# phahtom.fun — SUSPICIOUS

> Phishing domain phahtom.fun impersonates Phantom crypto brand promising fake airdrops. Flagged by 0 of 95 VirusTotal vendors, registered March 24, 2026.

## Summary
PhishDestroy identifies the domain phahtom.fun as an active brand impersonation threat currently under investigation for targeting Phantom, a well-known cryptocurrency platform. The threat status remains active, with threat actors leveraging the domain to deceive users through a counterfeit airdrop campaign designed to harvest credentials and cryptocurrency funds.  

This domain was flagged by 0 of 95 VirusTotal vendors and resolves to IP 104.21.13.146 via a Let's Encrypt SSL certificate. Registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 24, 2026, the domain exploits Phantom’s brand reputation with a page titled “Phantom: The crypto Airdrop for everyone” to mislead users into entering sensitive wallet information or downloading malicious software.  

As of this report, the domain remains active and unblocked by most threat intelligence systems despite its malicious intent. Users are strongly advised not to access phahtom.fun or engage with its content. If encountered, report the domain to your security provider, avoid any interaction, and verify all crypto-related airdrops exclusively through official Phantom channels. Exercise heightened caution with domains resembling crypto services and validate URLs before any transaction or login attempt.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Phantom
- Page title: Phantom: The crypto Airdrop for everyone

## Domain Intelligence
- Registered: 2026-03-24 11:38:21
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.13.146

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1f052bff-35e2-4d94-81ae-435d0842a970
- PhishDestroy: https://phishdestroy.io/domain/phahtom.fun/
- LLM endpoint: https://phishdestroy.io/domain/phahtom.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phahtom.fun/
Last updated: 2026-03-24