# claim.jupfoundation.click — SUSPICIOUS > PhishDestroy identifies claim.jupfoundation.click as an active crypto drainer domain with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies claim.jupfoundation.click as an active crypto drainer domain classified under threat type 'crypto_drainer' with a current risk level of 'under_investigation'. This domain, registered via Dynadot, LLC, was created on April 05, 2026, and resolves to IP address 188.114.97.3. The domain utilizes a Let's Encrypt SSL certificate, indicating a false sense of legitimacy, and currently shows 0 detections out of 95 scanners on VirusTotal, suggesting it remains undetected by most security platforms as of the latest analysis. The seed identifier 958bda correlates with this campaign, which has been flagged as actively distributing crypto drainer malware designed to illicitly transfer cryptocurrency from victims' wallets without authorization. This domain operates with minimal detection and relies on recently issued infrastructure to evade blocklists. While no current inclusion in public blocklists has been confirmed, the combination of a newly registered domain, low VirusTotal detection rate, and association with cryptocurrency theft—specifically crypto draining—presents a high-risk threat vector. Technical indicators include the use of a valid SSL certificate to appear trustworthy, hosting on a shared IP infrastructure (188.114.97.3), and reliance on social engineering tactics impersonating the Jupiter Foundation brand to lure victims into connecting their wallets or entering private keys. The seed 958bda ties this campaign to a broader ecosystem of fraudulent crypto platforms actively targeting decentralized finance (DeFi) users. To mitigate exposure to this threat, users must avoid visiting claim.jupfoundation.click or any linked subdomains. Never connect cryptocurrency wallets to unfamiliar websites or enter seed phrases or private keys. Use hardware wallet isolation, enable transaction simulation tools, and verify URLs through official project channels before interacting with any crypto-related domain. Report suspicious domains to PhishDestroy, your antivirus provider, and relevant blockchain security teams using the seed 958bda for correlation. Domain reputation services should flag this domain immediately to prevent further victimization. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-05 22:01:04 - Registrar: Dynadot, LLC - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/claim.jupfoundation.click - PhishDestroy: https://phishdestroy.io/domain/claim.jupfoundation.click/ - LLM endpoint: https://phishdestroy.io/domain/claim.jupfoundation.click/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claim.jupfoundation.click/ Last updated: 2026-04-07