# swap-jup.sbs — SUSPICIOUS

> swap-jup.sbs poses a crypto swap phishing threat with 0/95 VT detections. Check the full report for detailed risk and IP data.

## Summary
The domain swap-jup.sbs is currently identified as an active phishing threat specializing in crypto swap impersonation schemes. No specific brand or drainer kit has been publicly linked to this domain as of now. The campaign appears to aim at deceiving users by leveraging trust in cryptocurrency swap platforms, potentially harvesting credentials or funds.

Technical analysis reveals that swap-jup.sbs has zero detections out of 95 engines on VirusTotal, indicating it is still under the radar of most antivirus solutions. It uses a Let's Encrypt SSL certificate, which is commonly abused by threat actors due to its free and automated issuance. The domain resolves to IP address 172.67.165.240 and was registered via NICENIC INTERNATIONAL GROUP CO., LIMITED on March 28, 2026. It currently has no Google Safe Browsing (GSB) blacklist status or known blocklist entries.

Presently, swap-jup.sbs remains an active threat under investigation. Due to the zero VT detections and lack of blocklist flags, it is likely early in its campaign lifecycle but still poses a substantial risk to users engaging with crypto services. Security teams should monitor the IP and domain for emerging indicators of compromise, and end users are strongly advised to avoid interacting with this domain. Immediate response actions include blocking the IP at network boundaries and educating users about the specific crypto swap phishing threat this domain represents.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-28 13:23:58
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.165.240

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/60151b44-9686-4165-96dc-976c99f980cb
- PhishDestroy: https://phishdestroy.io/domain/swap-jup.sbs/
- LLM endpoint: https://phishdestroy.io/domain/swap-jup.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/swap-jup.sbs/
Last updated: 2026-03-29