# claims.eclipise.xyz — SUSPICIOUS

> Claims.eclipise.xyz involved in crypto drainer phishing campaign. Domain now offline but previously flagged on multiple blocklists. Stay vigilant.

## Summary
PhishDestroy identifies claims.eclipise.xyz as a malicious domain linked to a crypto drainer phishing campaign under the guise of "Eclipse Airdrop." Registered recently on 2026-02-21 via WebNIC, this domain was designed to deceive users into compromising their cryptocurrency assets. The page title "Eclipse Airdrop" suggests a lure tactic targeting crypto enthusiasts with fake incentives.

Technical indicators show that claims.eclipise.xyz resolved to IP 172.67.150.57 and was flagged by 3 out of 95 security vendors on VirusTotal. Additionally, it appears on two separate security blocklists, reinforcing its malicious intent. The domain’s creation date and short lifespan align with common phishing infrastructure patterns aiming for rapid deployment and quick exploitation.

Currently, the domain is offline, indicating a possible takedown or self-removal after being detected. Despite its inactive status, the risk level remains medium due to the potential residual impact on victims and its prior activity. PhishDestroy recommends continued vigilance against similar crypto airdrop scams and monitoring for any domain resurrection or related infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Eclipse Airdrop

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Web Commerce Communications Limited
- Country: MY
- IP: 172.67.150.57
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["alphaMountain.ai", "Forcepoint ThreatSeeker", "Fortinet"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bf040-6d58-70dc-952b-adbf1ba9dead.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0392593a-4ab9-4dfb-a9e7-8b1eb99ead4d
- PhishDestroy: https://phishdestroy.io/domain/claims.eclipise.xyz/
- LLM endpoint: https://phishdestroy.io/domain/claims.eclipise.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claims.eclipise.xyz/
Last updated: 2026-03-19