# phantomwalle.info — MALICIOUS — Crypto Drainer (Solana Drainer)

> Phantomwalle.info operates as a Solana-based crypto drainer, flagged by 3/95 VirusTotal vendors. Review the full report for IOCs and mitigation steps.

## Summary
This domain, phantomwalle.info, hosts a malicious tool designed to steal cryptocurrency from unsuspecting users. Often called a 'crypto drainer,' it silently connects to victims' wallets under the guise of a legitimate service—such as a fake airdrop, giveaway, or wallet update—and drains funds directly if permissions are granted. Reports indicate this particular variant targets Solana-based tokens and wallets, making it especially dangerous for users in the crypto ecosystem.  PhishDestroy identifies this site as high-risk and currently active. VirusTotal analysis confirms 3 out of 95 security vendors flag this domain, while Google Safe Browsing labels it under SOCIAL_ENGINEERING. The domain was created on March 18, 2026, and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com. Additionally, the site uses a Let's Encrypt SSL certificate and resolves to IP 162.241.85.94.  If you visited or interacted with phantomwalle.info, cease all wallet connections immediately. Revoke any permissions granted to unknown or suspicious domains through your wallet interface—tools like Phantom or Solflare allow permission management under settings. Use reputable security extensions like WalletGuard or DeBank to monitor active permissions and block malicious sites. Report the domain to your wallet provider and consider transferring remaining assets to a clean wallet. Monitor your transaction history for unauthorized transfers, and never approve requests from untrusted sources.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: unknown (HTTP ?)
- Drainer type: Solana Drainer

## Domain Intelligence
- Registered: 2026-03-18 19:31:41
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 162.241.85.94

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0bdd6459-d287-4b4e-93ce-6a57fa0eb3f9
- PhishDestroy: https://phishdestroy.io/domain/phantomwalle.info/
- LLM endpoint: https://phishdestroy.io/domain/phantomwalle.info/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantomwalle.info/
Last updated: 2026-03-22