# wallet-phantom-live-zh-hk.my.canva.site — MALICIOUS — Crypto Drainer (Solana Drainer)

> wallet-phantom-live-zh-hk.my.canva.site is under investigation for crypto drainer activity. Exercise caution before interacting with this domain.

## Summary
PhishDestroy identifies wallet-phantom-live-zh-hk.my.canva.site as an active domain associated with potential crypto drainer threats, currently categorized under a risk level of 'under investigation.' This domain is suspected of being involved in malicious activities targeting cryptocurrency wallets, specifically linked to a Solana drainer kit.

The domain was created on April 3, 2018, and is registered through Gandi SAS. It resolves to the IP address 103.169.142.250. Despite these indications, VirusTotal scans have not flagged this domain, showing zero detections among leading security vendors. The lack of immediate vendor flags suggests ongoing analysis is necessary to fully assess the threat posed by this infrastructure.

Users and security practitioners are advised to remain vigilant when encountering wallet-phantom-live-zh-hk.my.canva.site. Given its association with crypto wallet draining kits and the domain's active status, avoiding any interaction and monitoring for updates is recommended until further conclusive evidence emerges. PhishDestroy will continue to track this domain as investigations proceed.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 404)
- Drainer type: Solana Drainer
- Target brand: Phantom
- Page title: Phantom Wallets：全面概述

## Domain Intelligence
- Registered: 2026-03-09 01:07:01
- Registrar: Gandi SAS
- Country: FR
- IP: 103.169.142.250
- IP Country: AU
- IP City: Sydney
- IP Org: AS209242 Cloudflare London, LLC
- Nameservers: ["jean.ns.cloudflare.com", "junade.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["ChainPatrol"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/r2qn0wnf/0ef209a888bc.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3ff15330-5cc2-4d67-9971-40c0d47e88eb
- Wayback Machine: https://web.archive.org/web/https://wallet-phantom-live-zh-hk.my.canva.site
- PhishDestroy: https://phishdestroy.io/domain/wallet-phantom-live-zh-hk.my.canva.site/
- LLM endpoint: https://phishdestroy.io/domain/wallet-phantom-live-zh-hk.my.canva.site/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wallet-phantom-live-zh-hk.my.canva.site/
Last updated: 2026-03-19