# biswapmain.pages.dev — SUSPICIOUS > Beware: biswapmain.pages.dev is a crypto drainer impersonating Biswap. Only 0/95 VirusTotal engines detected it so far. Verify on PhishDestroy. ## Summary PhishDestroy identifies an active crypto drainer campaign operating from the domain biswapmain.pages.dev, currently classified as a high-risk threat under seed 89cd54. This fraudulent site mimics the legitimate Biswap platform, aiming to trick users into connecting crypto wallets and draining funds. Unlike generic phishing pages, this domain employs a crypto-specific attack vector designed to exploit user trust in decentralized finance (DeFi) interfaces. The threat actor leverages Cloudflare Pages to host the phishing kit, ensuring rapid deployment and evasion of early detection systems. With no detections recorded on VirusTotal as of this report, the domain remains under active circulation, targeting cryptocurrency users who may overlook verification steps. The SSL certificate issued by Google Trust Services adds superficial legitimacy, while the underlying infrastructure resolves to Cloudflare IP 172.66.47.4, a known hosting range for malicious campaigns. This domain was flagged within 24 hours of its registration, with VirusTotal showing 0 detections across 95 scanning engines—indicating that signature-based defenses have not yet caught up to this threat. The domain biswapmain.pages.dev was registered through Cloudflare, Inc., a common tactic among threat actors seeking to obscure their identity behind anonymized registrations. Cloudflare Pages, the platform used to host this campaign, allows for quick setup of phishing pages that bypass traditional web hosting scrutiny. The domain’s recent creation and lack of detections highlight the importance of proactive threat intelligence; by the time automated defenses catch up, users may have already fallen victim. The use of a legitimate-looking subdomain (pages.dev) further lowers suspicion, appealing to users who may not inspect the URL closely. If you visited biswapmain.pages.dev or entered any credentials or connected a wallet, immediately disconnect your wallet from the site and revoke any unauthorized permissions through your wallet’s connected apps menu. Do not interact with any prompts or transaction requests originating from this domain. Use a separate browser profile or device for DeFi activities and enable hardware wallet signing where possible. Report the domain to PhishDestroy for takedown and share any transaction hashes or wallet addresses linked to this site to aid in tracking the threat actor. Monitor your wallet’s transaction history for unauthorized transfers and consider transferring remaining funds to a cold wallet if suspicious activity is detected. Always verify URLs against official sources and never follow links from unsolicited messages or third-party advertisements. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.4 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1a67bf2f-a995-4d45-880e-c64db563be3f - PhishDestroy: https://phishdestroy.io/domain/biswapmain.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/biswapmain.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/biswapmain.pages.dev/ Last updated: 2026-03-30