# solfun.pw — SUSPICIOUS

> Investigating solfun.pw, a crypto drainer phishing domain with 0/95 VirusTotal detections. Domain leverages Let's Encrypt SSL and targets cryptocurrency users.

## Summary
Domain solfun.pw is currently under active investigation by PhishDestroy for hosting a cryptocurrency drainer phishing kit. The domain impersonates a generic service ('solfun') while embedding malicious scripts designed to drain connected wallets during transaction approvals. No specific brand impersonation has been confirmed at this stage, but the infrastructure suggests opportunistic targeting of crypto users. The domain's age (registered March 24, 2026) and recent creation imply a hastily deployed operation, likely leveraging low-cost registrar services to fly under detection thresholds.  

This domain resolves to IP 172.67.144.249, hosted through NameSilo, LLC, and utilizes a Let's Encrypt SSL certificate to appear legitimate. It was created on March 24, 2026, and currently shows 0/95 detections on VirusTotal, indicating it has evaded automated detection engines. Google Safe Browsing (GSB) status remains unflagged, and no third-party blocklists have been identified as containing this domain. The lack of detections suggests this is a newly operational campaign with minimal historical footprint, increasing the risk of successful user compromise.  

The threat is currently ACTIVE, with no known remediation or takedown actions recorded. PhishDestroy assesses this as a HIGH-RISK domain due to its crypto drainer payload, low detection footprint, and active status. Users are advised to block the domain and IP at network/firewall levels, avoid interaction, and monitor wallet addresses for suspicious transactions. Remaining risk is elevated until the domain is sinkholed or the drainer kit is analyzed for indicators of compromise (IOCs). Immediate defensive actions are critical to prevent wallet drain events.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 07:38:52
- Registrar: NameSilo, LLC
- IP: 172.67.144.249

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c42ec7b4-c62d-468b-90eb-5ba9860493ce
- PhishDestroy: https://phishdestroy.io/domain/solfun.pw/
- LLM endpoint: https://phishdestroy.io/domain/solfun.pw/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/solfun.pw/
Last updated: 2026-03-28