# solanascan.pages.dev — MALICIOUS — Crypto Drainer (Solana Drainer)

> PhishDestroy identifies solanascan.pages.dev as a live Solana crypto drainer phishing site. VT 1/95 detections. Check the full report.

## Summary
PhishDestroy identifies solanascan.pages.dev as a high-risk crypto drainer domain actively impersonating the Solana blockchain explorer. This site is engineered to harvest private keys, seed phrases, and wallet signatures, enabling direct theft of SOL tokens and SPL assets from unwitting users. Based on telemetry and behavioral analysis, the drainer kit deployed on this domain is specifically the Solana Drainer variant, a kit notorious for automating unauthorized transfers to attacker-controlled addresses. Users who enter wallet credentials or connect their wallets via this portal risk irreversible asset loss. The domain is currently live and distributing malicious payloads targeting Solana ecosystem participants.

This domain was flagged by PhishDestroy using seed 4bb25c and confirmed through multiple threat intelligence sources. It resolves to IP 172.66.47.97, registered via Cloudflare, Inc., and secured with an SSL certificate issued by Google Trust Services. VirusTotal reports only 1 out of 95 security vendors flagged the site as malicious at time of detection, indicating low early-stage detection despite its active campaign. It appears on one public blocklist and is blocked by the Enkrypt browser extension, suggesting partial but incomplete protection. Despite its youth, this domain leverages Cloudflare’s infrastructure to evade takedown and maintain availability.

To mitigate risk, users must never enter private keys, seed phrases, or sign wallet transactions on untrusted sites, especially those impersonating SolanaScan. Always verify URLs using official sources such as solscan.io or solana.com/explorer. Use hardware wallets or reputable wallet extensions with transaction simulation features. Install security extensions like Enkrypt or Phantom’s built-in phishing detection. If exposure is suspected, immediately revoke any connected wallet permissions and transfer remaining assets to a new, isolated wallet. Report the domain to PhishDestroy using seed 4bb25c for ongoing threat tracking.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer
- Target brand: Solana

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.97

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Enkrypt"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cfc80cab-3078-4a79-806b-b8b0bc920665
- PhishDestroy: https://phishdestroy.io/domain/solanascan.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/solanascan.pages.dev/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/solanascan.pages.dev/
Last updated: 2026-03-28