# en-defillama-swaap.pages.dev — MALICIOUS

> en-defillama-swaap.pages.dev is a high-risk crypto drainer flagged for phishing. Avoid interaction and stay informed with PhishDestroy insights.

## Summary
PhishDestroy identifies en-defillama-swaap.pages.dev as a high-risk crypto drainer domain involved in phishing attacks targeting cryptocurrency users. The domain was created recently on February 21, 2026, and is registered through Cloudflare, Inc.

Technical indicators include its resolution to IP 172.66.44.118, appearance on multiple security blocklists, and a SOCIAL_ENGINEERING flag by Google Safe Browsing. VirusTotal reports 13 out of 95 vendors flagging this domain. The site’s page title was noted as "Suspected phishing site | Cloudflare."

Currently, the domain is offline and has been taken down to prevent further harm. PhishDestroy recommends avoiding any interaction with this domain and monitoring for related threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.118
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["rihana.ns.cloudflare.com", "quincy.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a3f7f-9062-71b2-b992-3024a7bfee49.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/be128132-5a80-4c9b-8569-0630c65c4d46
- PhishDestroy: https://phishdestroy.io/domain/en-defillama-swaap.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-defillama-swaap.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-defillama-swaap.pages.dev/
Last updated: 2026-03-19