# whatifxchange.rewardsinwhatif.app — SUSPICIOUS

> whatifxchange.rewardsinwhatif.app poses as a WHATIFX DEX Aggregator crypto drainer with 0/95 VirusTotal detection. Avoid interacting with this domain.

## Summary
PhishDestroy identifies whatifxchange.rewardsinwhatif.app as a live crypto drainer impersonating the WHATIFX DEX Aggregator platform. This domain uses deceptive branding to trick cryptocurrency traders into connecting their wallets, ultimately siphoning digital assets through malicious smart contract interactions. The site’s SSL certificate is issued by Google Trust Services, lending a false sense of legitimacy, but the underlying infrastructure at IP 199.36.158.100 has not yet been flagged by most antivirus engines, as evidenced by VirusTotal’s 0 out of 95 detections.  The domain presents itself with the page title WHATIFX DEX Aggregator, directly mimicking a legitimate decentralized exchange aggregator. Registration data (not explicitly provided) combined with the recent appearance of the page suggests this is a newly created resource designed for short-lived malicious campaigns. The absence of blocklist detections indicates the campaign is still in early stages, exploiting the trust associated with WHATIFX branding to bypass user scrutiny. The IP address 199.36.158.100 is associated with broader hosting infrastructure that has been observed in prior crypto drainer operations, though no definitive attribution can be made based solely on current indicators.  Users who visited whatifxchange.rewardsinwhatif.app should immediately revoke any wallet connections made through the site using tools like WalletConnect or MetaMask’s connection manager. Disconnect the domain and clear browser cache and local storage to remove any session artifacts. Monitor wallet activity for unauthorized transactions and report any suspicious withdrawals to your wallet provider or block explorer. Consider using a hardware wallet or dedicated browser profile with limited permissions for future DeFi interactions. Report the domain to your antivirus vendor, browser security teams, and domain registrars like Google Trust Services to aid in takedown efforts and prevent further victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: WHATIFX DEX Aggregator

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 199.36.158.100

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/whatifxchange.rewardsinwhatif.app
- PhishDestroy: https://phishdestroy.io/domain/whatifxchange.rewardsinwhatif.app/
- LLM endpoint: https://phishdestroy.io/domain/whatifxchange.rewardsinwhatif.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/whatifxchange.rewardsinwhatif.app/
Last updated: 2026-04-07