# claim-xrp.pages.dev — MALICIOUS

> claim-xrp.pages.dev is flagged for crypto draining and social engineering. Avoid this high-risk domain to protect your digital assets.

## Summary
PhishDestroy identifies claim-xrp.pages.dev as a high-risk crypto drainer domain designed to steal cryptocurrency funds through deceptive tactics. The threat level is rated high due to its focus on draining XRP tokens and manipulating victims with social engineering schemes.

This domain was created recently on February 21, 2026, and registered via Cloudflare, Inc. It appears on multiple security blocklists and is flagged by Google Safe Browsing for social engineering. VirusTotal analysis shows that 14 out of 95 security vendors detect malicious activity associated with this domain, confirming its dangerous nature.

Users are strongly advised to avoid interacting with claim-xrp.pages.dev or any related links. PhishDestroy notes that the domain has been taken offline, mitigating immediate risk. However, vigilance remains necessary as threat actors often deploy similar domains rapidly. Employ robust security software and verify URLs before engaging with any crypto-related offers.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: XRP
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.30
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["sandra.ns.cloudflare.com", "trevor.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 5 hits
  Lists: ["PhishDestroy", "ScamSniffer", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c920b-9f97-73fa-99af-a7ecac524ce6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/42c75a49-847c-4013-9839-77c7f472f019
- PhishDestroy: https://phishdestroy.io/domain/claim-xrp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/claim-xrp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claim-xrp.pages.dev/
Last updated: 2026-03-19