# unlswap-v3.wf — SUSPICIOUS

> unlswap-v3.wf mimics Uniswap v3 to steal crypto assets. Blocked by MetaMask after 3/95 vendors flagged it. Avoid connecting wallets to this fraudulent domain.

## Summary
PhishDestroy identifies unlswap-v3.wf as an active phishing domain posing as an Uniswap v3 interface to trick cryptocurrency users into connecting their wallets and authorizing malicious transactions. This domain leverages visual similarity to legitimate DeFi platforms to harvest private keys, seed phrases, or approve fraudulent token transfers. Blocked by MetaMask and SEAL, unlswap-v3.wf represents a clear and present danger to users attempting to access decentralized exchanges.  This domain resolves to IP 104.21.31.180, has been flagged by 3 out of 95 VirusTotal security vendors, and appears on two public blocklists. Registered through Dynadot Inc with a Let’s Encrypt SSL certificate, it exemplifies the low-cost, high-impact nature of modern crypto phishing campaigns. The use of a legitimate certificate issuer underscores how threat actors exploit trusted infrastructure to bypass basic security checks, while the presence on multiple blocklists confirms its malicious reputation.  Users who visited unlswap-v3.wf should immediately revoke any connected wallet permissions via blockchain explorers or wallet interfaces, transfer remaining assets to a new wallet, and scan devices for malware. Never interact with this domain or similar lookalikes. Always verify URLs through official project websites or trusted bookmarks before connecting wallets. Report the domain to your security team and consider blocking it at the network level to prevent further exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Dynadot Inc
- IP: 104.21.31.180

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/49448ce0-2d9e-48ff-a538-4429ccf5f30e
- PhishDestroy: https://phishdestroy.io/domain/unlswap-v3.wf/
- LLM endpoint: https://phishdestroy.io/domain/unlswap-v3.wf/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/unlswap-v3.wf/
Last updated: 2026-03-27