# app-claimedgex.live — SUSPICIOUS > Discover 'app-claimedgex.live', a crypto drainer abusing Let's Encrypt SSL while flying under VirusTotal's radar with 0/95 detections. ## Summary PhishDestroy identifies app-claimedgex.live as an active crypto drainer posing as legitimate crypto-related services to trick users into connecting their wallets. This domain employs deceptive tactics, such as mimicking trusted platforms, to siphon cryptocurrency assets once wallet permissions are granted. The threat actor behind this domain leverages urgency and social engineering to manipulate victims into authorizing malicious transactions. This domain was flagged following analysis of its infrastructure and behavior. VirusTotal currently shows 0/95 detections, indicating it remains undetected by most antivirus engines. Registered on March 31, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain resolves to IP 188.114.96.3 and holds a Let's Encrypt SSL certificate to appear legitimate. Additionally, it has been spotted on 2 security blocklists, including MetaMask and SEAL, which have taken proactive measures to block access. If you or your organization have interacted with this domain—particularly by connecting a wallet or entering sensitive information—immediate action is required. Disconnect the wallet from any associated platforms, revoke any permissions granted to unknown domains, and transfer remaining assets to a clean wallet address. Monitor transaction histories for unauthorized activity and report any suspicious transfers to your wallet provider or relevant financial authorities. Exercise extreme caution when encountering unsolicited links or requests to connect wallets, and always verify the legitimacy of domains through independent sources before taking any action. Consider utilizing hardware wallets for enhanced security and enable multi-factor authentication wherever possible. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 23:31:50 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/app-claimedgex.live - PhishDestroy: https://phishdestroy.io/domain/app-claimedgex.live/ - LLM endpoint: https://phishdestroy.io/domain/app-claimedgex.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app-claimedgex.live/ Last updated: 2026-04-03