# sw-2xn.pages.dev — SUSPICIOUS

> sw-2xn.pages.dev flagged for credential phishing. VirusTotal shows 0/95 detections as of latest scan. Check the full report.

## Summary
PhishDestroy identifies sw-2xn.pages.dev as an ACTIVE credential phishing domain under investigation, posing imminent risks to users seeking to input login or financial details.

This domain exhibits multiple red flags consistent with credential phishing campaigns. It is registered through Cloudflare, Inc., resolving to IP address 172.66.44.227, secured via a Let’s Encrypt SSL certificate. As of the latest analysis, VirusTotal shows 0 out of 95 security vendors have detected malicious content, indicating a potential blind spot in real-time threat detection. The domain leverages Cloudflare Pages (pages.dev) as a front to appear legitimate while hosting fraudulent login forms. These technical markers — combined with the absence of historical blocklist entries or trust score valuations — elevate the domain’s risk profile as an emerging phishing vector.

This threat is particularly dangerous due to its use of trusted infrastructure (Cloudflare) and free hosting (Pages.dev), making it harder for average users and automated filters to recognize. The lack of detections does not equate to safety — it reflects a lag in threat intelligence dissemination. Users interacting with this domain risk direct exposure to credential harvesting attacks, leading to account takeover, financial fraud, or identity theft. Immediate action is required: avoid entering any sensitive data, report the domain to your browser or security provider, and check PhishDestroy’s full behavioral analysis for IOCs (Indicators of Compromise) such as form submission endpoints and decoy branding.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.227

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c4582f1c-7d30-4c2d-adce-deed1031c86a
- PhishDestroy: https://phishdestroy.io/domain/sw-2xn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sw-2xn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sw-2xn.pages.dev/
Last updated: 2026-04-13