# jupcore.xyz — SUSPICIOUS

> PhishDestroy identifies jupcore.xyz as a crypto drainer impersonating JupCore. This domain (VT: 1/95) is ACTIVE: block now to prevent wallet theft.

## Summary
PhishDestroy identifies jupcore.xyz as a generic phishing domain hosting a crypto drainer kit designed to steal cryptocurrency wallet credentials and assets. The domain impersonates JupCore, a legitimate decentralized exchange platform, leveraging branding familiarity to deceive users into connecting fraudulent wallet interfaces. This drainer kit is engineered to intercept transaction approvals, siphoning funds to attacker-controlled addresses under the guise of legitimate operations. The infrastructure is configured to mimic legitimate services, increasing the likelihood of successful user compromise through social engineering and credential harvesting tactics.

Technical indicators for jupcore.xyz reveal high-risk attributes consistent with active malicious campaigns. The domain resolves to IP address 104.21.61.65 and was registered on March 12, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis shows a detection ratio of 1 out of 95 security vendors flagging the domain, indicating low initial visibility but confirmed malicious activity. The SSL certificate issued by Let's Encrypt provides a false sense of legitimacy, while the domain remains unblocked by Google Safe Browsing (GSB) and other major threat intelligence platforms as of the latest scan. This combination of factors suggests a recently activated campaign with potential for rapid expansion.

This domain remains ACTIVE with elevated risk, indicating ongoing malicious operations targeting cryptocurrency users. Immediate response actions include domain takedown requests to hosting providers and registrar, IP-based blocking at network security layers, and user education regarding wallet connection verification procedures. However, the domain's recent creation date and low initial detection rate suggest potential for continued operation before full containment. Remaining risk is elevated due to the active drainer kit deployment and the domain's ability to bypass immediate threat intelligence detection systems. Users are advised to verify all crypto-related websites through PhishDestroy before entering credentials or connecting wallets, and to implement transaction approval verification protocols on hardware wallets where possible.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-12 21:31:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.61.65

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ea9cb82e-7d6e-496d-a821-c2cfb2b90d56
- PhishDestroy: https://phishdestroy.io/domain/jupcore.xyz/
- LLM endpoint: https://phishdestroy.io/domain/jupcore.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jupcore.xyz/
Last updated: 2026-03-22