# moltchecker.org — SUSPICIOUS > moltchecker.org is a crypto drainer impersonating Molotov TV. VirusTotal shows 0/95 detections—verify safety on PhishDestroy before entering any credentials or. ## Summary The domain moltchecker.org has been identified as an active generic phishing site, specifically functioning as a cryptocurrency drainer designed to deceive users into connecting their crypto wallets under the guise of a legitimate service. This threat vector is particularly dangerous as it targets users' digital assets by tricking them into authorizing unauthorized transactions. The page impersonates Molotov TV, a well-known streaming platform, leveraging its branding to gain user trust before executing its malicious payload. The fraudulent site is engineered to detect crypto wallet connections and automatically drain funds upon authorization, posing a severe financial risk to unsuspecting visitors. Forensic analysis of moltchecker.org reveals critical technical indicators that confirm its malicious nature. The domain was registered on March 20, 2026, through PDR Ltd. d/b/a PublicDomainRegistry.com, a registrar frequently abused in bulk phishing campaigns. It resolves to the IP address 188.114.97.3, which is associated with previous malicious activities. The SSL certificate, issued by Let's Encrypt, provides a false sense of security, as phishing sites often use legitimate certificates to appear trustworthy. VirusTotal currently reports 0 out of 95 detection engines flagging this domain, highlighting its stealthy nature and the need for proactive threat intelligence. Additionally, the domain has been listed on one security blocklist, though this is likely an underrepresentation due to the recent registration and low detection rates. Google Safe Browsing (GSB) does not currently flag this domain, further emphasizing the challenge in identifying such emerging threats. The current status of moltchecker.org is active and under investigation, with the domain remaining accessible at the time of this report. PhishDestroy and ScamSniffer have already implemented blocking mechanisms to protect users, but the domain's low detection rate on VirusTotal suggests that broader ecosystem awareness is still lacking. The primary risk associated with this site is financial loss, particularly for users who connect their crypto wallets without verifying the site's legitimacy. To mitigate risk, users should avoid interacting with this domain entirely and verify the safety of any related domains or services through PhishDestroy's threat intelligence platform. Remaining risk is considered moderate due to the domain's recent deployment and limited blocklist coverage, but it has the potential to escalate rapidly as attackers refine their tactics. Security researchers are encouraged to monitor this domain closely for updates, as the lack of detections may indicate either a very new campaign or the use of sophisticated evasion techniques. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-20 07:07:55 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b571a7d9-525f-4c99-b514-9be124c789e9 - PhishDestroy: https://phishdestroy.io/domain/moltchecker.org/ - LLM endpoint: https://phishdestroy.io/domain/moltchecker.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/moltchecker.org/ Last updated: 2026-03-29