# phantomvault.pages.dev — MALICIOUS — Crypto Drainer (Solana Drainer) > PhantomVault.pages.dev is a live Solana crypto drainer impersonating Phantom Wallet. VT 0/95 detections as of latest scan. Check the full report. ## Summary PhishDestroy identifies PhantomVault.pages.dev as a high-risk crypto drainer domain (unique seed a17470) actively impersonating the Phantom brand. The threat is classified as a Solana Drainer kit, specifically designed to intercept and divert cryptocurrency transactions to attacker-controlled wallets. PhantomVault.pages.dev leverages social engineering tactics, mimicking the official Phantom Wallet interface to deceive users into connecting their wallets and authorizing malicious transactions. The drainer kit is engineered to exploit vulnerabilities in Solana's transaction signing process, enabling silent asset exfiltration without user awareness. This domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., with an SSL certificate issued by Google Trust Services to enhance its appearance of legitimacy. As of the latest intelligence, PhantomVault.pages.dev has achieved a VirusTotal detection score of 0/95, indicating it has evaded detection by major antivirus engines. The domain has not been listed on Google Safe Browsing (GSB) and remains unblocked by standard security filters. Additional technical indicators include its recent creation and association with a drainer kit designed to target Solana-based wallets, posing a significant risk to users engaging in cryptocurrency transactions. Currently, PhantomVault.pages.dev remains active and poses a high-risk threat to unsuspecting users. Immediate action is required to mitigate exposure, including blocking the domain at the network level and updating endpoint security rules to detect Solana drainer activity. While current detection rates are low, the domain's active status and evasion of security tools highlight the need for heightened vigilance. Users are advised to verify wallet URLs, avoid clicking unsolicited links, and report suspicious domains to security teams. The remaining risk is critical, as the drainer kit continues to operate undetected, with potential for widespread exploitation in the Solana ecosystem. ## Threat Details - Verdict: MALICIOUS — Crypto Drainer (Solana Drainer) - Site status: unknown (HTTP ?) - Drainer type: Solana Drainer - Target brand: Phantom ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/041daf7a-d82e-417e-a6e9-c65dee334036 - PhishDestroy: https://phishdestroy.io/domain/phantomvault.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/phantomvault.pages.dev/llm.txt ## If You Visited This Site 1. Revoke all token approvals immediately (revoke.cash / unrekt.net) 2. Move remaining funds to a new wallet 3. Do not interact with any transactions from this site 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/phantomvault.pages.dev/ Last updated: 2026-04-12