# jupdefirewards.xyz — SUSPICIOUS > jupdefirewards.xyz uncovered as a crypto-drainer scam with just 1/95 VirusTotal flags. Check the full report. ## Summary PhishDestroy identifies jupdefirewards.xyz as an active crypto-drainer phishing domain designed to trick visitors into connecting cryptocurrency wallets and drain funds. The site mimics a rewards program for the Jupiter decentralized exchange, but its sole purpose is to harvest private keys and seed phrases once a victim authorizes a wallet interaction. PhishDestroy’s automated scanners detected suspicious token-transfer approval pop-ups and JavaScript payloads that silently exfiltrate wallet data to a remote server controlled by the threat actor. This campaign specifically targets users searching for Jupiter (JUP) airdrops or reward programs and redirects them through deceptive social-media ads and cloned Discord channels. This domain was flagged with only 1 positive detection out of 95 VirusTotal engines, registered on March 24, 2026, and resolves to IP 172.67.178.11. The domain is hosted via Cloudflare and secured with a Let’s Encrypt TLS certificate to appear legitimate. It was registered through PDR Ltd. d/b/a PublicDomainRegistry.com, a registrar frequently abused by low-cost bulk phishing operations. The unusually recent creation date (March 24, 2026) combined with low detection rates suggests a fast-moving, low-overhead campaign aimed at exploiting trending DeFi narratives before defenses catch up. If you visited jupdefirewards.xyz, immediately disconnect your wallet, revoke any token approvals via tools like revoke.cash or Etherscan’s Token Approval page, and transfer remaining funds to a fresh wallet. Scan your device with updated antivirus software and rotate all passwords used in the same browser session. Report the domain to your browser’s safe-browsing program and consider enabling hardware wallet signing to prevent unauthorized transactions. Do not interact with wallet prompts from unknown sites—always verify URLs via official project channels before connecting. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-24 21:44:20 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 172.67.178.11 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/06276b8f-9787-4963-b0e0-b4b37d209999 - PhishDestroy: https://phishdestroy.io/domain/jupdefirewards.xyz/ - LLM endpoint: https://phishdestroy.io/domain/jupdefirewards.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/jupdefirewards.xyz/ Last updated: 2026-03-24