# eligible-meteora.live — SUSPICIOUS > eligible-meteora.live is actively weaponized with a generic cryptocurrency drainer kit. Check the full report for IOCs and mitigation steps. ## Summary PhishDestroy identifies eligible-meteora.live as a recently activated generic phishing domain distributing a cryptocurrency drainer kit targeting digital asset holders. The domain was created on March 21, 2026, and resolved to IP 104.21.71.2 at the time of analysis. No brand affiliation or spoofing of a specific financial institution has been detected; instead, this campaign appears designed to harvest seed phrases and private keys through fraudulent transaction prompts. Operators are leveraging Let’s Encrypt SSL certificates to establish false legitimacy, likely targeting users via social media, messaging platforms, or spoofed recovery links. This domain exhibits highly evasive behavior. VirusTotal currently shows 0/95 detections, indicating it remains undetected by mainstream security engines. The domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com and currently shows zero blocklist presence in Google Safe Browsing (GSB). The swift domain creation—just days prior—and absence of detections suggest an agile, opportunistic campaign possibly aligned with broader phishing-as-a-service (PhaaS) infrastructure. eligible-meteora.live remains ACTIVE as of today. No takedown or mitigation actions have been formally reported. While the risk level is currently classified as 'under investigation,' users should treat transactions to or from this domain as HIGH RISK. PhishDestroy recommends immediate blocking of the domain and IP (104.21.71.2), along with heightened scrutiny of any communications referencing 'eligible' or 'meteora' in connection with crypto wallet access. Remaining risk includes potential data harvesting and unauthorized fund transfers pending further forensic analysis. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 22:34:22 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 104.21.71.2 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b3f0d5be-362e-4458-9ed6-4884bc2d2c55 - PhishDestroy: https://phishdestroy.io/domain/eligible-meteora.live/ - LLM endpoint: https://phishdestroy.io/domain/eligible-meteora.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eligible-meteora.live/ Last updated: 2026-03-22