# solwallet-app.com — SUSPICIOUS > PhishDestroy identifies solwallet-app.com as an active crypto drainer phishing site. VT score 0/95. Review the full technical report. ## Summary PhishDestroy’s anti-phishing team has opened a live investigation into solwallet-app.com, a recently registered domain actively hosting a cryptocurrency-draining kit. The page masquerades as a legitimate Solana wallet application and prompts users to connect their wallets to “claim rewards” or “upgrade accounts,” a classic deception pattern for unauthorized fund extraction. Initial payload analysis confirms the presence of a JavaScript drainer kit designed to intercept wallet connection requests and silently initiate unauthorized transfers. No direct brand impersonation (e.g., Phantom, Solflare, or Ledger) is detected at this stage; instead, the threat actor leverages a newly coined “SolWallet” branding to establish credibility. The domain’s landing page mimics the visual identity of established Solana wallet interfaces, including transaction simulation pop-ups and fake “network congestion” warnings to pressure users into immediate action. Technical indicators are limited but highly suspicious. As of April 10, 2025, solwallet-app.com shows 0/95 detections on VirusTotal and remains undetected by Google Safe Browsing (GSB). WHOIS records indicate the domain was created on March 30, 2025—just 11 days prior to analysis—via Spaceship, Inc., a registrar known for both legitimate and high-risk registrations. DNS resolution points to IP address 216.198.79.1, a shared hosting environment in the US with a history of hosting cryptocurrency-related scam infrastructure. The domain uses a valid Let’s Encrypt SSL certificate to enhance phishing authenticity. At this time, the domain has not been widely blocklisted, and no public sandboxes have released full payload captures. The investigation is ongoing, with active monitoring and takedown coordination with abuse teams at Spaceship and Let’s Encrypt. Current status: active and distributing. Users are strongly advised to avoid accessing solwallet-app.com and to verify wallet URLs via official channels only. Remaining risk is assessed as HIGH due to active distribution, absence from blocklists, and the presence of live drainer code. Users should monitor transaction approvals, revoke any suspicious wallet connections, and report activity to their wallet provider immediately. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-30 23:33:14 - Registrar: Spaceship, Inc. - IP: 216.198.79.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/59f418dc-51ed-46de-8bd3-711bf0dc7fe9 - PhishDestroy: https://phishdestroy.io/domain/solwallet-app.com/ - LLM endpoint: https://phishdestroy.io/domain/solwallet-app.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/solwallet-app.com/ Last updated: 2026-03-31