# PhishDestroy threat dossier — jysjysjpp.com ================================================================ Fetched: 2026-07-02 07:06:56 UTC Canonical: https://phishdestroy.io/domain/jysjysjpp.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 61/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/91 security vendors flagged this domain Flagging vendors: ChainPatrol URLQuery: 2 detections Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 204.0.57.110 (TW, Taipei) ASN: ASAS214432 ZLIDC Zhilian Technology CO., LTD., GB Hosting org: AS214432 Zhilian Technology CO., LTD. Registrar: Dynadot Inc Nameservers: ns1.dyna-ns.net, ns2.dyna-ns.net Registered: 2026-04-13 Expires: 2027-04-13 Page title: HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR2 Expires: 2026-09-25 Status: INVALID chain Fingerprint: cc39b6537765d411f5e54cbed9a0cda9d9df417f99aba5784ceb6f646c4e3f08 Subject Alternative Names (related infrastructure — often same operator): - coinmeta9.xyz - nodefi99.xyz - www.coinmeta9.xyz - www.jysjysjpp.com - www.nodefi99.xyz ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-13 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-30 21:11:20 UTC (by PhishDestroy tracker) First reported: 2026-06-30 21:54:03 UTC (abuse notice filed) Last verified: 2026-07-02 08:20:36 UTC Neutralised: 2026-07-01 00:02:08 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f19f0-ab70-74c2-9609-f579e0537089/ URLQuery: https://urlquery.net/report/bdd856eb-9ff0-49d2-bd6f-5cf4e3110aad Wayback Machine: https://web.archive.org/web/*/jysjysjpp.com crt.sh CT logs: https://crt.sh/?q=%25.jysjysjpp.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=jysjysjpp.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/jysjysjpp.com URLhaus: https://urlhaus.abuse.ch/host/jysjysjpp.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-30 21:16:05 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, jysjysjpp.com, poses a specific crypto drainer threat targeting cryptocurrency wallet credentials. The site impersonates legitimate decentralized finance platforms to trick users into connecting their wallets or entering private keys, enabling attackers to drain digital assets. Infrastructure analysis indicates active hosting on IP 204.0.57.110 with an SSL certificate from Let's Encrypt, lending a false sense of security to unsuspecting visitors. The site remains operational as of the latest assessment, increasing the urgency of exposure. Evidence from threat intelligence sources confirms a VirusTotal detection rate of 1/95 security vendors flagging this domain. The domain was registered through Dynadot Inc on April 13, 2026, which is notable for its recent creation date, a common indicator of malicious infrastructure. No blocklist count was provided in the given data, but the single vendor detection suggests limited initial visibility. The SSL certificate from Let's Encrypt is a free service frequently abused by threat actors. The resolved IP 204.0.57.110 has not been associated with other widespread threats in this analysis, but the combination of recent registration and low detection rate elevates the risk profile. Users who have visited jysjysjpp.com should immediately disconnect their cryptocurrency wallets from the site, revoke any permissions granted, and transfer remaining assets to a new, secure wallet. Run a full security scan on the device used to access the domain. Monitor accounts for unauthorized transactions and change passwords for any associated services. Report the domain to relevant cybersecurity authorities and add it to personal blocklists. Do not revisit or interact with the site under any circumstances. [Updates since narrative was generated:] - Public blocklists: now listed on 3 feeds ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260630-34E655 Favicon MD5: d0f34b6416903faafc5e3864b6deef99 TLS cert SHA-256: cc39b6537765d411f5e54cbed9a0cda9d9df417f99aba5784ceb6f646c4e3f08 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/jysjysjpp.com/ JSON API: https://api.destroy.tools/v1/check?domain=jysjysjpp.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 173,583 domains (14,589 alive under monitoring, 158,288 confirmed takedowns/dead). Site: https://phishdestroy.io