# simple-direction-305248.framer.app — MALICIOUS

> This phishing site impersonated Microsoft to steal crypto assets. The domain is now offline but flagged by multiple security vendors. Stay vigilant.

## Summary
PhishDestroy identifies the domain simple-direction-305248.framer.app as a high-risk crypto drainer phishing site impersonating Microsoft. The page title 'Sign in to your account' was used to lure victims into providing sensitive credentials linked to cryptocurrency wallets. Registered recently, this domain targeted users with an urgent and deceptive login prompt to capture private keys and other confidential information.

Technical indicators show the domain resolved to IP address 52.223.52.2 and was registered through CSC Corporate Domains, Inc., a common registrar for quick phishing setups. VirusTotal flagged this domain by 17 out of 95 security vendors, corroborating its malicious intent. The domain was included in one security blocklist, indicating recognition within the cyber defense community. Its creation date, February 21, 2026, suggests a recent and likely automated phishing campaign targeting Microsoft users.

Currently, the domain is offline, reflecting response actions to disrupt its operations and prevent further harm. While this particular threat is neutralized, users are urged to remain cautious of similar Microsoft impersonation attempts, especially those requesting crypto wallet access. Continuous monitoring and threat intelligence sharing remain critical to defending against evolving phishing schemes.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Microsoft
- Page title: Sign in to your account

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2026-10-02 00:00:00
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 52.223.52.2
- IP Country: US
- IP City: Seattle
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns-1371.awsdns-43.org ns-2002.awsdns-58.co.uk ns-51.awsdns-06.com ns-625.awsdns-14.net
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "Cluster25", "CRDF", "CyRadar", "Ermes", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bf7a6-c1e7-756a-bdbe-9db3daac9a1a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/43d97a0d-316d-4c83-a88c-6be1697993e7
- Wayback Machine: https://web.archive.org/web/https://simple-direction-305248.framer.app
- PhishDestroy: https://phishdestroy.io/domain/simple-direction-305248.framer.app/
- LLM endpoint: https://phishdestroy.io/domain/simple-direction-305248.framer.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/simple-direction-305248.framer.app/
Last updated: 2026-03-19