# swg-go.ru — SUSPICIOUS

> swg-go.ru hosts a cryptocurrency drainer impersonating a legitimate service. Verify safety on PhishDestroy before entering any wallet details or making.

## Summary
PhishDestroy identifies swg-go.ru as a live cryptocurrency drainer domain first observed on January 07, 2026. The domain mimics a legitimate crypto service to trick users into connecting fraudulent wallet drainers. Technical telemetry indicates the actor uses a prepacked drainer kit designed to siphon digital assets once wallet permissions are authorized. No known brand impersonation has been confirmed as of this report, but the generic nature of the domain suggests opportunistic targeting rather than a focused campaign against a specific exchange or wallet provider.  

This domain was flagged with a VirusTotal detection score of 0/95 engines at time of analysis, indicating it remains under the radar of most scanning tools. It resolves to IP address 194.58.91.46, is registered through REGRU-RU, and holds a valid SSL certificate issued by GlobalSign nv-sa. The domain was created just days ago, making it a fresh entry in the threat landscape. As of now, it has not been listed on any major blocklist, further contributing to its low visibility. Despite the absence of detections, its recent registration and lack of historical reputation strongly indicate malicious intent.  

swg-go.ru is currently classified as active with a status of under_investigation. PhishDestroy has initiated automated takedown requests and is monitoring for changes in behavior or infrastructure. While the immediate risk is moderate due to low detection coverage, users are advised to treat any interaction with this domain as highly suspicious. The registrar and hosting provider have been notified. Users should avoid visiting the site, especially to connect wallets or enter seed phrases. Remaining risk is elevated due to the domain's novelty, SSL validation, and lack of filtering in most security products. Continuous monitoring is in effect, and updates will be issued if new intelligence emerges.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-01-07 12:27:33
- Registrar: REGRU-RU
- IP: 194.58.91.46

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/swg-go.ru
- PhishDestroy: https://phishdestroy.io/domain/swg-go.ru/
- LLM endpoint: https://phishdestroy.io/domain/swg-go.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/swg-go.ru/
Last updated: 2026-04-05