# tsw-secure.site — SUSPICIOUS

> tsw-secure.site is a credential phishing domain mimicking a secure portal. VirusTotal shows 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies tsw-secure.site as an active credential phishing domain designed to impersonate a security portal and harvest user login details.

This domain was flagged for credential phishing with a VirusTotal detection score of 0/95, indicating no current anti-virus coverage. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain resolves to IP 172.67.150.73 and was created on April 06, 2026. It currently appears on 2 security blocklists and employs a Let's Encrypt SSL certificate.

The domain remains active despite being blocked by MetaMask and SEAL. While the immediate risk is mitigated for these platforms, the lack of detections and recent domain creation suggest potential for broader abuse. SOC teams are advised to monitor for related infrastructure and block this domain at the network perimeter. Remaining risk is classified as under investigation pending further intelligence or takedown actions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-06 10:44:16
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.150.73

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/tsw-secure.site
- PhishDestroy: https://phishdestroy.io/domain/tsw-secure.site/
- LLM endpoint: https://phishdestroy.io/domain/tsw-secure.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tsw-secure.site/
Last updated: 2026-04-07