# swap-jupp.cfd — SUSPICIOUS

> swap-jupp.cfd is a crypto drainer phishing site with 0/95 VirusTotal detections. Verify this domain on PhishDestroy before entering credentials or crypto.

## Summary
PhishDestroy identifies swap-jupp.cfd as an active generic phishing domain operating as a crypto drainer kit targeting unsuspecting cryptocurrency users. The domain impersonates legitimate wallet interfaces to siphon funds from victims' digital assets without their consent. Based on telemetry, this campaign appears to be in early deployment, leveraging deceptive domain naming to mimic official crypto services.  This domain was flagged by PhishDestroy with a VirusTotal detection ratio of 0/95 engines, indicating it remains undetected by most antivirus platforms as of analysis. It resolves to IP address 172.67.177.206 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on March 31, 2026, and secured with a Let's Encrypt SSL certificate, adding a false sense of legitimacy. It has not yet been blocked by Google Safe Browsing (GSB) and remains absent from major threat intelligence blocklists.  As of current assessment, swap-jupp.cfd is classified as active with a risk level marked as 'under_investigation'. PhishDestroy continues to monitor this domain for behavioral anomalies and payload updates. Users are strongly advised to avoid interacting with this site and to verify unknown domains via PhishDestroy’s real-time scanning tool. The low initial detection rate suggests potential for rapid escalation, posing an elevated risk to cryptocurrency users engaging with unsolicited links or advertisements.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-31 10:59:32
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.177.206

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/swap-jupp.cfd
- PhishDestroy: https://phishdestroy.io/domain/swap-jupp.cfd/
- LLM endpoint: https://phishdestroy.io/domain/swap-jupp.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/swap-jupp.cfd/
Last updated: 2026-04-02