# claims-aster.xyz — SUSPICIOUS

> Avoid claims-aster.xyz, a medium-risk crypto drainer domain. Stay safe by not visiting or sharing this site. Report suspicious activity immediately.

## Summary
PhishDestroy identifies claims-aster.xyz as a medium-risk crypto drainer domain primarily targeting cryptocurrency holders. Classified as a crypto drainer, it aims to illicitly access and drain victims’ digital wallet assets. The domain was registered recently, on February 21, 2026, and was associated with a suspicious page titled "Just a moment..." indicating potential redirect or loading tactics common in phishing scams.

Technical analysis reveals that claims-aster.xyz resolved to the IP address 172.67.218.177 and was registered through PDR Ltd. d/b/a PublicDomainRegistry.com. The domain appeared on one security blocklist and was flagged by 3 out of 95 antivirus vendors on VirusTotal, suggesting emerging but limited detection. The use of a seemingly temporary landing page and minimal detection highlights the domain’s attempt to evade immediate identification while engaging in crypto-related fraudulent activity.

Currently, claims-aster.xyz is taken offline, mitigating immediate risks to users. PhishDestroy recommends users avoid interacting with any links related to this domain and remain vigilant for phishing attempts targeting cryptocurrency assets. Continued monitoring is advised to track any resurgence or reuse of related infrastructure. Users encountering suspicious crypto transaction prompts linked to this domain should report them to their security teams and relevant authorities promptly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 172.67.218.177
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["damien.ns.cloudflare.com", "kallie.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01997c05-f5f0-77db-b445-bbc70673456b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/41c277e9-255b-4c1d-9c06-0d2ea3becf79
- PhishDestroy: https://phishdestroy.io/domain/claims-aster.xyz/
- LLM endpoint: https://phishdestroy.io/domain/claims-aster.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claims-aster.xyz/
Last updated: 2026-03-19