# cloud-mainnet.xyz — SUSPICIOUS

> PhishDestroy identifies cloud-mainnet.xyz as a live crypto drainer site mimicking a fake Ethereum mainnet login.

## Summary
PhishDestroy has opened an active investigation into cloud-mainnet.xyz, a recently registered domain flagged for hosting a generic crypto drainer kit designed to steal wallet credentials and assets during Ethereum mainnet impersonation. The page mimics legitimate blockchain-login gateways to trick users into approving malicious transactions that drain wallets. Intelligence suggests the drainer is a forked or packaged kit with preconfigured phishing lures targeting users expecting to connect to Ethereum mainnet RPC endpoints. No brand name is hardcoded in the observed payload, indicating a generic deployment aimed at broad opportunistic theft rather than a targeted brand impersonation.  This domain resolves to IP 104.21.5.39 and was registered through Dynadot LLC on February 08, 2026, making it less than 30 days old at the time of analysis. VirusTotal currently returns 0/95 detections, indicating no AV coverage yet, and the SSL certificate is issued by Let's Encrypt, providing a false sense of legitimacy. As of this report, PhishDestroy’s blocklist count for this domain is zero, and Google Safe Browsing has not flagged it, leaving users completely unprotected without third-party intervention. The extremely low age combined with zero detections creates a high-risk window for exploitation.  The investigation remains under active review as PhishDestroy gathers additional IOCs and payload samples. Users are advised to avoid accessing cloud-mainnet.xyz and to verify any mainnet-related login prompts against official sources. Although the immediate risk is elevated due to zero detections and low age, the domain’s unresolved status may lead to future takedowns or blacklisting. PhishDestroy recommends immediate blocking via DNS or endpoint controls and urges crypto users to confirm URLs via PhishDestroy’s real-time lookup before entering wallet credentials or signing transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-08 14:06:23
- Registrar: Dynadot LLC
- IP: 104.21.5.39

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/36dc14ab-5d04-4f09-bc0e-e822947c829b
- PhishDestroy: https://phishdestroy.io/domain/cloud-mainnet.xyz/
- LLM endpoint: https://phishdestroy.io/domain/cloud-mainnet.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cloud-mainnet.xyz/
Last updated: 2026-03-22