# app.web-phantom.to — MALICIOUS — Crypto Drainer (Solana Drainer)

> Beware: app.web-phantom.to is a live Solana crypto drainer phishing domain flagged by 12/95 VirusTotal scanners.

## Summary
PhishDestroy identifies app.web-phantom.to as a high-risk crypto drainer domain actively propagating malware targeting Solana wallets. This fraudulent site disguises itself as a legitimate web application while secretly executing unauthorized cryptocurrency transactions. Upon visiting, users' wallet connections are hijacked to drain digital assets without consent. The domain employs deceptive domain registration through the Government of Kingdom of Tonga and went live on August 19, 2025.  This domain was flagged by 12 out of 95 VirusTotal security vendors and resolves to IP address 178.16.53.99. The infrastructure utilizes a Let's Encrypt SSL certificate to appear legitimate, while the drainer kit specifically targets Solana-based assets. The combination of recent domain creation, low blocklist coverage, and active threat infrastructure makes this a particularly dangerous threat.  Users who visited this domain should immediately disconnect their wallets from any suspicious connections, revoke unauthorized token approvals using tools like Solana's token approval manager, and transfer remaining assets to a secure wallet. Enable transaction alerts and consider rotating wallet addresses if compromised. Report any unauthorized transactions to platform support and file complaints with cybercrime authorities. Always verify domains through official channels before any cryptocurrency transaction.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer

## Domain Intelligence
- Registered: 2025-08-19 12:11:54
- Registrar: Government of Kingdom of Tonga
- IP: 178.16.53.99

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7a1745a8-d585-4335-8d37-8d811ae129c5
- PhishDestroy: https://phishdestroy.io/domain/app.web-phantom.to/
- LLM endpoint: https://phishdestroy.io/domain/app.web-phantom.to/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app.web-phantom.to/
Last updated: 2026-03-30