# cards-phantom.icu — MALICIOUS — Crypto Drainer (Solana Drainer)

> cards-phantom.icu is a high-risk crypto drainer domain using Solana Drainer kit, active since March 24, 2026. Users should avoid interaction.

## Summary
cards-phantom.icu has been identified as a high-risk domain engaged in crypto draining activities, specifically deploying the Solana Drainer kit. This type of threat aims to illicitly extract cryptocurrency assets from victim wallets, posing a significant financial risk to users interacting with this domain.

Detailed analysis reveals that cards-phantom.icu was registered on March 24, 2026, through PDR Ltd. d/b/a PublicDomainRegistry.com. It resolves to the IP address 188.114.96.3 and utilizes a Let's Encrypt SSL certificate to present a facade of legitimacy. Despite being active, it currently has zero detections out of 95 scanned engines on VirusTotal, indicating it has not yet been widely flagged by security solutions. No additional blocklist data or trust scores are available at this time, which exacerbates the risk as the domain operates under the radar.

To mitigate threats posed by cards-phantom.icu, users and SOC teams should immediately block this domain at network and endpoint levels. Employing threat intelligence feeds that include this domain and related IP addresses is critical. Users should be trained to recognize social engineering tactics typical of crypto drainers, such as unsolicited wallet access requests or phishing attempts related to Solana cryptocurrency. Prompt removal of any wallet credentials exposed in connection with this domain is advised to prevent asset loss.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer

## Domain Intelligence
- Registered: 2026-03-24 14:33:53
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c04493f3-cb51-42c0-bf6f-7fa5567c21be
- PhishDestroy: https://phishdestroy.io/domain/cards-phantom.icu/
- LLM endpoint: https://phishdestroy.io/domain/cards-phantom.icu/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cards-phantom.icu/
Last updated: 2026-03-24