# resolvesprotocol.xyz — SUSPICIOUS > resolvesprotocol.xyz is a confirmed cryptocurrency wallet drainer posing as a crypto protocol resolver. ## Summary PhishDestroy identifies resolvesprotocol.xyz as an active cryptocurrency wallet drainer campaign operating under the guise of a protocol resolver. This domain leverages deceptive impersonation to trick users into connecting their wallets, enabling unauthorized token and NFT transfers. The domain does not appear to masquerade under a specific brand or exploit a known drainer kit; instead, it functions as a standalone lure designed to harvest private keys or approve malicious token approvals via wallet connection prompts. Given its elevated risk classification and lack of legitimate attribution, resolvesprotocol.xyz represents a direct threat to digital asset holders seeking protocol-related services. This domain was registered on March 10, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IPv4 address 188.114.97.3. VirusTotal analysis confirms detection by 2 out of 95 security vendors, indicating limited but present recognition of its malicious nature. The domain holds a valid SSL certificate issued by Let’s Encrypt, suggesting an attempt to appear legitimate. It is not currently flagged in Google Safe Browsing (GSB) and has not been widely included in public blocklists, which may contribute to its continued accessibility and potential user exposure. The low detection rate and recent registration elevate the risk of successful user compromise. As of investigation, resolvesprotocol.xyz remains active and is actively serving malicious content intended to deceive users. Immediate remediation includes global domain blocking at network and endpoint levels, as well as user education to avoid wallet connections to unknown domains. While domain takedown requests have likely been initiated, the presence of a valid SSL certificate and use of a reputable registrar could delay removal. The remaining risk is elevated due to the domain’s active status, low vendor detection, and the irreversible nature of cryptocurrency theft via wallet compromise. Users are strongly advised to verify protocol domains through official channels and never connect wallets to untrusted sites. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-10 11:47:18 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9cf75df5-f343-4947-95a6-ed525dd88f23 - PhishDestroy: https://phishdestroy.io/domain/resolvesprotocol.xyz/ - LLM endpoint: https://phishdestroy.io/domain/resolvesprotocol.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/resolvesprotocol.xyz/ Last updated: 2026-03-23