security vendors & threat-intel platforms.
2 flagged this domain.
alphaMountain.ai
Gridinsoft
Spamhaus
Cloudflare
Google Safe Browsing
Microsoft Security
VirusTotal
Netcraft
ESET
Bitdefender
Norton Safe Web
Avira
Kaspersky
Sophos
Fortinet
TrendMicro
McAfee
Forcepoint
BlueCoat
Quttera
Yandex Safe
OpenPhish
PhishTank
URLhaus
SURBL
Mimecast
Proofpoint
Webroot
Comodo
Avast
AVG
Malwarebytes
Emsisoft
F-Secure
Panda
Dr.Web
GData
ALYac
Cyren
Tencent
Rising
Baidu
ClamAV
Antiy
Acronis
AILabs
ChainPatrol
CryptoScamDB
ScamSniffer
SEAL-ISAC
WOT
CRDF
ADMINUSLabs
LevelBlue
Lionic
Cloudflare Radar
View scan — verdict: suspicious
VirusTotal2 / 95 vendors flagged on VirusTotal.
Blocklist Detection
Found in 3 blocklists: MetaMask, PhishDestroy, SEAL.
Forensic Evidence CollectionURLScan.io, URLQuery & Cloudflare Radar — DOM snapshots, HTTP transactions, DNS & certificate data.
Registrar & Hosting Notification
Abuse report sent to Dynadot Inc at
abuse@alexhost.com with forensic evidence (metadata, screenshots, PDF).DestroyList Published
Added to PhishDestroy/DestroyList — open-source blocklist for wallets & extensions.
Abuse Reports Sent (1)
1 abuse reports filed; 20d 17h elapsed since first report.
ICANN Escalation — triggered on re-detection (24h+ active threat) per RAA §3.18 with full forensic evidence bundle
Open Threat Database
Real-time commits to GitHub repository & live monitoring at phishdestroy.io/live.
Social Broadcasting
Automated alerts on X, Telegram & Mastodon.
Awaiting Takedown
Domain still active — monitoring & re-reporting continues. 20d 17h since first report.
04
Evidence capture
Live Snapshot
2026-05-17 07:57 UTC
Malicious
· 2/95 engines
Domain Intelligence
Domainsim-pleswap.org
Registrar
Dynadot Inc
Dynadot Inc
Abuse contact
abuse@alexhost.com
IP Address
176.125.242.151
ASN
200019
Registration
2026-04-26 14:07:02 20d
SSL
Let's Encrypt
Hosting
Chisinau , MD
Chisinau , MD
Nameservers
"ns2.dyna-ns.net"]
Page title
“SimpleSwap | Exchange Crypto | SimpleSwap io”
HTTP status
206
External lookups
ICANN RDAP ↗
WHOIS ↗
viewdns ↗rapiddns ↗ ICANN registrars ↗
Technical details
Favicon hash11a6cefec7c87864a14a81b40a2990cf
SSL fingerprintefd213cd5d53a2ad102df2242414cbe17987f30dcb00ce6ec4a44ce710cefb3a
URLScan UUID019dca16-cd7e-712b…
Case IDPD-20260426-95749D
05
Registrar inaction · RAA §3.18
Egregious
7 days+
0d
:
00h
:
00m
:
00s
elapsed since first report
Dynadot Inc — 20 days & 17 hours since the first ICANN-compliant abuse report,
1 reports submitted, the domain is still active.
ICANN RAA §3.18 co-responsibility window expired on day 1; we re-mailed at 24h, 72h and 7d thresholds with a full forensic evidence bundle (HAR + DOM + screenshots + kit hashes). The registrar has not acknowledged. Public escalation is now warranted.
Case ref
PD-20260426-95749D
Re-file at 14d →
08
Public blocklist status
3
Listed in 3 public blocklists — confirmed by independent sources
Sources with no listing are omitted.
09
Technologies
Technologies · 1 identified
WEB SERVERS · 1
Nginx
Detected via Cloudflare Radar · Wappalyzer engine
10
VirusTotal consensus
2/95
vendors flagging
Partial detection
Aggregated detection across 95 security vendors.
Per-vendor breakdown not available — view raw report on VirusTotal ↗
11
Site performance
Site performance analysis
Google PageSpeed Insights — mobile audit of sim-pleswap.org
91
Good
Performance
FCP
2.72
First Contentful Paint
LCP
2.72
Largest Contentful Paint
CLS
0.017
Cumulative Layout Shift
TBT
0
Total Blocking Time
SI
3.39
Speed Index
12
Evidence & external reports
Security Analysis
13
Related domain reports
simpleswap-io.at
simpleswapdex.org
simpl-eswap.com
simples-wap.org
raydiumio.org
help-ledger.com
checkscrypto.com
manage-ledgrlive.pages.dev
Other domains on 176.125.242.151
More domains at Dynadot Inc
14
Were you affected by this site?
Were You Affected?
You are not alone and there is nothing to be ashamed of. Reporting is the most
powerful weapon against fraud — your report can prevent others from becoming victims.
Chainabuse
Report crypto wallet or phishing URL
FBI IC3
Report internet crime (US)
Europol
Report cybercrime (EU)
Domain Appeal
Contest this listing
Beware of recovery scammers! No legitimate service will ask for upfront payment
to recover stolen crypto. Learn more about recovery fraud →
Recommendations & Advice for Victims
- Do not pay anything else. Recovery agents demanding upfront fees are a second-stage scam.
- Disconnect compromised wallets. Move remaining funds to a fresh seed phrase generated offline.
- Preserve evidence. Screenshot transactions, save URLs, archive emails — chain-of-custody matters for prosecution.
- Report to authorities (see section 15 below) — even small reports help build case patterns.
- Notify your bank/exchange. Some chargebacks may still be possible within 24-72h.
15
Report to your local authorities
Your country (auto-detected)
International / Other
Email template — registrar abuse
To:
abuse@alexhost.com, abuse@dynadot.com
Registrar: Dynadot Inc Case: PD-PD-20260426-95749D
16
Embed this report
17
About this report
About this report: sim-pleswap.org
This domain security report is maintained by PhishDestroy's automated threat-intelligence pipeline. Our system continuously monitors this domain across 95 security vendors on VirusTotal and 3 public blocklists.
The site displays a page titled “SimpleSwap | Exchange Crypto | SimpleSwap io”.
sim-pleswap.org has been flagged by 2 security vendors as of May 17, 2026.
If you believe this listing is inaccurate, you can submit an appeal. For more information about our methodology, visit our FAQ page.