# billysol-lol.live — SUSPICIOUS > Investigating billysol-lol.live, a crypto drainer phishing domain flagged by only 0/95 VirusTotal engines. Take immediate safety precautions. ## Summary PhishDestroy identifies billysol-lol.live as an active crypto drainer domain under investigation, posing a credible threat to cryptocurrency users. Security telemetry confirms the domain is engineered to deceive visitors into connecting wallets, where malicious scripts then drain assets via transaction manipulation. Given the specificity of the attack vector and the lack of antivirus coverage, this domain represents a high-risk trap for unsuspecting users engaging with crypto services. Technical indicators reveal the domain was registered through OwnRegistrar, Inc. on April 11, 2026, and resolves to IP 188.114.97.3. Security blocklists show this domain has been identified and flagged by MetaMask and SEAL, though VirusTotal currently shows zero detections across 95 scanning engines. The use of a legitimate Let’s Encrypt SSL certificate suggests an attempt to appear trustworthy, while the recent registration date indicates opportunistic deployment. The absence of endpoint detection underscores the importance of behavioral monitoring in identifying such threats. Mitigation for this crypto drainer threat requires immediate network-level blocking of billysol-lol.live and IP 188.114.97.3. Users should avoid interacting with any links or QR codes associated with this domain, particularly those promoting fake Solana or crypto wallet connections. Always verify URLs manually, inspect wallet connection prompts for unexpected transaction requests, and use hardware wallets for high-value assets. Organizations are advised to update firewall rules and DNS blocklists, and to educate users on recognizing wallet drainer lures disguised as giveaways or official tools. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-11 20:22:49 - Registrar: OwnRegistrar, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c3130114-a756-40a9-a7a6-04f7c054dc8a - PhishDestroy: https://phishdestroy.io/domain/billysol-lol.live/ - LLM endpoint: https://phishdestroy.io/domain/billysol-lol.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/billysol-lol.live/ Last updated: 2026-04-12