# tetherswap.cfd — SUSPICIOUS

> tetherswap.cfd is a crypto drainer phishing site impersonating Tether. Flagged by 1 of 95 VirusTotal vendors. Verify this link on PhishDestroy for safety.

## Summary
PhishDestroy identifies active crypto drainer phishing campaign on tetherswap.cfd (Unique Seed: 79699d). This domain is currently active and engineered to deceive users by mimicking legitimate cryptocurrency services, specifically targeting transactions involving Tether (USDT). The site leverages social engineering and fraudulent interfaces to trick users into authorizing malicious transactions that drain wallet funds without consent. Users who interact with this domain risk immediate financial loss due to unauthorized blockchain transactions.


This domain was flagged by 1 of 95 VirusTotal security vendors, indicating low but present detection across global threat intelligence platforms. Registered through WEBCC on November 30, 2025, tetherswap.cfd resolves to IP 188.114.97.3 and holds a valid SSL certificate issued by Google Trust Services. While SSL presence may imply legitimacy, the domain’s recent creation and low detection rate underscore its emergent and deceptive nature. Such combinations are typical of short-lived phishing domains designed to exploit trust before takedown.


As of current monitoring, tetherswap.cfd remains active and poses an elevated risk to cryptocurrency users. Immediate action is recommended: avoid accessing this domain or any links associated with it. Verify URLs through PhishDestroy or trusted threat intelligence feeds before engaging. If exposure occurs, review wallet transaction history immediately and revoke any unauthorized approvals. Block the domain at DNS/network level using 188.114.97.3 and the domain name. Report the incident to relevant wallet platforms and law enforcement if funds are compromised. Monitor for follow-on phishing attempts targeting the same victim profile. Proactive blocking and user awareness are critical to mitigating this active drainer campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-30 22:40:17
- Registrar: WEBCC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/172dcdf1-bd09-4a6a-8f58-3db2fdfe0255
- PhishDestroy: https://phishdestroy.io/domain/tetherswap.cfd/
- LLM endpoint: https://phishdestroy.io/domain/tetherswap.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tetherswap.cfd/
Last updated: 2026-03-27