# poly-checker.fun — SUSPICIOUS

> poly-checker.fun is a crypto drainer site mimicking Ledger Live. Verify safety on PhishDestroy before transactions — 0/95 detections reported.

## Summary
PhishDestroy identifies poly-checker.fun as a live crypto-drainer phishing domain registered on March 31, 2026. This exact-match domain impersonates Ledger Live and embeds a drainer kit designed to siphon funds from unsuspecting crypto users. The site leverages social-engineering lures (“security update,” “account validation”) to trick victims into connecting their wallets and authorizing suspicious transactions. Intelligence shows the drainer kit is actively delivered via the homepage and a hidden iframe payload targeting MetaMask, Phantom, WalletConnect, and Ledger Live integrations.  The technical fingerprint of poly-checker.fun is as follows: it resolves to IPv4 188.114.97.3, carries a valid Let’s Encrypt SSL cert, and remains undetected on VirusTotal with a score of 0/95 engines. The domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com and went live on March 31, 2026, indicating a very recent campaign onset. At the time of analysis, PhishDestroy’s global blocklist contains zero hits for this exact domain, Google Safe Browsing (GSB) has not yet flagged it, and no public takedown or abuse report has been filed. WHOIS shows privacy-protected registrant data, complicating attribution and mitigation.  As of the latest scan, the domain remains ACTIVE and responsive, still serving the drainer payload. PhishDestroy’s automated crawlers continue to monitor it in real time; however, due to the low VT detection rate and absence from major blocklists, the risk to end-users remains HIGH. The site’s short domain age and clean reputation profile make it particularly dangerous, as it can evade legacy filters for days or weeks. Users are strongly advised to verify any link to poly-checker.fun via PhishDestroy’s pre-transaction scanner before entering wallet credentials or authorizing transactions. Remediation actions include domain takedown requests to the registrar and SSL issuer, but these have not yet been executed due to the low detection footprint. The under-investigation status will be updated within 48 hours as additional IOCs are collected.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-31 22:59:32
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f3f674a6-d725-468d-8312-0a8b8be78046
- PhishDestroy: https://phishdestroy.io/domain/poly-checker.fun/
- LLM endpoint: https://phishdestroy.io/domain/poly-checker.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/poly-checker.fun/
Last updated: 2026-04-01