# hqswap.cc — SUSPICIOUS

> hqswap.cc was identified as a medium-risk phishing domain and is now offline. Stay vigilant and verify URLs before sharing info.

## Summary
PhishDestroy has identified hqswap.cc as a generic phishing domain with a medium risk level. The domain was registered on February 21, 2026, and was used to facilitate phishing attempts targeting unsuspecting users. Classified under generic phishing, its primary purpose appeared to be credential harvesting or deceiving users into divulging sensitive information.

Technical analysis reveals that hqswap.cc resolved to the IP address 172.67.130.225 and was registered through NETIM SAS. VirusTotal flagged the domain by 4 out of 95 security vendors, and it appeared on one known security blocklist, indicating some recognition of its malicious activity. The domain's page returned a "522: Connection timed out" message at last check, suggesting that the phishing infrastructure was disrupted or taken down.

Currently, hqswap.cc remains offline, mitigating the immediate threat it posed. PhishDestroy recommends continued caution as threat actors may migrate to new domains. Users are urged to avoid clicking unknown links and verify URLs carefully to prevent exposure. Monitoring and timely takedown efforts like this help reduce risk but underline the need for ongoing vigilance against evolving phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: hqswap.cc | 522: Connection timed out

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NETIM SAS
- Country: FR
- IP: 172.67.130.225
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["felicity.ns.cloudflare.com", "lilyana.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01983d3e-8e08-740f-afa3-dc96f4005315.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2bf502d1-bbb3-4725-885f-17a96e5ae00d
- PhishDestroy: https://phishdestroy.io/domain/hqswap.cc/
- LLM endpoint: https://phishdestroy.io/domain/hqswap.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hqswap.cc/
Last updated: 2026-03-19