# jupp-swap.sbs — SUSPICIOUS > jupp-swap.sbs is a crypto drainer phishing domain flagged by 2 of 95 VirusTotal vendors. It mimics legitimate swap services to steal cryptocurrency assets. ## Summary PhishDestroy identifies jupp-swap.sbs as an active crypto drainer phishing domain designed to deceive users into authorizing malicious cryptocurrency transactions. The domain masquerades as a legitimate swap service, leveraging UI and branding similarities to exploit user trust and drain connected wallets. Security monitoring systems have classified this domain as elevated-risk due to active deployment and confirmed malicious intent. This domain was flagged by 2 of 95 VirusTotal vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP 188.114.97.3. The domain was created on March 30, 2026, indicating recent activation within suspicious infrastructure. The low VirusTotal detection rate suggests evasive positioning, potentially targeting users unfamiliar with emerging crypto threats. The presence of a Let's Encrypt SSL certificate does not imply legitimacy, as threat actors frequently abuse free certificates for credibility masking. Despite its active status, jupp-swap.sbs should be treated as a confirmed security threat. Users should avoid accessing the domain, interacting with any content, or entering wallet credentials. Security teams and researchers are advised to block the domain at the network level and report the IP to threat intelligence platforms. Continuous monitoring is recommended due to the domain’s recent registration and low initial detection rate. Exercise caution: domains with recent creation dates and low VT coverage often represent fast-evolving threats. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-30 20:26:33 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/14e4fc17-a8c9-4898-b11a-3378725c207f - PhishDestroy: https://phishdestroy.io/domain/jupp-swap.sbs/ - LLM endpoint: https://phishdestroy.io/domain/jupp-swap.sbs/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/jupp-swap.sbs/ Last updated: 2026-03-31