# ozak.claims — MALICIOUS — Crypto Drainer (Wallet Connect Abuse)

> ozak.claims hosts a crypto drainer scam using Wallet Connect abuse. Learn why this domain is high risk and how to protect your assets.

## Summary
PhishDestroy identifies ozak.claims as a high-risk crypto drainer site leveraging fraudulent Wallet Connect integrations to compromise users' digital assets. The domain masquerades as a platform offering "Predictive AI Agents for Advanced Financial Intelligence" to lure victims into exposing wallet credentials.

The domain resolves to IP address 185.245.34.139 and is registered via NET-USA under ASN 400992. It is actively flagged by multiple security vendors and appears on four distinct blocklists. Analysis reveals the use of a known drainer kit designed to exploit Wallet Connect, a decentralized application connection protocol, facilitating unauthorized access to cryptocurrency wallets.

Currently active, ozak.claims continues to pose a significant threat to users interacting with crypto wallets. PhishDestroy advises avoiding this domain entirely, ensuring wallet connections are only authorized through trusted platforms, and employing robust security practices such as hardware wallets and multi-factor authentication to mitigate exposure.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Wallet Connect Abuse)
- Site status: alive (HTTP 200)
- Drainer type: Wallet Connect Abuse
- Target brand: across
- Page title: Predictive AI Agents for Advanced Financial Intelligence

## Domain Intelligence
- Registrar: NET-USA (ASN: 400992)
- IP: 185.245.34.139
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "SOCRadar", "Sophos", "ThreatHive", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a9330-84b1-70f8-a179-71c9e40b3c38.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b589fb78-d3cc-4a7c-a30d-237b1a1bf9c2
- PhishDestroy: https://phishdestroy.io/domain/ozak.claims/

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ozak.claims/
Last updated: 2026-03-14