# phantom.baby — MALICIOUS — Crypto Drainer (Solana Drainer)

> Phantom.baby impersonates Phantom Wallet using a Solana Drainer kit. Created April 10, 2026, this domain resolves to 104.18.26.

## Summary
PhishDestroy identifies phantom.baby as a live high-risk domain hosting a Solana-based crypto drainer targeting Phantom Wallet users. This threat actively steals cryptocurrency by tricking victims into connecting their wallets to malicious smart contracts under the guise of legitimate login or transaction approval pages. The drainer kit specifically targets Solana ecosystem users who rely on Phantom Wallet for token transfers and DeFi interactions.  This domain was flagged by PhishDestroy on April 10, 2026, the exact day of its registration through Global Domain Group LLC, using WHOIS data. It resolves to IP address 104.18.26.246 and carries a Google Trust Services SSL certificate. Security vendors on VirusTotal detected this domain with a score of 1/95. The landing page mimics Phantom Wallet with the title “Phantom Wallet,” reinforcing its use in fraudulent campaigns. Additionally, the drainer kit matches known Solana Drainer variants that exfiltrate private keys and sign unauthorized transactions on behalf of victims.  To protect against this drainer, users must avoid interacting with phantom.baby entirely. Always verify wallet URLs through official channels and never enter seed phrases or connect wallets on untrusted sites. Block the domain at DNS and network levels using the seed hash b31df5 for automated detection. Monitor wallet transactions for unexpected approvals or transfers, and report suspicious domains to wallet security teams immediately. Ensure all Phantom Wallet access occurs only via verified domains like phantom.app or the official browser extension.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: cloaking (HTTP ?)
- Drainer type: Solana Drainer
- Target brand: Phantom
- Page title: Phantom Wallet

## Domain Intelligence
- Registered: 2026-04-10 09:59:48
- Registrar: Global Domain Group LLC
- IP: 104.18.26.246

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1164adbf-20fc-4fad-ba75-8af2b005602d
- PhishDestroy: https://phishdestroy.io/domain/phantom.baby/
- LLM endpoint: https://phishdestroy.io/domain/phantom.baby/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantom.baby/
Last updated: 2026-04-11