# PhishDestroy threat dossier — solcommunity.lat
================================================================

Fetched:   2026-05-01 13:18:38 UTC
Canonical: https://phishdestroy.io/domain/solcommunity.lat/

## VERDICT
----------------------------------------------------------------
ACTIVE + CLOAKED — returns HTTP 666 to scanners, real fraudulent site to victims
Composite threat score: 100/100 (PhishDestroy scoring — see methodology below)
Scam classification: Crypto Scam
Cloaking: DETECTED — domain returns custom HTTP 666 to scanners while serving fraudulent content to real users (type: content_divergence) (score: 2/6)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      2/94 security vendors flagged this domain
  Flagging vendors: alphaMountain.ai, SOCRadar
Public blocklists: listed on 1 independent blocklist

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      188.114.96.3 (CA, Toronto)
ASN:             AS13335 Cloudflare, Inc.
Hosting org:     CloudFlare, Inc.
Registrar:       Global Domain Group LLC
Nameservers:     diana.ns.cloudflare.com, johnny.ns.cloudflare.com
Registered:      2026-04-02
HTTP response:   530

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Google Trust Services / WE1
Expires:    2026-07-01
Status:     INVALID chain
Fingerprint: d77aa790861dd118fab94ca578cd41fe55a4bb58ee6f4c1b6e517c7f0dcaddd0

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-04-02 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-04-02 21:58:24 UTC (by PhishDestroy tracker)
Last verified:     2026-05-01 12:00:31 UTC
Neutralised:       2026-04-23 04:08:55 UTC
Current status:    ACTIVE — cloaked behind HTTP 666 to evade scanners

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019d4f8e-6120-76be-b40c-93636de8f2f9/
Wayback Machine:  https://web.archive.org/web/*/solcommunity.lat
crt.sh CT logs:   https://crt.sh/?q=%25.solcommunity.lat
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=solcommunity.lat
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/solcommunity.lat
URLhaus:          https://urlhaus.abuse.ch/host/solcommunity.lat/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-04-02 21:59:18 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies solcommunity.lat as a suspected cryptocurrency drainer currently under investigation for malicious activity. The domain masquerades as a legitimate community platform while harboring intentions to divert digital assets. Authorities have labeled the site with a generic phishing threat classification, though the specific mechanism of attack remains unconfirmed. Users are advised to exercise extreme caution when encountering this domain.

This domain was flagged by only 0 of 95 VirusTotal security vendors despite its inclusion on one known blocklist. Registered through Global Domain Group LLC, solcommunity.lat resolves to IP address 188.114.96.3 and operates with a Google Trust Services SSL certificate. The domain was created on February 02, 2026, rendering it extremely new to the threat landscape. Its lack of detection despite suspicious infrastructure demands heightened scrutiny from cybersecurity researchers.

The current status of solcommunity.lat remains active with ongoing investigation. The domain's low VirusTotal detection rate combined with its fresh creation date suggests it may be a newly deployed attack vector. PhishDestroy recommends immediate avoidance of this domain pending further analysis. Users who have recently interacted with solcommunity.lat should scan their digital wallets for unauthorized transactions and revoke any potentially compromised credentials. Security teams are advised to implement network-level blocking based on the IP address and domain indicators provided. Continuous monitoring of this domain is strongly recommended due to its potential to evolve into a more sophisticated threat.

[Updates since narrative was generated:]
  - VirusTotal detections: now 2/94 (narrative was written when count was lower)

## EVIDENCE HASHES
----------------------------------------------------------------
Favicon MD5:       33e9dc6e80f2fd6f503a1334a157d59d
TLS cert SHA-256:      d77aa790861dd118fab94ca578cd41fe55a4bb58ee6f4c1b6e517c7f0dcaddd0

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/solcommunity.lat/
JSON API:          https://api.destroy.tools/v1/check?domain=solcommunity.lat
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io