# solanapay.onl — MALICIOUS — Crypto Drainer (Solana Drainer)

> Phishing investigation: solanapay.onl is a live Solana crypto drainer site with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies solanapay.onl as a high-risk Solana crypto drainer domain actively impersonating the Solana brand. The site leverages the Solana Drainer kit to siphon cryptocurrency assets from unsuspecting users who interact with its fraudulent interface. This threat represents a targeted attempt to exploit trust in the Solana ecosystem, posing significant financial risk to cryptocurrency holders.  This domain was flagged with a 0/95 detection score on VirusTotal, despite its malicious purpose remaining undetected by antivirus engines. Registered through Dynadot Inc on October 02, 2025, the domain resolves to IP 188.114.97.3 and holds a Google Trust Services SSL certificate, lending it an air of legitimacy. Its recent creation date combined with zero blocklist entries suggests it is a newly deployed threat still flying under the radar of security vendors. The absence of detections, despite the presence of a known drainer kit, underscores the stealthy nature of this campaign.  The current status of solanapay.onl is active and unblocked, with no mitigations in place as of the latest assessment. Immediate action is required to block the domain at the network perimeter and update blocklists to prevent further compromise. Users should exercise extreme caution when accessing Solana-related services and verify URLs through official channels. The high-risk profile of this drainer, coupled with its undetected status, makes it a critical threat demanding urgent attention. Proactive blocking and user awareness are essential to mitigate potential financial losses.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer
- Target brand: Solana

## Domain Intelligence
- Registered: 2025-10-02 08:50:15
- Registrar: Dynadot Inc
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/59794ea2-3823-409e-8d96-75207afc7bca
- PhishDestroy: https://phishdestroy.io/domain/solanapay.onl/
- LLM endpoint: https://phishdestroy.io/domain/solanapay.onl/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/solanapay.onl/
Last updated: 2026-03-28