# swiftauthapps.pages.dev — SUSPICIOUS > swiftauthapps.pages.dev hosts a crypto drainer impersonating SwiftAuth. Verify this scam site on PhishDestroy to protect your assets. VT: 0/95 ## Summary Domain swiftauthapps.pages.dev was flagged as an active crypto drainer scam by PhishDestroy’s automated analysis pipeline. The threat is classified under generic_phishing with a risk status of under_investigation. This domain impersonates SwiftAuth, a legitimate authentication service, to trick users into connecting crypto wallets under the guise of token verification or authentication. No custom drainer kit artifacts were identified in the initial scan, suggesting the deployment of a commoditized drainer script hosted on Cloudflare Pages. Technical indicators confirm this domain’s malicious nature. VirusTotal shows 0 detections out of 95 engines as of the latest scan. The domain resolves to IP 172.66.44.165 via Cloudflare, Inc., which is consistent with known abuse patterns leveraging Cloudflare’s Pages or Workers services. The SSL certificate is issued by Google Trust Services, further obscuring malicious infrastructure by using a legitimate CA. Creation date and additional WHOIS details remain unverified due to Cloudflare’s WHOIS privacy protections. The domain has not yet been processed by Google Safe Browsing (GSB). It currently remains unlisted on major blocklists such as PhishTank or OpenPhish, indicating early-stage deployment or low reporting volume. The domain is currently active and propagating across social engineering vectors including fake login portals and fake authentication pages. PhishDestroy has flagged this domain with seed 01c5aa and assigned a risk level of under_investigation due to limited behavioral telemetry. No takedown actions have been confirmed as of this report. Users are advised to avoid interacting with swiftauthapps.pages.dev and to verify unknown domains using PhishDestroy’s real-time scanner. The remaining risk is moderate, as the drainer remains undetected by antivirus engines and lacks historical blocklist coverage. SwiftAuth users should be particularly cautious of domains referencing their brand in URLs. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.165 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a1fd0a68-951f-4a5d-b67c-69e597d07c5d - PhishDestroy: https://phishdestroy.io/domain/swiftauthapps.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/swiftauthapps.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/swiftauthapps.pages.dev/ Last updated: 2026-03-27