# PhishDestroy threat dossier — allresolved.defisolution.net ================================================================ Fetched: 2026-06-30 07:36:29 UTC Canonical: https://phishdestroy.io/domain/allresolved.defisolution.net/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Crypto Drainer ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 12/91 security vendors flagged this domain Flagging vendors: Criminal IP, alphaMountain.ai, BitDefender, CyRadar, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Kaspersky, SOCRadar, Sophos, URLQuery URLQuery: 3 detections Public blocklists: listed on 2 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 188.114.96.3 (US, San Francisco) ASN: ASAS13335 CLOUDFLARENET - Cloudflare, Inc., US Hosting org: AS13335 Cloudflare, Inc. Registrar: Internet Domain Service BS Corp. Nameservers: selah.ns.cloudflare.com, vicente.ns.cloudflare.com Registered: 2026-03-24 Expires: 2027-03-24 Page title: Defi Protocol – Resole All Defi Wallet Pending Issues HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E8 Expires: 2026-08-21 Status: INVALID chain Fingerprint: 14de30e4e594daf34fe950da8872d27a3e205f4f89b566ea4a375f48f5f813a3 Subject Alternative Names (related infrastructure — often same operator): - defisolution.net ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-03-24 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-27 07:17:34 UTC (by PhishDestroy tracker) First reported: 2026-06-27 05:19:11 UTC (abuse notice filed) Last verified: 2026-06-30 08:20:34 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f0782-4065-748b-8a8a-ab3d7a306d86/ URLQuery: https://urlquery.net/report/80347799-981c-4030-8342-d1cc697f01a9 Wayback Machine: https://web.archive.org/web/*/allresolved.defisolution.net crt.sh CT logs: https://crt.sh/?q=%25.allresolved.defisolution.net Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=allresolved.defisolution.net AlienVault OTX: https://otx.alienvault.com/indicator/domain/allresolved.defisolution.net URLhaus: https://urlhaus.abuse.ch/host/allresolved.defisolution.net/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-27 07:25:52 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is flagged as an active crypto drainer infrastructure, designed to exploit DeFi wallet vulnerabilities and siphon cryptocurrency assets. Analysis indicates a high-risk threat classification due to its direct targeting of wallet connectivity and transaction manipulation, a hallmark of drainer operations. The domain presents itself as a solution for resolving pending DeFi wallet issues, a common social engineering tactic to lure victims into interacting with malicious smart contracts or authorization prompts. Infrastructure analysis reveals the following technical indicators: the domain resolves to IP address 188.114.97.3, a host with no prior reputation for legitimate financial services. It was registered on March 24, 2026, through Internet Domain Service BS Corp., a registrar frequently associated with high-risk domains. VirusTotal detection rates show 2 out of 95 security vendors flagging the domain as malicious, a low but non-zero indicator of compromise. The SSL certificate is issued by Let's Encrypt, a neutral but commonly abused certificate authority for malicious infrastructure. No blocklist entries or trust score improvements were observed at the time of assessment, reinforcing its active and unmitigated status. Mitigation steps specific to crypto drainer threats include immediate domain blocking at the network perimeter, particularly for financial or DeFi-related endpoints. Organizations should deploy wallet transaction simulation tools to detect unauthorized asset transfers before execution. End-users must be instructed to revoke all active smart contract approvals via wallet management interfaces and verify domain authenticity through official project channels. Monitoring for outbound connections to 188.114.97.3 and associated domains under the defisolution.net namespace is recommended, as drainer infrastructure often operates in clusters. Incident response teams should prioritize forensic analysis of wallet interactions with this domain to identify compromised accounts and trace stolen assets. [Updates since narrative was generated:] - Public blocklists: now listed on 2 feeds ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260627-E65DF1 Favicon MD5: b8a0bf372c762e966cc99ede8682bc71 TLS cert SHA-256: 14de30e4e594daf34fe950da8872d27a3e205f4f89b566ea4a375f48f5f813a3 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/allresolved.defisolution.net/ JSON API: https://api.destroy.tools/v1/check?domain=allresolved.defisolution.net Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 172,677 domains (13,093 alive under monitoring, 158,994 confirmed takedowns/dead). Site: https://phishdestroy.io