# www-ghostware.network — MALICIOUS — Crypto Drainer (Solana Drainer)

> Warning: www-ghostware.network was linked to crypto draining activity. Avoid interaction; the site is currently offline but posed medium risk.

## Summary
PhishDestroy identifies www-ghostware.network as a medium-risk crypto drainer domain designed to steal cryptocurrency assets. The site, titled "GhostwareOS | Airdrop," was part of a Solana Drainer kit targeting users by exploiting airdrop-themed lures. Such threats are critical as they can lead to direct financial losses through unauthorized wallet access.

Infrastructure analysis reveals that www-ghostware.network was registered via Cloudflare, Inc. and resolved to IP address 188.114.97.3. Although currently offline, the domain was flagged by 3 out of 95 security vendors on VirusTotal and appeared on 2 security blocklists, confirming its malicious intent within the crypto ecosystem.

Users are strongly advised to avoid engaging with this domain or any unsolicited airdrop offers linked to it. Ensuring wallet security by using hardware wallets, verifying URLs, and employing updated anti-phishing tools can mitigate risks. If interaction occurred, users should review wallet activity and consider moving assets to a secure address.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Solana Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Solana Drainer
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: GhostwareOS | Airdrop

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ligia.ns.cloudflare.com steven.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Fortinet", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b2769-e7ba-77aa-adb3-ae601cb8a8d2.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f9731703-352e-4411-a99e-fafbb70a5b8c
- PhishDestroy: https://phishdestroy.io/domain/www-ghostware.network/
- LLM endpoint: https://phishdestroy.io/domain/www-ghostware.network/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www-ghostware.network/
Last updated: 2026-03-19