# jpusdso.pages.dev — SUSPICIOUS

> Domain jpusdso.pages.dev (188.114.97.3) is a live phishing page mimicking JPUSD login portals. VirusTotal shows 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies a live phishing campaign using the domain jpusdso.pages.dev to impersonate official JPUSD (Julian Path Unified School District) login portals. This deceptive infrastructure, registered through Cloudflare, Inc., resolves to IP 188.114.97.3 with an active SSL certificate issued by Google Trust Services. The threat actor leverages the .pages.dev subdomain—a legitimate Cloudflare Pages platform—to host a spoofed JPUSD authentication page, tricking users into entering credentials under false pretenses. The domain was flagged under seed 9cf483 and remains under investigation, with no VirusTotal detection coverage as of the latest static analysis, indicating evasion tactics likely in play.  This phishing site exhibits multiple red flags consistent with credential harvesting operations. VirusTotal analysis returned 0 detections across 95 security engines, suggesting recent deployment or advanced obfuscation. The domain was registered through Cloudflare, Inc., and uses Cloudflare Pages for static site hosting, which provides SSL/TLS termination via Google Trust Services’ certificates—features often abused to lend false legitimacy to malicious campaigns. The hosting IP address (188.114.97.3) corresponds to Cloudflare’s infrastructure in San Francisco, USA, commonly employed to mask true origins. Given its active status and lack of detection, this domain represents a high-risk threat to end users seeking legitimate JPUSD services.  Users who have visited this domain should immediately cease entering any credentials or personal information. If credentials were entered, users must reset their JPUSD account passwords immediately, enable multi-factor authentication (MFA), and monitor for suspicious activity. Organizations are advised to block access to jpusdso.pages.dev at the network perimeter using DNS or firewall rules. Report the incident to JPUSD IT security and local cybersecurity teams. Update browser-based phishing filters and SIEM rules using IOCs: domain jpusdso.pages.dev, IP 188.114.97.3, and SSL issuer Google Trust Services. Seed: 9cf483

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/35af1c8d-13ec-45f7-be19-84d66773a1a4
- PhishDestroy: https://phishdestroy.io/domain/jpusdso.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/jpusdso.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jpusdso.pages.dev/
Last updated: 2026-03-24