# phantom-ur.pages.dev — MALICIOUS — Crypto Drainer (Solana Drainer)

> Warning: phantom-ur.pages.dev hosted a Solana crypto drainer. Domain is offline but stay alert for related phishing threats.

## Summary
PhishDestroy identifies phantom-ur.pages.dev as a medium-risk crypto drainer domain actively targeting Solana cryptocurrency users. The domain was used to host a Solana Drainer kit designed to steal private keys or seed phrases, thereby compromising victims' wallets and assets. This threat posed a significant risk to users interacting with the Solana blockchain, facilitating unauthorized asset drainage through social engineering tactics.

The domain phantom-ur.pages.dev was registered through Cloudflare, Inc. and resolved to the IP address 172.66.47.30. Cloudflare's platform was leveraged to mask origin infrastructure and provide content delivery acceleration. The malicious payload involved a Solana Drainer kit, a specialized phishing tool tailored to extract sensitive wallet credentials. This infrastructure indicates a targeted approach against crypto holders familiar with Solana, exploiting trust in legitimate web technologies.

Currently, phantom-ur.pages.dev has been taken offline, mitigating immediate risk of new infections. However, users should remain vigilant for potential re-hosting or similar tactics on related domains. It is recommended to avoid interacting with unsolicited links related to Solana wallets and to verify URLs carefully. Users who suspect exposure to this or similar threats should immediately review and secure their wallet credentials, including changing private keys and enabling multi-factor authentication where possible.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Solana Drainer
- Target brand: Phantom
- Page title: How to Integrate Phantom Wallet into Your Solana DApp | Solverse.dev – Dev Tools & Insights from the Solana Ecosystem

## Domain Intelligence
- Registered: 2026-03-05 03:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.30
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: amy.ns.cloudflare.com giancarlo.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "Fortinet"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/DP7KRwB6/0e7b669f4478.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/phantom-ur.pages.dev
- Wayback Machine: https://web.archive.org/web/https://phantom-ur.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/phantom-ur.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/phantom-ur.pages.dev/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantom-ur.pages.dev/
Last updated: 2026-03-19