# slushwalletdesktop.app — SUSPICIOUS

> slushwalletdesktop.app is a crypto drainer targeting cryptocurrency users. VirusTotal flags 4/95 vendors. Block immediately and avoid transactions.

## Summary
PhishDestroy identifies slushwalletdesktop.app as an active crypto drainer domain posing as a legitimate Slush Wallet service. This malicious site is designed to trick users into connecting their cryptocurrency wallets and illicitly drain funds through deceptive transaction prompts. The elevated risk level warrants immediate action, as unpatched exposure could result in irreversible financial loss.

This domain exhibits multiple red flags across technical and behavioral indicators. VirusTotal analysis reveals 4 out of 95 security vendors have flagged the domain as malicious. The infrastructure analysis shows registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, with hosting on IP address 216.198.79.1. The domain was created on March 21, 2026, which indicates extremely recent deployment—a common tactic among threat actors to evade established blocklists. Security blocklists including SEAL and MetaMask have already blacklisted this domain, and its SSL certificate issued by Let's Encrypt provides a false sense of legitimacy while enabling encrypted malicious traffic.

Mitigation requires immediate defensive actions aligned with crypto drainer threats. Users should block slushwalletdesktop.app at the network and DNS levels, and avoid accessing the domain entirely. For organizations, implement strict allowlisting of cryptocurrency wallet domains and deploy endpoint protection capable of detecting wallet connection prompts. Always verify domain URLs through official channels before connecting wallets, and educate users on the risks of deceptive wallet interfaces. Consider reporting this domain to threat intelligence platforms to enhance collective defense.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 23:48:41
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 216.198.79.1

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cee956a0-c42e-4656-8118-0dd473beece4
- PhishDestroy: https://phishdestroy.io/domain/slushwalletdesktop.app/
- LLM endpoint: https://phishdestroy.io/domain/slushwalletdesktop.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slushwalletdesktop.app/
Last updated: 2026-03-25