# hubscapitalplus.com — SUSPICIOUS > PhishDestroy flags hubscapitalplus.com as an ACTIVE crypto drainer landing page impersonating HubSpot. ## Summary PhishDestroy identifies hubscapitalplus.com as a recently activated crypto drainer domain explicitly masquerading as HubSpot. The page is engineered to intercept cryptocurrency transfers by presenting a fraudulent wallet-connect flow under the guise of a legitimate HubSpot integration. Behavioral analysis confirms the drainer kit harvests wallet credentials and initiates unauthorized transactions within seconds of connection. Threat actors are leveraging the trust associated with the HubSpot brand to lower user suspicion and maximize successful exploitation rates. Technical indicators corroborate the elevated risk profile of this campaign. The domain was created on July 14, 2025, a mere 37 days prior to detection, suggesting rapid deployment for opportunistic attacks. VirusTotal currently flags only 2 out of 95 security vendors, indicating low visibility in public threat-intel feeds. The domain resolves to IP address 198.251.83.106, hosted under Global Domain Group LLC, and secured via a Let's Encrypt SSL certificate to enhance legitimacy. Despite its recent vintage, the site has already been blocklisted by one external feed, underscoring its malicious trajectory. The domain remains ACTIVE and is actively serving malicious content. PhishDestroy has flagged this site as part of a known campaign cluster and has added it to the real-time blocklist. Users accessing this domain are immediately redirected to a drainer page that prompts wallet connection under the HubSpot brand. While immediate blocking reduces exposure, the low VT detection rate and fresh registration age suggest this threat may evade legacy defenses. PhishDestroy advises all users to verify any HubSpot-branded wallet integration via official channels before proceeding with any transaction. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-07-14 10:31:54 - Registrar: Global Domain Group LLC - IP: 198.251.83.106 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9fdd0297-9a94-489f-981b-5e514e18fcb2 - PhishDestroy: https://phishdestroy.io/domain/hubscapitalplus.com/ - LLM endpoint: https://phishdestroy.io/domain/hubscapitalplus.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hubscapitalplus.com/ Last updated: 2026-03-23