swyftx.system-tools-hub.com

https://swyftx.system-tools-hub.com/8szww?utm_campaign=JQ_669689246230011_0203_Land374.1_abo_rem_1-2-2&fbid=1213981274182747&utm_content=17swftx150xrp5en_17swftx150xrp3en&cid=1_Pur_701_AuNz_2560_M&bid=BID&subid=2hf5i5.343.11kag

172.67.189.207 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

77 days

HTTP

200 · 19.0s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Screenshot of swyftx.system-tools-hub.com

Zoom

Title: "Swyftx: Crypto Exchange, Buy & Sell Crypto"

Save

Domain Intelligence: system-tools-hub.com

Scanned 3 times since Mar 3, 2026, 06:28 AM UTC

✗ Critical (100)

Registered-domain escalation suggested

Suggested now

Submit system-tools-hub.com as the primary IOC, enriched with evidence from hostile subdomains like swyftx.system-tools-hub.com.

2 hostile subdomains across 3 completed scans were observed under this registered domain. Recent hosts: swyftx.system-tools-hub.com, ethereum.system-tools-hub.com.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (1)—

swyftx-clone-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

Swyftx

Credential Phishing

finance | technology | ecommerce | cryptocurrency · 4/5/2026

Summary

This page at swyftx.system-tools-hub.com presents Swyftx branding and a Swyftx page title, but the domain is a subdomain of system-tools-hub.com and not the legitimate Swyftx domain. The page uses SPA techniques with multiple external scripts and assets mimicking Swyftx’s UI, suggesting an impersonation designed to harvest credentials. The domain name signals and page title strongly indicate Swyftx brand cloning, with a likely credential collection flow embedded in JavaScript bundles.

Attack Techniques (4)

Typosquat/brand impersonation using a domain containing the target brand name (swyftx in swyftx.system-tools-hub.com)Cloned SPA-like UI loaded via external JavaScript assets to render credentials capture forms dynamicallyBrand assets (logo, page title) loaded to resemble Swyftx; external analytics/scripts (PostHog, Cloudflare beacon) to evade detection and exfiltrate dataZero static authentication form in initial HTML; credential capture likely rendered by SPA scripts

Indicators of Compromise (6)

▸DOMAIN: swyftx.system-tools-hub.com (contains brand name swyftx) — IOC

▸PAGE_TITLE: Swyftx: Crypto Exchange, Buy & Sell Crypto — matches impersonation of Swyftx

▸NETWORK: assets/index-DYk4ZIO9.js, analytics-bundle.js, logo-ulcveZNW.svg loaded from the impersonation domain

▸SSL: certificate issued to system-tools-hub.com; domain age 77 days (new-ish) with impersonation context

▸Iframes: chatwoot.widget referencing external domain for chat, potentially used for exfiltration or social engineering

▸Multiple PostHog analytics calls indicating data collection and beaconing from SPA

Risk AssessmentUsed in abuse reports

The page is highly suspicious for credential harvesting. The domain contains the target brand, while the visible UI and page title impersonate Swyftx. Even though the static HTML lacks a form, the SPA-rendered forms are likely loaded via the index-DYk4ZIO9.js bundle, which is consistent with credential phishing flows. The site is served behind a Cloudflare IP and uses PostHog analytics for data collection, plus an embedded chat widget which could be leveraged for social engineering. The SSL certificate is valid but issued to the host domain, not Swyftx, and the domain age is relatively short (77 days), further signaling a risk of impersonation. This is a high-confidence credential-phishing attempt aimed at Swyftx users.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence