# claim-shape.network — SUSPICIOUS > claim-shape.network is a crypto-drainer site with 0/95 VirusTotal detections. Avoid this March 22, 2026 registered domain—never connect wallets or approve. ## Summary PhishDestroy identifies claim-shape.network as an active crypto-drainer domain specifically engineered to siphon cryptocurrency from victims’ wallets. The threat actor behind this domain employs a sophisticated drainer kit that tricks users into approving malicious token approvals or fake transactions, resulting in immediate fund theft. No known brand is being impersonated at this time, indicating a targeted campaign rather than a broad phishing operation. The domain operates independently with custom infrastructure designed solely for cryptocurrency theft, using evasion techniques to bypass early detection systems. Seed 700a71 was used to generate this threat intelligence for proactive blocking. This domain resolves to IP 188.114.97.3 and was registered through Porkbun LLC on March 22, 2026. VirusTotal currently shows 0/95 detections, meaning it remains undetected by most antivirus engines as of this report. The domain uses a Google Trust Services SSL certificate, which may help it appear legitimate to users. Despite zero detections, the domain is flagged as a crypto-drainer by PhishDestroy’s behavioral analysis engine. Given the lack of prior blocklist entries and clean VT score, this domain is considered a high-evolving threat requiring immediate attention from security teams and wallet providers. As of this report, claim-shape.network is marked as active and under investigation. Security researchers are monitoring its behavior and network communications for further indicators. Users are strongly advised to block this domain at the network level and avoid any interaction with its pages or wallet connection prompts. The presence of a Google Trust Services certificate suggests the threat actor may be leveraging trusted issuers to increase credibility. Remaining risk is high due to the domain’s recent creation, zero detections, and active deployment of drainer scripts. Organizations should update firewall rules, browser blocklists, and wallet extension denylists to prevent accidental exposure. Continuous monitoring is recommended as this domain may be part of a larger campaign involving multiple drainer domains sharing similar infrastructure or code patterns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 10:19:02 - Registrar: Porkbun LLC - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2da098a2-57f1-4a1a-ab8d-87211cc9d7b3 - PhishDestroy: https://phishdestroy.io/domain/claim-shape.network/ - LLM endpoint: https://phishdestroy.io/domain/claim-shape.network/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claim-shape.network/ Last updated: 2026-03-24