# tp-swap1.pages.dev — SUSPICIOUS > tp-swap1.pages.dev is a live crypto drainer phishing site with 0/95 VirusTotal detections. Avoid this Cloudflare-hosted scam impersonating a swap service. ## Summary PhishDestroy identifies tp-swap1.pages.dev as an active crypto drainer domain designed to trick users into connecting crypto wallets and approve malicious transactions. The page mimics a legitimate swap service interface but contains hidden scripts that drain tokens when wallet permissions are granted. This is a high-risk threat because it directly targets cryptocurrency assets, which are irreversible once stolen. The domain uses a Google Trust Services SSL certificate to appear legitimate, but the backend behavior is malicious. Users who interact with this page risk losing all funds in connected wallets, especially if they approve token approval transactions. This domain was flagged by PhishDestroy with a risk status of active under investigation. It was registered through Cloudflare, Inc. and resolves to IP 172.66.47.102. VirusTotal currently shows 0 out of 95 security engines detecting this domain, meaning it remains under the radar of most antivirus systems. The domain was created recently and is hosted on Cloudflare Pages, a legitimate service often abused by threat actors to deploy phishing pages quickly. The combination of a recent creation date, low detection rate, and hosting on a trusted platform makes this domain particularly dangerous for unsuspecting users. If you visited tp-swap1.pages.dev, immediately disconnect your wallet from any dApps or websites and revoke any token approvals you may have granted. Use blockchain explorers like Etherscan or BscScan to check your wallet’s ‘Approvals’ section and revoke any suspicious contract permissions. Do not interact with any further prompts or transactions from this domain. Report the domain to your antivirus provider and consider changing wallet credentials if you entered any information. Always verify URLs before connecting wallets and use hardware wallets for critical transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.102 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ba0c2ee2-e149-412b-a0ae-47ea3b1202d8 - PhishDestroy: https://phishdestroy.io/domain/tp-swap1.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/tp-swap1.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tp-swap1.pages.dev/ Last updated: 2026-03-21