# vaulta-swap.pages.dev — SUSPICIOUS

> PhishDestroy flags vaulta-swap.pages.dev as a crypto-currency swap phishing page. VT shows 0/95 detections. Review full report now.

## Summary
PhishDestroy identifies vaulta-swap.pages.dev as an active DeFi wallet-stealing phishing site posing as a swap platform. The domain is specifically engineered to harvest seed phrases and private keys under the guise of enabling token swaps, making it a high-risk wallet attack vector rather than a generic credential phishing page. Users who connect wallets may have funds drained within minutes of interaction.

This domain was flagged by PhishDestroy after validation against multiple threat intelligence feeds. SSL certificate is issued by Google Trust Services LLC, the domain is registered through Cloudflare, Inc., and the site resolves to IP 188.114.96.3. VirusTotal currently shows 0 out of 95 security vendors detecting the threat, indicating it has not yet been widely blacklisted despite active malicious activity. The site leverages a Cloudflare Pages.dev subdomain to appear legitimate while hosting fraudulent swap interface code designed to log wallet connections and prompt for sensitive recovery phrases.

To mitigate risk, users should avoid visiting vaulta-swap.pages.dev and never enter wallet credentials or recovery phrases into any page that resembles this domain or functionality. If you have already connected a wallet, immediately revoke all permissions via your wallet’s connection manager and transfer remaining funds to a clean wallet. Report the domain to your antivirus vendor, browser security team, and crypto community watchdogs to help increase detection coverage. Always double-check URLs, verify SSL certificates, and use hardware wallets or trusted interface extensions like Ledger Live or MetaMask’s official site for all DeFi operations.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eec04012-2b55-47e8-9156-72c165113bcf
- PhishDestroy: https://phishdestroy.io/domain/vaulta-swap.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/vaulta-swap.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/vaulta-swap.pages.dev/
Last updated: 2026-03-27