# eigencloud.claims — MALICIOUS — Crypto Drainer (Angel Drainer)

> PhishDestroy identifies eigencloud.claims as a high-risk crypto drainer using Angel Drainer kit. Domain now offline and blocked by multiple security ven...

## Summary
PhishDestroy identifies eigencloud.claims as a high-risk crypto drainer domain impersonating a generic cryptocurrency service under the page title 'EigenLayer.' This threat utilizes the Angel Drainer kit to siphon digital assets from unsuspecting victims, posing significant financial risks to users involved in crypto transactions.

The domain was registered via NET-USA (ASN: 400992) and resolved to IP address 185.245.34.139. It was flagged on four distinct security blocklists and detected by 16 out of 95 VirusTotal security vendors. Additionally, it appeared in one AlienVault OTX threat pulse, confirming its malicious activity within crypto-related threat intelligence communities.

Currently, eigencloud.claims is offline and no longer resolving, effectively mitigating immediate threats. Users are advised to remain cautious of similar impersonation attempts and verify URLs carefully before engaging in crypto transactions. Continuous monitoring and blocking of related infrastructure are recommended to prevent resurgence or related malicious campaigns.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Page title: EigenLayer

## Domain Intelligence
- Registrar: NET-USA (ASN: 400992)
- IP: 185.245.34.139
- IP Country: US
- IP City: Fremont
- IP Org: AS400992 ZhouyiSat Communications
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "ThreatHive", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a9331-d128-7352-80d1-125463b2381a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/67389653-969f-41a4-b55d-e811813ef2b1
- PhishDestroy: https://phishdestroy.io/domain/eigencloud.claims/
- LLM endpoint: https://phishdestroy.io/domain/eigencloud.claims/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eigencloud.claims/
Last updated: 2026-03-19