# phantom-wallets.com.westnationalplc.ru — MALICIOUS — Crypto Drainer (Solana Drainer)

> phantom-wallets.com.westnationalplc.ru is linked to a Solana crypto drainer. Learn why it's risky and how to protect your assets today.

## Summary
PhishDestroy identifies phantom-wallets.com.westnationalplc.ru as a suspicious domain associated with crypto asset theft, specifically classified as a Solana drainer. This domain uses a deceptive naming convention to mimic legitimate wallet services, aiming to trick users into compromising their digital assets. The threat type is currently under investigation, with a focus on potential crypto draining activity.

Technically, the domain was registered on December 3, 2025, through the Russian registrar REGTIME-RU and resolves to the IP address 199.79.63.176. While VirusTotal scans show no detections so far, Google Safe Browsing flags it for social engineering risks. The presence of a Solana drainer kit suggests that attackers may attempt to exploit Solana blockchain wallets by harvesting private keys or seed phrases.

Currently active, phantom-wallets.com.westnationalplc.ru poses a significant risk to users interacting with Solana wallets. PhishDestroy recommends avoiding any engagement with this domain and exercising caution when prompted for wallet credentials. Monitoring and further analysis are ongoing to provide updated guidance as the investigation progresses.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: alive (HTTP 200)
- Drainer type: Solana Drainer
- Target brand: Phantom

## Domain Intelligence
- Registered: 2025-12-03 15:34:17
- Registrar: REGTIME-RU
- IP: 199.79.63.176
- Nameservers: ns1.bh-32.webhostbox.net. ns2.bh-32.webhostbox.net.

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "CyRadar", "Ermes", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "SOCRadar", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccffb-393f-73f1-845e-b07824380f81.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/023606da-6dff-4770-bb06-caabbe65f1e7
- PhishDestroy: https://phishdestroy.io/domain/phantom-wallets.com.westnationalplc.ru/

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantom-wallets.com.westnationalplc.ru/
Last updated: 2026-03-14