# claim.perle.sbs — SUSPICIOUS

> claim.perle.sbs is a live crypto drainer domain (VT 3/95) delivering malware via false asset claims. Block this domain immediately and inspect wallets for.

## Summary
PhishDestroy identifies claim.perle.sbs as an active crypto drainer domain delivering malicious payloads to unsuspecting cryptocurrency users. The domain lures victims with false promises of asset claims, exploiting trust in legitimate platforms to siphon digital funds via infected wallets. Risk is elevated due to the active status, low VirusTotal detection rate, and hostile infrastructure hosting the drainer. This domain should be treated as hostile and blocked at network and endpoint levels to prevent fund loss.  This domain was flagged by 3 out of 95 security vendors on VirusTotal, indicating low initial detection despite clear malicious intent. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP 188.114.97.3, and holds a valid Let's Encrypt SSL certificate. The domain was created on March 26, 2026, suggesting it is part of a recently deployed campaign. The low detection rate combined with recent creation and proxy registration points to an opportunistic, high-mobility threat actor leveraging fresh domains to evade blacklists.  Mitigation for this crypto drainer threat requires immediate domain blocking and wallet inspection. Users who may have visited the site or connected wallets should revoke any suspicious permissions and transfer funds to clean wallets. Organizations should update firewall rules and DNS filters to block 188.114.97.3 and the domain claim.perle.sbs. Security teams are advised to hunt for Indicators of Compromise (IOCs) including the drainer payload hash and wallet addresses embedded in the malware. Given the active nature of this campaign and low detection rate, urgent action is critical to prevent asset loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 09:06:55
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f5f85257-3e7e-4e73-819e-3acc95aa16cc
- PhishDestroy: https://phishdestroy.io/domain/claim.perle.sbs/
- LLM endpoint: https://phishdestroy.io/domain/claim.perle.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claim.perle.sbs/
Last updated: 2026-03-27