# www.solanamysterybox.com — MALICIOUS — Crypto Drainer (Solana Drainer) > Danger from solanamysterybox.com: active Solana crypto drainer. Domain resolved 185.158.133.1, only 0/95 VT detections so far. ## Summary PhishDestroy identifies the active crypto drainer domain www.solanamysterybox.com, which impersonates a Solana-branded mystery-box lure to trick users into connecting wallets and signing malicious transactions. The page hosts the Solana Drainer kit, a JavaScript-based exploit that monitors wallet signatures and siphons tokens in real time once a victim authorizes a transaction. No specific brand is cloned, but the domain’s theme targets Solana ecosystem participants seeking rare NFTs or rewards. The domain was registered through Gransy, s.r.o. on October 06, 2025 and resolves to IPv4 address 185.158.133.1. VirusTotal analysis recorded 0 detections out of 95 engines as of the latest scan; its SSL certificate is issued by Google Trust Services, increasing its deceptive appearance. The domain carries a zero blacklist status across major blocklists at time of discovery, which increases the likelihood that unsuspecting users may encounter the page via social media, Discord, or Telegram promotions without prior warnings. The combination of a freshly registered domain, low detection rate, and absence from blocklists makes this asset highly evasive in the early campaign stages. Current status is active and expanding within Solana-focused communities, with indicators pointing to ongoing drain operations rather than a short-lived scam. No official remediation by upstream providers has been observed; the low VT score suggests signature-based defenses have not yet caught up with this variant. Users are advised to vet any link related to “mystery boxes” or token airdrops before connecting wallets or signing transactions. Remaining risk is high due to the drainer’s real-time exploitation mechanism and the domain’s current clean reputation on major threat intelligence platforms. ## Threat Details - Verdict: MALICIOUS — Crypto Drainer (Solana Drainer) - Site status: unknown (HTTP ?) - Drainer type: Solana Drainer ## Domain Intelligence - Registered: 2025-10-06 09:58:24 - Registrar: Gransy, s.r.o. - IP: 185.158.133.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/04b9909a-3549-4ced-9ce6-4d9ee5e8d603 - PhishDestroy: https://phishdestroy.io/domain/www.solanamysterybox.com/ - LLM endpoint: https://phishdestroy.io/domain/www.solanamysterybox.com/llm.txt ## If You Visited This Site 1. Revoke all token approvals immediately (revoke.cash / unrekt.net) 2. Move remaining funds to a new wallet 3. Do not interact with any transactions from this site 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.solanamysterybox.com/ Last updated: 2026-04-01