buttfishsol[.]com
“Buttfish Coin | AirDrop”
Registered with NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain is only three days old, suggesting it was quickly set up for malicious activities. It is hosted on an IP address (188.114.97.3) that may be associated with other suspicious activity. The presence of three blocklist entries highlights its notoriety among cybersecurity platforms.
Currently, buttfishsol[.]com is active and has not been taken down. PhishDestroy is actively monitoring the domain and has reported it to relevant authorities to mitigate risk and prevent exploitation. Continuous surveillance is in place to track any changes or developments related to this phishing threat.
Threat Response Pipeline
Public Blocklist Status
Evidence Capture
Domain Intelligence
ethan.ns.cloudflare.com
http://whois.nicenic.com/?page=whoisform
VirusTotal Analysis
Evidence & External Reports
Were You Affected by This Site?
If you have interacted with this domain, entered personal information, or connected a cryptocurrency wallet — take immediate action. Below are resources to help you report the incident and protect yourself.
Report to Your Local Authorities
Select your country to see local cybercrime reporting contacts and complaint templates.
Related Domain Reports
Other Domains on 188.114.97.3
More Domains at NICENIC INTERNATIONAL GROUP CO., LIMITED
About This Report: buttfishsol.com
This domain security report for buttfishsol.com is maintained by PhishDestroy's automated threat intelligence pipeline. Our system continuously monitors this domain across 95 security vendors on VirusTotal, 3 public blocklists, URLScan.io.
The site displays a page titled “Buttfish Coin | AirDrop”.
buttfishsol.com has been flagged by 3 security vendors as of February 27, 2026. This site has been identified as a solana_drainer.
If you believe this listing is inaccurate, you can submit an appeal. For more information about our methodology, visit our FAQ page.
Stay Informed, Stay Safe
Monitor live threats or contest this listing if you believe it's a false positive



URLScan Report