# hoodsolana.pages.dev — MALICIOUS — Crypto Drainer (Solana Drainer)

> PhishDestroy identifies hoodsolana.pages.dev as a live Solana crypto drainer. Hosted on Cloudflare, it evades detection with 0/95 VirusTotal scans.

## Summary
PhishDestroy identifies hoodsolana.pages.dev as an active Solana crypto drainer designed to steal cryptocurrency from unsuspecting users. This fraudulent domain mimics legitimate Solana-related services to trick victims into connecting their wallets or entering private keys. Once accessed, the drainer kit exploits vulnerabilities in wallet integrations to siphon funds directly to attacker-controlled addresses. The domain’s infrastructure is optimized for speed and evasion, leveraging Cloudflare’s CDN to mask its true origin while relying on Google Trust Services for a deceptive SSL certificate.  This domain was flagged with 0 detections out of 95 VirusTotal scans, demonstrating its ability to bypass automated security checks at the time of analysis. It was registered through Cloudflare, Inc., resolving to IP address 172.66.44.225. The Solana drainer kit embedded within the pages.dev subdomain is purpose-built to target Solana-based wallets, including popular options like Phantom and Solflare. Due to its recent deployment and low detection rate, this threat poses a significant risk to cryptocurrency holders interacting with Solana ecosystem services.  Users who visited hoodsolana.pages.dev should immediately revoke any connected wallet permissions, transfer remaining funds to a newly generated wallet, and scan their devices for malware using reputable antivirus software. Avoid interacting with this domain or any linked wallet connection prompts. Report suspicious activity to your wallet provider and consider using hardware wallets for enhanced security. Monitor your transaction history closely for unauthorized transfers and enable multi-factor authentication where possible. Stay vigilant against similar domains masquerading as legitimate Solana services.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.225

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0dd0493b-b64c-4fd6-8159-6ebd33564bac
- PhishDestroy: https://phishdestroy.io/domain/hoodsolana.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/hoodsolana.pages.dev/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hoodsolana.pages.dev/
Last updated: 2026-03-30