# v4-uniswap.org — MALICIOUS

> PhishDestroy identifies v4-uniswap.org as a high-risk Uniswap impersonation domain that steals credentials. This deceptive site fooled 12 of 95 security engines.

## Summary
PhishDestroy identifies v4-uniswap.org as a high-risk domain engaged in active brand impersonation targeting Uniswap users. This site is explicitly designed to mimic the legitimate Uniswap interface with the goal of harvesting wallet credentials, private keys, and transaction approvals. Unsuspecting visitors who connect their wallets risk immediate loss of digital assets, including tokens and NFTs, due to fraudulent transaction approvals or direct fund drains. The domain leverages visual deception through URL similarity (e.g., “v4-uniswap.org”) to exploit user trust in the Uniswap brand, which is widely recognized across decentralized finance (DeFi) platforms.  

This domain was flagged by 12 out of 95 VirusTotal security vendors and has been blocked by multiple industry-leading security platforms including Codeesura, Polkadot, CryptoFirewall, ScamSniffer, and Enkrypt. It resolves to IP address 104.21.65.143 and was registered through Dynadot Inc on February 12, 2026. The domain appears on five independent security blocklists, indicating widespread recognition as a malicious entity. The SSL certificate is issued by Google Trust Services, which, while valid for encryption, does not validate the legitimacy of the domain itself — a common tactic used by impersonation sites to appear trustworthy. The combination of a newly registered domain, low trust score, and active impersonation behavior places users at severe risk of financial exploitation.  

To mitigate exposure to this threat, users should immediately cease any interaction with v4-uniswap.org and remove it from bookmarks or saved links. Always verify the correct domain for Uniswap, which is uniswap.org, and confirm the URL in official communications or through trusted sources. Use browser-based security extensions like ScamSniffer or Enkrypt, which already block this domain, and enable wallet transaction simulation tools to preview smart contract interactions before approval. If you have previously connected your wallet to this site, revoke any unauthorized token approvals via reputable tools such as revoke.cash or Etherscan’s Token Approval tool, and consider transferring remaining assets to a new wallet. Report the domain to Uniswap’s official support channels and file complaints with Dynadot Inc and relevant cybercrime units to aid in takedown efforts. Remain vigilant: brand impersonation in DeFi is a rapidly evolving threat, and only verified, bookmarked links should be trusted for accessing financial platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Uniswap

## Domain Intelligence
- Registered: 2026-02-12 13:49:00
- Registrar: Dynadot Inc
- IP: 104.21.65.143

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 5 hits
  Lists: ["Codeesura", "Polkadot", "CryptoFirewall", "ScamSniffer", "Enkrypt"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0b9ca542-00a9-4150-ae7b-eb0e457b1d83
- PhishDestroy: https://phishdestroy.io/domain/v4-uniswap.org/
- LLM endpoint: https://phishdestroy.io/domain/v4-uniswap.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/v4-uniswap.org/
Last updated: 2026-04-12