# sunswaap-v2-io-us.pages.dev — SUSPICIOUS

> sunswaap-v2-io-us.pages.dev hosts a crypto drainer impersonating Sunswap V2. Verify URL safety on PhishDestroy. 0/95 VirusTotal detections detected.

## Summary
PhishDestroy identifies sunswaap-v2-io-us.pages.dev as an active crypto drainer campaign using a generic phishing threat vector. The domain mimics the legitimate Sunswap V2 platform, likely targeting cryptocurrency users by redirecting victims to a fraudulent interface that drains digital assets. The infrastructure leverages a Pages.dev subdomain, a common tactic for phishing operations due to the perceived trustworthiness of Cloudflare's ecosystem. The domain was registered through Cloudflare, Inc., and resolves to IP 188.114.96.3, which is part of Cloudflare's IP range. No specific drainer kit or brand impersonation beyond Sunswap V2 has been confirmed at this stage, but the domain's naming convention suggests a focus on decentralized finance (DeFi) users.

Technical indicators reveal a significant risk profile despite low current detection rates. VirusTotal reports 0 detections out of 95 scans, indicating that traditional antivirus and security tools have not yet flagged the domain. The SSL certificate is issued by Google Trust Services, which may temporarily lend credibility to the site. The domain's registrar is Cloudflare, Inc., and the IP resolution points to Cloudflare's infrastructure, often used to obscure malicious activity. No blocklist counts or Google Safe Browsing (GSB) status are available, but the absence of detections suggests this campaign is either newly launched or employs evasion techniques. The creation date and additional WHOIS details remain under investigation.

The campaign is currently active, with no confirmed takedowns or blocks at this time. PhishDestroy has flagged this domain under seed 82e938, and further analysis is underway to determine the drainer kit's origin and distribution methods. Users are advised to avoid interacting with sunswaap-v2-io-us.pages.dev and verify any URLs through PhishDestroy before engaging. The remaining risk is high due to the domain's active status, low detection rates, and potential to deceive cryptocurrency users. Immediate action is recommended to prevent asset loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/sunswaap-v2-io-us.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/sunswaap-v2-io-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sunswaap-v2-io-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sunswaap-v2-io-us.pages.dev/
Last updated: 2026-04-09