# claim.shapespace.xyz — SUSPICIOUS > claim.shapespace.xyz hosts an active crypto drainer, detected by 0/95 VirusTotal engines as of seed 39bc8e. Check the full report. ## Summary PhishDestroy identifies claim.shapespace.xyz as an active crypto-draining website that silently transfers cryptocurrency from victims' wallets to attacker-controlled addresses. This domain masquerades as a legitimate claim interface but uses obfuscated JavaScript to detect and exploit wallet connections, initiating unauthorized transactions without user consent. The malicious payload is triggered once a wallet is connected, leading to immediate fund exfiltration under the guise of a verification step. This domain was flagged after resolving to IP 188.114.96.3, with a Let's Encrypt SSL certificate issued for legitimacy. It was created on March 30, 2026, through Dynadot LLC, and appears on 1 known security blocklist as of seed 39bc8e. VirusTotal analysis shows 0 detections out of 95 antivirus engines, underscoring the stealthiness of this threat. The domain’s recent registration suggests it is part of a fast-evolving campaign targeting crypto users. If you visited claim.shapespace.xyz, disconnect all wallets immediately and revoke any suspicious permissions via your wallet’s settings or blockchain explorer. Scan your device with updated antivirus software and consider transferring remaining funds to a new, clean wallet. Report the domain to your wallet provider and relevant crypto fraud databases. Exercise caution with any crypto-related websites, especially those with recent domain registrations or untrusted origins. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: Just a moment... ## Domain Intelligence - Registered: 2026-03-30 15:41:18 - Registrar: Dynadot LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["PhishDestroy"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/18eab083-8e41-42da-9309-a41ce00cb222 - PhishDestroy: https://phishdestroy.io/domain/claim.shapespace.xyz/ - LLM endpoint: https://phishdestroy.io/domain/claim.shapespace.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claim.shapespace.xyz/ Last updated: 2026-03-31