# jayapay.id — SUSPICIOUS

> Jayapay.id is an active cryptocurrency drainer scam registered May 25, 2025, hosted on 103.235.75.79. Flagged by only 1 of 95 VirusTotal scanners, it lures.

## Summary
PhishDestroy identifies jayapay.id as an active cryptocurrency drainer posing as a payment service. This domain was flagged on May 25, 2025, via a generic phishing lure designed to trick users into connecting crypto wallets and approve malicious token approvals that drain funds. No specific brand or drainer kit family has been tied to this domain yet, but the infrastructure and timing suggest opportunistic deployment targeting users searching for alternative payment gateways.  

This domain resolves to IP 103.235.75.79 and uses a Let's Encrypt SSL certificate issued shortly after creation. VirusTotal shows only 1 out of 95 security vendors flagged the domain at time of analysis, reflecting low detection coverage despite active abuse. It was registered through PT Web Media Technology Indonesia, a registrar known for bulk registrations that are frequently abused in phishing campaigns. The domain has no presence on Google Safe Browsing and has not yet been widely blocklisted, increasing exposure to unsuspecting users.  

As of this investigation, the campaign remains active with elevated risk due to low detection and absence of widespread blocking. Immediate action is recommended to block jayapay.id at network and endpoint levels. Users should avoid interacting with this domain and verify payment gateways through official sources. Remaining risk is high as the domain infrastructure remains online and undetected by most security tools, indicating potential for continued abuse until detection improves.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-05-25 05:04:39
- Registrar: PT Web Media Technology Indonesia
- IP: 103.235.75.79

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/97ef83c8-d572-464f-af2d-811ea44cac0b
- PhishDestroy: https://phishdestroy.io/domain/jayapay.id/
- LLM endpoint: https://phishdestroy.io/domain/jayapay.id/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jayapay.id/
Last updated: 2026-03-24