# chats-phantom.xyz — MALICIOUS — Crypto Drainer (Solana Drainer)

> Avoid chats-phantom.xyz—an active high-risk site using Solana drainer kits that pose crypto wallet theft threats. Stay vigilant and secure your assets.

## Summary
PhishDestroy identifies chats-phantom.xyz as a high-risk domain involved in crypto drainer activities specifically targeting Solana wallets. Classified as an active threat, this domain presents significant danger to cryptocurrency users who interact with its services. The associated page, titled "Phantom Chat," is a deceptive front designed to lure victims into compromising their digital assets.

The domain was registered recently on March 5, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP address 104.21.17.61. VirusTotal analysis shows 10 out of 95 security vendors flag this domain, reinforcing its malicious nature. Additionally, it appears on one security blocklist and is flagged by Google Safe Browsing for social engineering, indicating that it uses manipulation techniques to trick users into revealing sensitive information. The deployment of the Solana Drainer kit further highlights its focus on illicitly accessing Solana blockchain wallets.

Users should exercise extreme caution and avoid interacting with chats-phantom.xyz or any communications originating from it. PhishDestroy recommends immediate blocking and monitoring of related network activity to prevent potential asset loss. As the domain remains active, continuous vigilance and timely security updates are essential to mitigate exposure to this ongoing crypto wallet draining campaign.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Solana Drainer
- Target brand: Phantom
- Page title: Phantom Chat

## Domain Intelligence
- Registered: 2026-03-09 09:07:01
- Expires: 2027-03-05 00:00:00
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.17.61
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: jamie.ns.cloudflare.com rommy.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "ESET", "G-Data", "Google Safebrowsing", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd1cd-02d0-7138-9e34-61200205daa9.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0b3c2e33-fa3a-4f60-aad2-6ff47781cce9
- PhishDestroy: https://phishdestroy.io/domain/chats-phantom.xyz/
- LLM endpoint: https://phishdestroy.io/domain/chats-phantom.xyz/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/chats-phantom.xyz/
Last updated: 2026-03-19