# fogo.claims — MALICIOUS

> fogo.claims is a high-risk crypto drainer domain currently offline. Avoid interaction and ensure your wallet security if you visited this site.

## Summary
PhishDestroy identifies fogo.claims as a high-risk domain involved in crypto draining scams. This domain was flagged on three security blocklists and is currently offline to prevent further harm. Users who encounter such sites face the risk of having their cryptocurrency wallets drained or compromised, leading to significant financial loss.

The phishing scheme employed by fogo.claims typically involves tricking users into granting access to their crypto wallets through deceptive prompts or fake transaction requests, often disguised under vague titles like "Nur einen Moment…". Attackers exploit user trust to authorize fraudulent transactions without realizing the consequences.

If you visited fogo.claims, it is crucial to immediately review your wallet activity for unauthorized transactions and revoke any suspicious permissions granted. Users should update their security settings, enable two-factor authentication where possible, and transfer funds to a secure wallet if any compromise is suspected. Staying vigilant against such threats helps protect digital assets from crypto drainers.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Nur einen Moment…

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.1.225
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["nadia.ns.cloudflare.com", "kyle.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Lionic", "Netcraft", "Seclookup", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bbd22-7590-740f-9a9f-cee971a52f51.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ddeca1e0-eb45-4b00-891c-9e659347b0d4
- PhishDestroy: https://phishdestroy.io/domain/fogo.claims/
- LLM endpoint: https://phishdestroy.io/domain/fogo.claims/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fogo.claims/
Last updated: 2026-03-19