# claim-pengu.app — MALICIOUS > PhishDestroy identifies claim-pengu.app as an active crypto-drainer posing as a legitimate crypto service. ## Summary PhishDestroy identifies claim-pengu.app as an active crypto-drainer domain designed to steal digital assets from unsuspecting users. This threat is categorized as elevated due to its confirmed malicious intent and the presence of multiple red flags across security platforms. The domain specifically targets cryptocurrency users by impersonating a service that facilitates asset transfers or claims, a tactic commonly associated with crypto drainers that silently drain wallets upon user interaction. This domain was flagged by PhishDestroy with the following indicators: VirusTotal shows 5 out of 95 security vendors flagging the domain as malicious, indicating low but notable detection coverage. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for hosting high-risk domains. It resolves to IP address 104.21.70.18 and is protected by a Let's Encrypt SSL certificate, which may be used to establish false trust with potential victims. Additionally, the domain appears on 1 security blocklist and is blocked by ScamSniffer, a dedicated anti-scam platform. The domain was created on March 16, 2026, suggesting it is a recently deployed threat, likely part of a fast-evolving campaign to capitalize on emerging trends or events in the crypto space. The unique seed identifier 34f413 confirms this is a tracked, active instance of this campaign. To mitigate the risk posed by this crypto-drainer domain, users must avoid any interaction with claim-pengu.app or any associated links, including clicking, downloading, or entering credentials. If you have already interacted with this domain, immediately revoke any wallet approvals, transfer funds to a new wallet, and scan your device for malware using reputable security software. Use browser extensions like ScamSniffer or WalletGuard to detect and block similar threats in real time. Report the domain to your wallet provider and relevant cybersecurity platforms to aid in its takedown. Always verify the authenticity of crypto-related websites by cross-referencing domain registrations, SSL certificates, and community feedback before engaging. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-16 20:48:35 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.70.18 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/db7ee8e9-7f0b-4cc6-875a-e1fb40ed23da - PhishDestroy: https://phishdestroy.io/domain/claim-pengu.app/ - LLM endpoint: https://phishdestroy.io/domain/claim-pengu.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claim-pengu.app/ Last updated: 2026-03-26