# joyful-rewards.top — SUSPICIOUS > Investigating joyful-rewards.top, a crypto drainer impersonating rewards platforms. Flagged by MetaMask with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies joyful-rewards.top as an active crypto drainer campaign leveraging brand impersonation to deceive users into connecting wallets. The domain mimics legitimate reward platforms, tricking victims into authorizing malicious smart contract transactions designed to drain cryptocurrency assets. No specific drainer kit (e.g., Socket, LiFi, or custom variants) was identifiable from available telemetry, but the infrastructure aligns with known tactics involving fake reward distribution pages and urgent call-to-actions (e.g., 'Claim your rewards now!'). This domain was flagged with a threat type of 'generic_phishing' and carries an under-investigation risk status. Technical indicators include a VirusTotal detection score of 0/95, registration through NAMECHEAP INC, and resolution to IP address 35.157.26.135. The domain was created on April 04, 2026, secured with a Let's Encrypt SSL certificate, and is blocked by MetaMask and SEAL security tools. Additionally, it appears on 2 security blocklists, including Google Safe Browsing (GSB) as confirmed by the SEAL block. The absence of detections on VirusTotal suggests either a very new campaign or evasion techniques designed to bypass initial scans. As of the latest assessment, joyful-rewards.top remains active and is engaged in ongoing drainer activity. Immediate actions include blocking the domain at the network and endpoint levels, flagging the associated IP (35.157.26.135), and monitoring for further propagation. Users are strongly advised to avoid interacting with the domain or any links associated with it, particularly those shared via unsolicited emails or social media. The remaining risk is considered high due to the domain’s recent creation, lack of detections, and active impersonation tactics. Organizations should update firewall rules, email security gateways, and endpoint protection platforms to block this domain and IP. Cryptocurrency users, in particular, should verify URLs manually and use hardware wallets or transaction simulation tools to detect malicious contract interactions before authorizing transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-04 11:01:10 - Registrar: NAMECHEAP INC - IP: 35.157.26.135 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/joyful-rewards.top - PhishDestroy: https://phishdestroy.io/domain/joyful-rewards.top/ - LLM endpoint: https://phishdestroy.io/domain/joyful-rewards.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/joyful-rewards.top/ Last updated: 2026-04-06