# armt.cloud — MALICIOUS

> armt[.]cloud is a confirmed phishing domain operating in the crypto space. Our automated scanners detected wallet-draining capabilities on this site. This domain has been flagged and added to global threat intelligence feeds.

## Summary
Threat Overview
The domain armt[.]cloud has been identified as a cryptocurrency phishing website. This malicious site targets Web3 users by mimicking legitimate crypto platforms to steal wallet credentials and digital assets.
Attack Analysis
Phishing sites in the cryptocurrency space commonly employ wallet-draining techniques, fake token approval requests, and seed phrase harvesting to steal digital assets from unsuspecting victims.
Risk Indicators

- Domain registered on cloud TLD
- Contains cryptocurrency-related keywords
- Domain length: 10 characters
- Vt Detected
- Drainer Detected

Protection Tips
Always verify URLs before connecting your wallet. Use bookmarks for frequently visited crypto platforms. Enable transaction simulation tools to preview what you're signing.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: ARMT Cloud

## Domain Intelligence
- Registered: 2021-01-12 03:08:52
- Registrar: NAMECHEAP
- Country: US
- IP: 35.190.118.211
- IP Country: US
- IP City: Kansas City
- IP Org: AS396982 Google LLC
- Nameservers: ns-cloud-e1.googledomains.com ns-cloud-e2.googledomains.com ns-cloud-e3.googledomains.com ns-cloud-e4.googledomains.com
- SSL Issuer: Google Trust Services / WR3

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["alphaMountain.ai", "Chong Lua Dao", "Cluster25", "CRDF", "CyRadar", "DNS8", "Gridinsoft", "Lionic", "MalwareURL", "Seclookup", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "OpenPhish"]

## Live Page Content

### Page Text
ARMT Cloud × Please sign in before continuing Account ID User ID Password Know your password and want to change it? × Please report any issues via the Feedback Link at the bottom of the page (after logging on). Useful links: SM Tools - https://smtools.att.com/webprod1/servlet/AuthenticateServlet.class SMRS - https://smtools.att.com/webprod1/servlet/AuthenticateSmrscDirectServlet.class U115 Setup - https://u115start.com/ U120 Setup - https://u120start.com/ ARMT Release Notes - https://armt.cloud/release-notes (also available anytime within the application under Settings) *****ATTENTION***** The system will be down for security patching Friday, March 13th from 11:00 pm until 5:00 am EST AT&T DEV © 2026 - Version 3.33.49

### Form Fields
- user[account_name]
- user[username]
- text
- submit
- hidden
- utf8
- user[password]
- password
- authenticity_token

### External Links
- https://armt.cloud/release-notes
- https://smtools.att.com/webprod1/servlet/ChangePasswordServlet.class
- https://u115start.com/
- https://smtools.att.com/webprod1/servlet/AuthenticateSmrscDirectServlet.class
- https://smtools.att.com/webprod1/servlet/AuthenticateServlet.class

## Evidence
- Screenshot: https://i.ibb.co/HD5nMCKh/dcff0c32a9cd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/44e1a906-4625-4958-a1a9-5d59aff532a7
- Wayback Machine: https://web.archive.org/web/https://phishdestroy.io/domain/armt.cloud/
- PhishDestroy: https://phishdestroy.io/domain/armt.cloud/
- LLM endpoint: https://phishdestroy.io/domain/armt.cloud/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/armt.cloud/
Last updated: 2026-03-15