# phantomcheck.fun — MALICIOUS

> phantomcheck.fun is a high-risk impersonation site mimicking Phantom crypto. Avoid interaction and report suspicious activity promptly.

## Summary
PhishDestroy identifies phantomcheck.fun as a high-risk domain engaged in brand impersonation targeting Phantom, a well-known crypto platform. This malicious site uses the guise of "Phantom: The crypto Airdrop for everyone" to lure users, potentially leading them to phishing or fraud schemes that could compromise funds or sensitive information. The deceptive nature of brand impersonation makes this threat particularly dangerous for unsuspecting users within the crypto community.

The domain phantomcheck.fun was registered recently on February 21, 2026, and remains active. It has been flagged on three reputable security blocklists and is recognized by 15 out of 95 VirusTotal scanning engines as suspicious or malicious. The domain resolves to IP address 188.114.96.3, which may be linked to other fraudulent activities. These factors collectively indicate a well-maintained infrastructure designed to deceive users and evade immediate detection.

Users are strongly advised to avoid visiting phantomcheck.fun and should report any interactions to their security teams or to appropriate authorities. Always verify the authenticity of websites by checking official brand URLs and beware of unsolicited crypto airdrop promotions. Employing updated security tools and maintaining vigilance against such impersonation attempts will help reduce the risk of falling victim to scams related to this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Target brand: Phantom
- Page title: Phantom: The crypto Airdrop for everyone

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a6a9c-fd37-72b6-94d6-8a89b17c782e.png
- PhishDestroy: https://phishdestroy.io/domain/phantomcheck.fun/
- LLM endpoint: https://phishdestroy.io/domain/phantomcheck.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantomcheck.fun/
Last updated: 2026-03-19