# satlayer.top — SUSPICIOUS

> satlayer.top is a live crypto drainer posing as a crypto platform; 0/95 VirusTotal detections. Verify before you click—scan on PhishDestroy.

## Summary
Domain satlayer.top has been flagged as a live crypto drainer kit impersonating a cryptocurrency platform, designed to intercept wallet credentials and drain digital assets. The domain was registered on January 12, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP 172.67.201.236. This site is currently active and not yet detected by 95 antivirus engines on VirusTotal, indicating a low detection profile typical of emerging drainer campaigns. The domain uses a valid SSL certificate issued by Google Trust Services, which enhances its credibility to unsuspecting users.


Technical indicators confirm this domain is a high-risk threat vector. VirusTotal currently shows 0 detections out of 95 scanners, placing it in a blind spot for traditional security tools. It was registered on January 12, 2026, making it extremely new—only days old at time of analysis. The domain resolves to cloud infrastructure IP 172.67.201.236, a known hosting range associated with malicious activity. The registrar, NICENIC INTERNATIONAL, has been repeatedly abused in phishing and crypto-draining operations. Despite the SSL certificate from Google Trust Services, Google Safe Browsing (GSB) has not yet flagged this domain, and no public blocklists currently include it. This combination of fresh registration, low detection, and active infrastructure suggests a rapidly evolving threat.


As of this assessment, satlayer.top remains active and unblocked by major browsers and security vendors. PhishDestroy has flagged this domain under seed b4ad7c and is actively monitoring its behavior for signature updates. The current risk level is under investigation but is assessed as HIGH due to the active drainer payload and zero detections. Users are strongly advised to avoid interacting with this domain and to verify any crypto-related links using PhishDestroy’s real-time scanner. Until broader detection coverage is achieved, this domain represents a credible and dangerous threat to cryptocurrency users. Immediate defensive action—blocking by domain, IP, and SSL fingerprint—is recommended at organizational and network levels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-01-12 07:18:48
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.201.236

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7ffba54f-3a1e-47a4-9e02-46c06e0f06ac
- PhishDestroy: https://phishdestroy.io/domain/satlayer.top/
- LLM endpoint: https://phishdestroy.io/domain/satlayer.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/satlayer.top/
Last updated: 2026-03-22