swapdev.clovernode.com
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of swapdev.clovernode.com
The domain swapdev.clovernode.com appears to host a cryptocurrency-themed web application presented as a "Uniswap Interface." Based on the page title, layout, and screenshot, the site appears to imitate or replicate a token-swapping interface where users may be prompted to connect a cryptocurrency wallet and select assets for exchange. The visible navigation items such as Swap, Pool, Vote, and Charts are consistent with decentralized-finance interfaces.
The site is served from a subdomain rather than an obvious official brand domain, and the available scan data does not identify a clearly disclosed operator on the homepage. It appears to be hosted on GitHub infrastructure and uses a valid HTTPS certificate, which suggests it may be a static web application deployment. Based on the branding shown, the page may be attempting to present itself as related to the Uniswap ecosystem, but the scanned domain itself is not an obvious official Uniswap domain.
Safety Assessment for swapdev.clovernode.com
Multiple security signals raise concern here. At the time of this scan, 16 out of 91 security engines flagged the domain, with many classifying it as phishing or otherwise malicious. The page also appears to use the name and visual style of a well-known cryptocurrency platform while operating from an unrelated subdomain, which may indicate brand impersonation or a wallet-credential harvesting setup. Although the malware scan did not detect malicious files in the small set of scanned assets, that does not rule out phishing behavior because credential theft and fraudulent wallet prompts often rely on page design and user interaction rather than downloadable malware.
Blacklist and threat-database results were mixed at the time of this scan. Major content-focused threat databases in the provided data did not report a listing, but the domain's IP address was listed on one mail-reputation blocklist, which is a weaker signal and not by itself proof of harmful website content. Even so, the broader multi-engine phishing consensus is a much stronger indicator in this case than the clean file scan or the single DNSBL listing.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid Let's Encrypt SSL certificate with an expiry in September 2026, and it is hosted on GitHub infrastructure at IP address 185.199.110.153. The domain uses Cloudflare as registrar and Cloudflare nameservers, while the web server identifies as GitHub.com. This combination is commonly used for static-site deployments and can support legitimate projects, but it can also be used to publish convincing phishing pages quickly.
DNSSEC appears to be unsigned, which is not uncommon but means there is no added DNS integrity protection visible in the provided data. No malicious files or flagged external links were identified in the limited malware scan, and no iframes were present. The main technical concern is therefore not exploit delivery but the apparent phishing-style presentation and wallet-connection prompt on a non-official-looking subdomain.
Share your experience with this website. Was it safe? Did you encounter any issues?