# cwdefender.com — SUSPICIOUS > cwdefender.com is a live crypto drainer mimicking CWDefender. Avoid this domain — verify on PhishDestroy. Resolves to 103.180.120.198. ## Summary PhishDestroy has identified cwdefender.com as an active crypto drainer impersonating CWDefender services. This domain was flagged for hosting malicious infrastructure designed to siphon cryptocurrency assets from unsuspecting users. The threat remains under investigation but exhibits clear indicators of malicious intent, warranting immediate attention from security teams and end-users alike. Given its recent creation and low detection rate, this domain poses a significant risk to anyone interacting with CWDefender-related services without proper verification. This domain resolves to IP address 103.180.120.198 and was registered through NameCheap, Inc. on June 05, 2025, with a Let’s Encrypt SSL certificate in place. VirusTotal currently shows 0 detections out of 95 engines, indicating it has evaded mainstream security tools. No blocklists or trust score data are publicly available at this time, which further elevates its risk profile. The domain’s recent registration and lack of reputation suggest opportunistic malicious activity, likely targeting users seeking legitimate CWDefender services. Mitigation for this crypto drainer threat requires immediate action. Users should avoid accessing cwdefender.com or any CWDefender-related domains without verifying their legitimacy through PhishDestroy or official channels. Security teams are advised to block the domain and its associated IP (103.180.120.198) at the network perimeter. Additionally, monitor for any outbound connections to this domain or IP, as compromised systems may attempt to communicate with the drainer. Educate users on the risks of downloading or interacting with unverified cryptocurrency tools, especially those distributed via social engineering or impersonation tactics. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-06-05 12:53:06 - Registrar: NameCheap, Inc. - IP: 103.180.120.198 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/cwdefender.com - PhishDestroy: https://phishdestroy.io/domain/cwdefender.com/ - LLM endpoint: https://phishdestroy.io/domain/cwdefender.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cwdefender.com/ Last updated: 2026-04-10