# base-swap-dex.pages.dev — SUSPICIOUS

> PhishDestroy flags base-swap-dex.pages.dev as a crypto drainer impersonating Base. VT 1/95 vendors detect the threat.

## Summary
PhishDestroy identifies base-swap-dex.pages.dev as an active brand impersonation scam targeting users of Base, a Layer 2 Ethereum scaling solution. The domain operates with an elevated risk level and is confirmed to mimic the official Base brand, likely to deceive visitors into connecting crypto wallets to a malicious drainer. This threat is particularly dangerous for users seeking decentralized exchange (DEX) services, as the impersonation could lead to unauthorized fund transfers or credential theft. The domain’s structure and branding are designed to exploit trust in the Base ecosystem, making it a high-priority threat for security researchers and everyday users alike.  

This domain was flagged by PhishDestroy with an elevated risk rating, and further analysis reveals a 1/95 detection rate on VirusTotal, indicating minimal but present recognition by security vendors. The domain resolves to IP address 172.66.47.87, registered through Cloudflare, Inc., a common tactic to obscure hosting details. The SSL certificate is issued by Google Trust Services, which does not inherently validate legitimacy but adds a superficial layer of trust. While the exact registration date is not provided, the domain’s use of Cloudflare’s Pages.dev service suggests recent creation, a frequent choice for threat actors seeking quick, disposable infrastructure. The low VirusTotal detection rate highlights the challenge of identifying such impersonation scams promptly, as threat actors continuously adapt their tactics to evade detection.  

To mitigate the risk posed by base-swap-dex.pages.dev, users should immediately cease any interaction with the domain and avoid clicking links or downloading files from it. For those who may have already engaged, disconnecting crypto wallets from the site and revoking any suspicious permissions is critical. Security researchers and organizations should block the IP address 172.66.47.87 and the domain at the network level to prevent further exposure. Additionally, verifying the legitimacy of DEX services through official channels—such as the Base Foundation’s verified social media or website—is essential before proceeding with any transactions. PhishDestroy encourages users to report such domains to contribute to collective threat intelligence and improve detection rates for the broader cybersecurity community.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Base

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.87

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f38c840c-0ce3-41c8-943a-3bacf33691a5
- PhishDestroy: https://phishdestroy.io/domain/base-swap-dex.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/base-swap-dex.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/base-swap-dex.pages.dev/
Last updated: 2026-04-11