# allocation-solaxy.io — MALICIOUS

> allocation-solaxy.io hosts a medium-risk phishing campaign posing as a $SOLX token airdrop. Avoid interacting; site is offline now.

## Summary
PhishDestroy classifies allocation-solaxy.io as a medium-risk generic phishing threat. The domain was used to lure victims with a deceptive page titled "Solaxy Token: $SOLX Airdrop is Live," aiming to trick users into providing sensitive information under the pretense of a cryptocurrency giveaway.

Supporting intelligence reveals allocation-solaxy.io resolved to IP 172.67.210.209 and was registered via NiceNIC International Group Co., Limited on February 21, 2026. The domain was flagged by 7 out of 95 VirusTotal security vendors and appeared on three separate security blocklists, indicating recognition by multiple threat detection systems. This infrastructure and the phishing lure confirm a coordinated effort to exploit crypto enthusiasts.

Currently, the domain is offline, reducing immediate risk. Users should avoid any links or communications referencing allocation-solaxy.io or the purported $SOLX airdrop. Security teams are advised to maintain blocking rules for this domain and monitor for related phishing campaigns. The phishing attempt underscores ongoing risks in crypto-related scams, emphasizing caution when engaging with unsolicited airdrop offers.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Solaxy Token: $SOLX Airdrop is Live

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.210.209
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["damon.ns.cloudflare.com", "natasha.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01998c84-f136-76fb-babe-bb221a9d0820.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5fae373f-90d1-4e68-a899-61f6d1fa2504
- PhishDestroy: https://phishdestroy.io/domain/allocation-solaxy.io/
- LLM endpoint: https://phishdestroy.io/domain/allocation-solaxy.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/allocation-solaxy.io/
Last updated: 2026-03-19