# refundsolana.net — MALICIOUS — Crypto Drainer (Solana Drainer)

> refundsolana.net is linked to a Solana crypto drainer threat. Under investigation—stay cautious and avoid sharing wallet info. Check latest updates now.

## Summary
PhishDestroy identifies refundsolana.net as an active domain associated with a crypto drainer threat specifically targeting the Solana blockchain ecosystem. The risk level is currently under investigation due to its association with the Solana Drainer kit. Users are advised to exercise caution when interacting with this domain to prevent potential loss of digital assets.

Supporting intelligence reveals that refundsolana.net was registered recently on March 12, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar sometimes used for malicious domains. The domain resolves to IP address 104.21.33.44. Despite zero detections on VirusTotal by 95 security vendors, the use of a known Solana Drainer infrastructure and fresh domain registration is a strong indicator of suspicious activity linked to crypto asset theft.

Given the domain’s active status and its ties to a crypto drainer toolkit, PhishDestroy recommends users avoid providing any wallet credentials or private keys on refundsolana.net. Continuous monitoring and updates will follow as more data emerges. Users should ensure their wallets are secured and use trusted sources for Solana transactions to mitigate risks associated with this domain.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: alive (HTTP 200)
- Drainer type: Solana Drainer
- Target brand: Solana
- Page title: Get Your SOL Back Instantly | Recover Rent from Solana Token Accounts

## Domain Intelligence
- Registered: 2026-03-12 20:56:03
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- Country: CN
- IP: 104.21.33.44
- Nameservers: joaquin.ns.cloudflare.com mina.ns.cloudflare.com

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: []
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://i.ibb.co/7N4ZPsHy/23d781601ea2.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2789cee8-d51d-4fc2-9fb0-76bcc1f92336
- PhishDestroy: https://phishdestroy.io/domain/refundsolana.net/
- LLM endpoint: https://phishdestroy.io/domain/refundsolana.net/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/refundsolana.net/
Last updated: 2026-03-19