# phantomwalletx.blogspot.com.by — MALICIOUS — Crypto Drainer (Solana Drainer)

> Phantomwalletx.blogspot.com.by hosts a high-risk Solana crypto drainer. Avoid interaction and secure your digital assets immediately.

## Summary
PhishDestroy identifies phantomwalletx.blogspot.com.by as a high-risk domain involved in a crypto drainer campaign targeting Solana wallet users. The threat exploits users by harvesting private keys and draining digital assets, posing significant financial risks. This campaign leverages a Solana Drainer kit designed to deceive victims into compromising their wallets.

The domain phantomwalletx.blogspot.com.by was registered on March 02, 2026, through Reliable Software, Ltd. It resolves to the IP address 216.58.206.65, which is associated with hosting services commonly abused by malicious actors. VirusTotal analysis flags this domain as suspicious by 12 out of 95 security vendors, confirming its malicious intent and the need for caution. Hosting on a Blogspot subdomain adds a layer of trust manipulation to lure unsuspecting victims.

Currently, the domain remains active and continues to pose a threat to users interacting with Solana wallets. PhishDestroy strongly recommends avoiding any engagement with this domain and advises users to verify wallet activities regularly. Implementing robust security measures, such as hardware wallets and multi-factor authentication, can mitigate risks. Organizations and individuals alike should monitor for related phishing attempts and report suspicious activity promptly.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 404)
- Drainer type: Solana Drainer
- Target brand: Phantom
- Page title: Blog not found

## Domain Intelligence
- Registered: 2026-03-02 15:00:01
- Registrar: Reliable Software, Ltd
- Country: GB
- IP: 216.58.206.65
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS15169 Google LLC
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE2

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Emsisoft", "Kaspersky", "Lionic", "Netcraft", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/F4TqWphc/be842e23ef4c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b47e17d2-dbae-47da-abbb-df5e3606400d
- Wayback Machine: https://web.archive.org/web/https://phantomwalletx.blogspot.com.by
- PhishDestroy: https://phishdestroy.io/domain/phantomwalletx.blogspot.com.by/
- LLM endpoint: https://phishdestroy.io/domain/phantomwalletx.blogspot.com.by/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phantomwalletx.blogspot.com.by/
Last updated: 2026-03-19