# auth-phantom-en.created.app — MALICIOUS — Crypto Drainer (Solana Drainer) > auth-phantom-en.created.app poses as Phantom Wallet to deploy a Solana crypto drainer. Flagged by 8/95 VirusTotal vendors and Google Safe Browsing. ## Summary PhishDestroy identifies auth-phantom-en.created.app as an active crypto drainer impersonating Phantom Wallet to steal Solana assets. This domain leverages a Solana drainer kit to siphon funds from unsuspecting users who connect their wallets. The page mimics the legitimate Phantom wallet interface, including the title "Phantom Wallet 👻 | Secure Solana & Multi-Chain Crypto Wallet," to deceive visitors into entering seed phrases or authorizing malicious transactions. This domain was flagged by 8 out of 95 VirusTotal security vendors, Google Safe Browsing (marked under SOCIAL_ENGINEERING), and two additional blocklists. It resolves to IP address 216.150.16.129 and utilizes a Let’s Encrypt SSL certificate to appear legitimate. The domain is newly registered under the seed f2866f and has already been blocked by MetaMask and SEAL, indicating widespread recognition as a threat vector. These technical indicators confirm a high-risk infrastructure designed for fraudulent cryptocurrency theft. If you visited auth-phantom-en.created.app, immediately disconnect your wallet and revoke any unauthorized approvals using tools like Phantom’s built-in security settings or third-party revoke platforms. Do not enter any seed phrases or private keys. Scan your device for malware and consider rotating wallet credentials. Report the domain to your browser’s security team and warn others in crypto communities. Always verify URLs via official channels and use hardware wallets for high-value transactions. ## Threat Details - Verdict: MALICIOUS — Crypto Drainer (Solana Drainer) - Site status: unknown (HTTP ?) - Drainer type: Solana Drainer - Target brand: Phantom - Page title: Phantom Wallet 👻 | Secure Solana & Multi-Chain Crypto Wallet ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 216.150.16.129 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c435be75-e607-4a45-a440-e525521e3754 - PhishDestroy: https://phishdestroy.io/domain/auth-phantom-en.created.app/ - LLM endpoint: https://phishdestroy.io/domain/auth-phantom-en.created.app/llm.txt ## If You Visited This Site 1. Revoke all token approvals immediately (revoke.cash / unrekt.net) 2. Move remaining funds to a new wallet 3. Do not interact with any transactions from this site 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/auth-phantom-en.created.app/ Last updated: 2026-03-31