# jup.ag-claim.xyz — SUSPICIOUS

> jup.ag-claim.xyz is a crypto drainer brand impersonation posing as Jupiter, flagged by 1/95 VirusTotal vendors. Avoid this domain immediately.

## Summary
PhishDestroy identifies jup.ag-claim.xyz as an active brand impersonation domain targeting the Jupiter cryptocurrency platform. The domain employs a crypto drainer tactic, designed to deceive users into connecting their wallets under false pretenses, potentially resulting in asset theft. Given the elevated risk level associated with this threat vector, immediate action is required to prevent financial loss and credential compromise. The domain’s recent creation date and low but concerning VirusTotal detection rate underscore its potential for malicious activity.  This domain was flagged by PhishDestroy due to its clear intent to impersonate Jupiter, a prominent player in the cryptocurrency space. Technical indicators reveal that jup.ag-claim.xyz was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 28, 2026, and resolves to the IP address 172.67.147.230. The domain utilizes a Let’s Encrypt SSL certificate, which may lend it an air of legitimacy despite its malicious purpose. VirusTotal’s analysis shows a detection rate of 1 out of 95 security vendors, a figure that, while low, suggests the domain is still in the early stages of its campaign or has evaded broader detection mechanisms. The absence of blocklist entries at the time of analysis further highlights the need for proactive monitoring and mitigation.  To mitigate the risks posed by jup.ag-claim.xyz, users and organizations should immediately block the domain at the network and endpoint levels. Enterprises are advised to update firewall rules to prevent outbound connections to 172.67.147.230 and to implement DNS sinkholing for the domain. For cryptocurrency users, it is critical to verify the authenticity of any domain before entering wallet credentials or connecting to decentralized applications. Always cross-reference URLs with official Jupiter communications and utilize hardware wallets or multi-signature setups to minimize exposure to drainer attacks. Additionally, security teams should monitor for any signs of wallet drainer activity within their environments and report this domain to relevant threat intelligence platforms to enhance collective defense.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Jupiter

## Domain Intelligence
- Registered: 2026-03-28 09:40:22
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.147.230

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/93ba27c3-fa7d-4d56-ae98-c2836854bbf4
- PhishDestroy: https://phishdestroy.io/domain/jup.ag-claim.xyz/
- LLM endpoint: https://phishdestroy.io/domain/jup.ag-claim.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jup.ag-claim.xyz/
Last updated: 2026-03-30