# onchainsolsaving.com — MALICIOUS > PhishDestroy identifies onchainsolsaving.com as a crypto drainer phishing domain. VirusTotal flags 6/95 vendors. Act now to block this threat. ## Summary PhishDestroy identifies onchainsolsaving.com as a malicious domain actively engaged in crypto drainer phishing, posing a significant risk to cryptocurrency users. This domain mimics legitimate blockchain service providers to deceive users into connecting wallets or entering credentials, enabling unauthorized fund transfers. The infrastructure leverages social engineering tactics to exploit trust in crypto ecosystems, making it a high-priority threat for wallet holders and traders. This domain was flagged by 6 out of 95 security vendors on VirusTotal, with registration details revealing it was created on February 19, 2026, through GMO Internet, Inc. The domain resolves to IP 118.107.28.253 and utilizes a Let's Encrypt SSL certificate, which may further deceive users into believing the site is legitimate. The combination of recent registration, low detection rates, and active infrastructure underscores the urgency for immediate defensive action. Users who visited this domain should disconnect any connected wallets immediately and revoke any potentially exposed API keys or permissions. Scan devices for malware using reputable security tools, as crypto drainers often deploy spyware or keyloggers. Report the domain to your organization’s SOC or security provider, and ensure browser-based protections (e.g., uBlock Origin, MetaMask’s phishing detection) are enabled. If funds were stolen, file reports with local law enforcement and relevant blockchain forensic teams. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-19 09:15:44 - Registrar: GMO Internet, Inc. - IP: 118.107.28.253 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/onchainsolsaving.com - PhishDestroy: https://phishdestroy.io/domain/onchainsolsaving.com/ - LLM endpoint: https://phishdestroy.io/domain/onchainsolsaving.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/onchainsolsaving.com/ Last updated: 2026-04-10