# uscr.distribution.finance — MALICIOUS — Crypto Drainer (Solana Drainer)

> Warning: uscr.distribution.finance was a high-risk crypto drainer site targeting Solana users. Avoid interaction; domain is now offline.

## Summary
PhishDestroy identifies uscr.distribution.finance as a malicious domain involved in crypto draining activities. It masqueraded under the guise of the "United States Crypto Reserve | Airdrop" to lure victims into compromising their Solana wallets. This domain was designed to steal cryptocurrency assets by exploiting users through a Solana drainer kit, making it a significant threat to the crypto community.

From a technical standpoint, the domain was registered via Cloudflare, Inc. and resolved to the IPv6 address 2606:4700:3033::6815:4d05. VirusTotal flagged it by 10 out of 95 security vendors, indicating moderate detection coverage. Additionally, the domain appeared on at least one security blocklist, confirming its malicious reputation within security circles. The use of a Solana-specific drainer kit highlights a targeted attack on Solana blockchain users.

Currently, uscr.distribution.finance is offline and no longer accessible, reducing immediate risk. However, users are strongly advised to remain vigilant against similar crypto airdrop scams and refrain from interacting with unsolicited crypto offers. Security teams should continue monitoring for related domains or infrastructure to prevent further exploitation. Maintaining updated wallet security practices and using trusted sources for airdrops remain critical defenses.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Solana Drainer
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: United States Crypto Reserve | Airdrop

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 2606:4700:3033::6815:4d05
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: none

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a8210-08d1-76b9-8e3f-26ff800c351a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/29400c5d-5ce1-4eec-b755-9158ef3516d2
- PhishDestroy: https://phishdestroy.io/domain/uscr.distribution.finance/
- LLM endpoint: https://phishdestroy.io/domain/uscr.distribution.finance/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/uscr.distribution.finance/
Last updated: 2026-03-19