# paintswap.xyz — MALICIOUS — Crypto Drainer (Angel Drainer)

> paintswap.xyz is a medium-risk crypto drainer scam using Angel Drainer kit. Domain now offline; avoid claiming tokens here.

## Summary
PhishDestroy identifies paintswap.xyz as a medium-risk crypto drainer domain impersonating a legitimate PaintSwap token airdrop portal. The site aimed to deceive users into connecting their wallets and inadvertently draining their crypto assets through malicious scripts tied to the Angel Drainer kit. Victims faced potential loss of digital funds by interacting with this fraudulent platform claiming easy token claims.

Infrastructure analysis reveals paintswap.xyz was registered via ERANET INTERNATIONAL LIMITED and resolved to IP 188.114.96.3. It appeared on four distinct security blocklists and was flagged by three out of ninety-five VirusTotal security vendors before being taken offline. The domain was created recently on December 12, 2025, indicating a swift launch designed to exploit unsuspecting cryptocurrency users seeking airdrop opportunities.

Users are strongly advised to avoid interacting with paintswap.xyz or any similar suspicious airdrop portals requesting wallet access. Always verify official channels before submitting sensitive credentials or signing transactions. In case of any interaction with this domain, users should immediately review their wallet activity and consider revoking permissions granted through wallet providers. Staying cautious and verifying legitimacy can prevent falling victim to crypto draining scams like paintswap.xyz.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: PaintSwap Airdrop Portal – How to Claim PaintSwap Tokens

## Domain Intelligence
- Registered: 2025-12-12 18:08:55
- Registrar: ERANET INTERNATIONAL LIMITED
- Country: CN
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: celine.ns.cloudflare.com peyton.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Forcepoint ThreatSeeker", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b1a83-94c2-747b-8433-6ca5f4c7edad.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/342f0f87-b740-4bdd-8b60-0b0dd28cc8d6
- PhishDestroy: https://phishdestroy.io/domain/paintswap.xyz/
- LLM endpoint: https://phishdestroy.io/domain/paintswap.xyz/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/paintswap.xyz/
Last updated: 2026-03-19