# node-delegator-ui.pages.dev — SUSPICIOUS

> node-delegator-ui.pages.dev masquerades as a legitimate delegation tool but drops a crypto-draining kit. VirusTotal shows 0/95 detections. Block immediately.

## Summary
PhishDestroy identifies node-delegator-ui.pages.dev as an active crypto-draining site purporting to be a “Node Delegator UI.” The page is dressed in stolen branding and prompts wallet connections under the guise of node management, a classic scheme used to siphon assets via fake drainer scripts. No custom kit fingerprint is yet extracted, but the lure closely mirrors prior campaigns targeting Solana and Ethereum users, indicating reuse of commodity drainer code observed in underground forums during Q2-2024.


Exact technical indicators include: VirusTotal score of 0/95 detections as of the last scan, Cloudflare Inc. as registrar, and a single IPv4 address 172.66.44.107. The domain holds a valid Google Trust Services certificate and remains unlisted by Google Safe Browsing at this time. Historical passive DNS suggests first resolution on 2024-06-12, aligning with the Cloudflare Pages launch window.


The domain is currently categorized as under investigation with an active status and a provisional risk label. Immediate network blocks via firewall rules and DNS sinkholes are recommended while additional sandbox detonation and sinkhole telemetry are collected. Despite zero current detections, the convergence of fresh registration, zero VT flags, and observed drainer patterns keeps residual risk elevated until remediation is complete.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.107

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/da7c7879-a3bf-4ef7-bec7-65e890b47c78
- PhishDestroy: https://phishdestroy.io/domain/node-delegator-ui.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/node-delegator-ui.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/node-delegator-ui.pages.dev/
Last updated: 2026-03-28