# PhishDestroy threat dossier — appswap.org ================================================================ Fetched: 2026-06-26 00:07:11 UTC Canonical: https://phishdestroy.io/domain/appswap.org/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 16/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, BitDefender, CRDF, CyRadar, Ermes, ESET, Forcepoint ThreatSeeker, Fortinet, G-Data, Google Safebrowsing, Gridinsoft, Kaspersky, Lionic, SOCRadar, Sophos, VIPRE AlienVault OTX: 4 pulses (threat-intel feed mentions) Public blocklists: listed on 5 independent blocklists Google Safe Browsing: FLAGGED ## INFRASTRUCTURE ---------------------------------------------------------------- Registrar: Internet Domain Service BS Corp Nameservers: ["elisabeth.ns.cloudflare.com", "fred.ns.cloudflare.com"] Registered: 2026-06-08 Expires: 2027-06-06 HTTP response: 403 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-08 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-09 05:31:07 UTC (by PhishDestroy tracker) First reported: 2026-06-15 03:00:22 UTC (abuse notice filed) Last verified: 2026-06-26 02:02:53 UTC Current status: ACTIVE / observable ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-26 01:52:17 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is flagged as a high-risk phishing site specifically designed to target users of cryptocurrency wallet services. Analysis indicates the site presents itself as a legitimate cryptocurrency swap portal, tricking visitors into entering sensitive credentials such as wallet private keys or recovery phrases. The fraudulent interface closely mimics authentic swap platforms, increasing the likelihood of successful deception for users attempting to exchange digital assets. Infrastructure analysis reveals multiple concrete indicators of malicious activity. The domain was registered on June 08, 2026, through Internet Domain Service BS Corp, a registrar frequently associated with fraudulent operations. Security vendor detections stand at 16 out of 95 on VirusTotal, with additional flags from Google Safe Browsing for social engineering tactics. The domain appears on five distinct security blocklists and has been included in four threat intelligence pulses within the AlienVault OTX platform. Despite using a Google Trust Services SSL certificate, which provides an illusion of legitimacy, the domain remains actively blocked by multiple security providers. Users who have visited appswap.org should take immediate action to secure their assets. First, disconnect any cryptocurrency wallets that may have interacted with the site. Generate new wallet addresses and transfer any remaining funds to these new addresses from a secure device. Enable multi-factor authentication on all accounts associated with cryptocurrency services. Monitor transaction histories for unauthorized activity and report any suspicious transactions to the respective platform. If credentials were entered, consider all exposed information compromised and avoid reusing passwords or recovery phrases. Security professionals recommend conducting a full system scan to detect potential malware infections that may have resulted from visiting the site. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/appswap.org/ JSON API: https://api.destroy.tools/v1/check?domain=appswap.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 170,042 domains (12,239 alive under monitoring, 157,244 confirmed takedowns/dead). Site: https://phishdestroy.io