# claimspx6900.app — SUSPICIOUS

> claimspx6900.app is a crypto-draining phishing site first seen 22 Mar 2026; Let’s Encrypt SSL hides theft of digital assets. Avoid clicking, blacklist now.

## Summary
PhishDestroy identifies claimspx6900.app as an active crypto-drainer site under investigation. The domain uses a Let’s Encrypt SSL certificate to appear legitimate while it targets cryptocurrency wallets.  This domain was flagged with 0 detections out of 95 VirusTotal engines as of seed 86c146. It went live on March 22, 2026, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The site resolves to IP address 104.21.69.252, a known node in several drainer campaigns.  If you visited claimspx6900.app, immediately revoke any wallet connections and move remaining funds to a fresh wallet. Scan devices for malware and rotate all passwords used on the device. Report the domain to your antivirus vendor and block 104.21.69.252 at your firewall.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-22 07:36:19
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.69.252

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ea5cd2c0-480b-4538-bccf-b53a583a2b49
- PhishDestroy: https://phishdestroy.io/domain/claimspx6900.app/
- LLM endpoint: https://phishdestroy.io/domain/claimspx6900.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claimspx6900.app/
Last updated: 2026-03-23