# swisborg-walletauth.webflow.io — MALICIOUS > PhishDestroy identifies swisborg-walletauth.webflow.io as an active crypto drainer targeting wallets. Check the full report for IOCs and TTPs. ## Summary PhishDestroy identifies swisborg-walletauth.webflow.io as an elevated-risk crypto drainer campaign actively harvesting private keys and tokens. The domain masquerades as a legitimate wallet authentication portal, luring victims with false claims of enhanced security or transaction validation. This strain specifically targets cryptocurrency holders by prompting wallet connections under the guise of identity verification, then exfiltrating funds via malicious smart contract interactions. This domain was flagged by 11 out of 95 VirusTotal security vendors, indicating moderate detection but clear malicious intent. It resolves to IP 104.18.36.248 and leverages a Google Trust Services SSL certificate to appear legitimate. The infrastructure is hosted on Webflow’s subdomain service, which has been exploited to deploy phishing kits rapidly. Historical WHOIS data reveals the domain was created recently, though exact creation date is obscured by privacy protections. It has not yet propagated widely across major blocklists such as Google Safe Browsing or PhishTank, suggesting an emerging but highly targeted threat. Mitigation for this crypto drainer requires immediate action: users must avoid clicking links or connecting wallets to unsolicited authentication prompts. Enable hardware wallet signing for all transactions and revoke any unauthorized smart contract approvals via tools like Etherscan’s token approval checker. Organizations should deploy real-time DNS filtering to block access to this domain and its IP, while threat hunters should monitor for similar Webflow-hosted drainers using seed f19a37 as a behavioral indicator. Always verify endpoints via official channels and never input private keys or seed phrases into web forms. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0ef330be-3493-4f55-94d2-373edc256308 - PhishDestroy: https://phishdestroy.io/domain/swisborg-walletauth.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/swisborg-walletauth.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/swisborg-walletauth.webflow.io/ Last updated: 2026-04-01