# PhishDestroy threat dossier — stake-manager.com
================================================================

Fetched:   2026-04-22 08:27:13 UTC
Canonical: https://phishdestroy.io/domain/stake-manager.com/

## VERDICT
----------------------------------------------------------------
TAKEN DOWN (neutralised)
Composite threat score: 100/100 (PhishDestroy scoring — see methodology below)
Scam classification: Impersonation
Targeted brand: Solana

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      13/94 security vendors flagged this domain
  Flagging vendors: ADMINUSLabs, alphaMountain.ai, BitDefender, CRDF, CyRadar, Ermes, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Lionic, SOCRadar, Sophos
URLQuery:        2 detections

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      188.114.97.3 (CA, Toronto)
ASN:             AS13335 Cloudflare, Inc.
Hosting org:     CloudFlare, Inc.
Registrar:       NameSilo, LLC

!!! REGISTRAR INTEGRITY ALERT — NameSilo !!!
NameSilo is a registrar documented by PhishDestroy as (1) publicly lying about
received abuse reports, (2) shielding a $20M+ Monero-theft operation (xmrwallet.com)
for 10 continuous years, and (3) retaliating against PhishDestroy by getting our
X/Twitter account @Phish_Destroy banned after we published the evidence.
Researchers/victims must ALWAYS CC compliance@icann.org on every abuse ticket —
NameSilo has a track record of later claiming reports were never received.
Primary sources:
  https://phishdestroy.io/namesilo-killed-our-twitter
  https://phishdestroy.io/xmrwallet-namesilo-exposed

Nameservers:     ivan.ns.cloudflare.com, jasmine.ns.cloudflare.com
Registered:      2026-04-04
Page title:      Solana Stake Manager by LUX8 Validator

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Google Trust Services / WE1
Expires:    2026-06-30
Status:     INVALID chain
Fingerprint: 4c089a58eba85be686f61a1d06ac44af1837af436122728ba6a4c7a523550667

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: CLOSED — no report required.
This domain was neutralised before the abuse-report cycle could be dispatched — either
the hosting provider / registrar suspended it on their own, the DNS went dead, or the
operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file
for audit but no formal notice was sent.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-04-04 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-04-04 19:50:11 UTC (by PhishDestroy tracker)
Earliest abuse rec: 2026-04-04 16:48:34 UTC — PREDATES current WHOIS registration; retained from a previous registration cycle of the same domain name
Last verified:     2026-04-21 16:08:38 UTC
Neutralised:       2026-04-15 00:32:37 UTC
Current status:    taken down (registrar suspended or DNS dead)

Note: one or more events above predate the WHOIS creation date. This typically means
the same domain name was previously registered, detected, dropped, and then re-registered
by a new party. PhishDestroy preserves the full historical record for operator-attribution
research even when the underlying infrastructure changes hands.

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019d5963-47ab-727a-aa13-63c4a9008cad/
URLQuery:         https://urlquery.net/report/5685ab3b-4ef8-4e62-8971-1a538e68ebee
Wayback Machine:  https://web.archive.org/web/*/stake-manager.com
crt.sh CT logs:   https://crt.sh/?q=%25.stake-manager.com
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=stake-manager.com
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/stake-manager.com
URLhaus:          https://urlhaus.abuse.ch/host/stake-manager.com/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-04-04 19:53:30 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies stake-manager.com as an active brand impersonation domain masquerading as the Solana Stake Manager offered by LUX8 Validator. The site promotes itself as a Solana staking interface, but forensic analysis confirms it is a crypto wallet drainer designed to siphon funds from unwitting users who connect their Solana wallets. This campaign specifically targets Solana ecosystem participants seeking staking solutions, leveraging the recognizable LUX8 Validator branding to establish false legitimacy. Its page title, 'Solana Stake Manager by LUX8 Validator,' is crafted to deceive users into believing they are interacting with an official Solana validator interface. The domain employs social engineering tactics commonly associated with drainer-as-a-service (DaaS) kits, which automate the unauthorized transfer of assets once wallet permissions are granted. While no custom drainer kit fingerprint was retrieved in this analysis, the overall infrastructure and branding alignment strongly suggest deployment of a turnkey cryptocurrency drainer solution.

Technical indicators for stake-manager.com reveal a concerning but not yet widely recognized threat. The domain was registered on February 01, 2026, through NameSilo, LLC, indicating a very recent launch intended to exploit early adopters in the Solana staking space. It resolves to IP address 188.114.97.3 and holds an SSL certificate issued by Google Trust Services, which may help it evade browser-based trust indicators despite its malicious intent. VirusTotal analysis shows only 1 out of 95 security vendors flagging the domain, underscoring how newly launched malicious domains often fly under the radar until broader detection signatures are developed. Although no blocklist inclusion was recorded in public feeds at the time of analysis, the site’s low VT detection rate highlights the critical need for proactive user verification using specialized threat intelligence platforms like PhishDestroy.

As of this assessment, stake-manager.com remains active and poses an elevated risk to Solana users seeking staking tools. No official takedown or blocklisting activity has been confirmed, allowing the domain to continue operating and potentially attracting victims. PhishDestroy strongly recommends that all users verify any Solana-related staking interface against our real-time threat database before connecting wallets or entering credentials. The remaining risk is elevated due to the domain’s recent registration, low detection coverage, and specific impersonation of a reputable validator. Users are advised to inspect URLs carefully, avoid downloading unverified software, and use hardware wallets or transaction simulation tools when interacting with staking platforms. Continuous monitoring of this domain and IP is ongoing, and further IOCs will be released as the investigation progresses.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260404-A8428F
Favicon MD5:       c4acac1a28932cf3f3e8e0570ccc0006
TLS cert SHA-256:      4c089a58eba85be686f61a1d06ac44af1837af436122728ba6a4c7a523550667

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/stake-manager.com/
JSON API:          https://api.destroy.tools/v1/check?domain=stake-manager.com
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io