# ore.distribution.finance — MALICIOUS — Crypto Drainer (Solana Drainer)

> The domain ore.distribution.finance is linked to a high-risk crypto drainer. Avoid interaction and secure your wallets immediately.

## Summary
PhishDestroy identifies ore.distribution.finance as a high-risk crypto drainer domain targeting cryptocurrency users, particularly those involved with Solana assets. This threat is significant because it attempts to steal funds by deploying malicious draining scripts under the guise of an airdrop offer, posing a substantial financial risk.

The domain was registered via Cloudflare, Inc. and resolved to IP 104.21.77.5. It has since been taken offline following detection. The domain was flagged by 12 out of 95 VirusTotal security vendors and appears on at least one security blocklist. Gridinsoft assigned it a very low trust score of 1/100. The malicious infrastructure is linked to a known Solana drainer kit, confirming its purpose to illicitly extract cryptocurrency.

Users are strongly advised to avoid any interaction with ore.distribution.finance or related links. If you have engaged with this domain or entered wallet credentials, immediately review your wallet security and consider transferring assets to a new wallet. Employ multi-factor authentication and use trusted platforms only. Regularly update security software and remain vigilant against similar fraudulent airdrop scams.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Solana Drainer
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: ORE | Airdrop

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.21.77.5
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: none

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a6a78-3b88-763f-bc12-c3636c5ce139.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/93f8b43d-4a97-42e8-88e1-ab5bc48bf59a
- PhishDestroy: https://phishdestroy.io/domain/ore.distribution.finance/
- LLM endpoint: https://phishdestroy.io/domain/ore.distribution.finance/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ore.distribution.finance/
Last updated: 2026-03-19