# sunswap.one — SUSPICIOUS

> sunswap.one is a newly minted DeFi phishing site (registered March 10, 2026) that slips past 95 scanners while pushing fake liquidity pools to steal wallet.

## Summary
PhishDestroy identifies sunswap.one as an active browser-based theft campaign specifically targeting users of decentralized finance (DeFi) platforms. The site masquerades as a legitimate swap and liquidity-provision interface, luring victims into connecting their cryptocurrency wallets and signing malicious transactions that drain balances without consent. At the moment of writing, the domain resolves to 185.196.9.115 and is shielded by a Let’s Encrypt certificate, adding a veneer of legitimacy that can trick even security-conscious users.  

This domain was flagged after rigorous VirusTotal analysis returned 0 detections out of 95 security engines on March 12, 2026. Public registration records show the domain was created on March 10, 2026 through GoDaddy.com, LLC, placing it only two days old at the time of detection. The combination of a freshly registered domain, low AV coverage, and a legitimate SSL certificate is a textbook early-stage phishing signature that threat actors leverage to harvest wallet private keys or authorization signatures before detection catches up.  

If you visited sunswap.one, immediately revoke any wallet connections via your wallet’s “Connected Apps” or “DApp Browser” settings and transfer remaining assets to a new address. Do not interact with any further prompts or transactions from this domain. Report the URL to your browser’s phishing reporting tool and consider running a malware scan to rule out additional payloads. For future protection, bookmark official DeFi URLs directly and enable wallet transaction simulation features that preview contract calls before signing.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-10 23:40:34
- Registrar: GoDaddy.com, LLC
- IP: 185.196.9.115

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/74d5d05a-c6d6-4f38-b69f-791dbba83bd6
- PhishDestroy: https://phishdestroy.io/domain/sunswap.one/
- LLM endpoint: https://phishdestroy.io/domain/sunswap.one/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sunswap.one/
Last updated: 2026-03-22