# jup-exchange.cfd — SUSPICIOUS

> Domain jup-exchange.cfd linked to active brand impersonation phishing targeting Jupiter. VirusTotal shows 0/95 detections as of March 2025.

## Summary
PhishDestroy identifies an active brand impersonation phishing campaign targeting Jupiter users through the domain jup-exchange.cfd. This fraudulent site mimics the legitimate Jupiter platform to deceive victims into divulging sensitive information or transferring cryptocurrency. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 27, 2026, and currently resolves to IP address 104.21.70.135. Despite zero detections on VirusTotal (0/95 engines) and reliance on a Let's Encrypt SSL certificate, this domain poses a credible threat due to its timing, branding alignment, and infrastructure choices.  This domain employs exact branding replication to exploit user trust, featuring a plausible variation of Jupiter’s official exchange branding. The infrastructure details further support its malicious intent: the domain was registered through a privacy-focused registrar known for enabling malicious registrations, and its creation date predates any legitimate public announcement of the targeted service launch. While VirusTotal currently flags no security vendors (0/95 detections as of March 2025), the absence of alerts does not indicate safety—especially given the low-barrier Let's Encrypt issuance and dynamic hosting environment.  Users who visited this domain should immediately cease any interaction and review recent transactions. If login credentials, wallet addresses, or private keys were entered, assume compromise and rotate all credentials across exchanges and wallets. Disconnect any active sessions, enable two-factor authentication where possible, and monitor financial accounts for unauthorized activity. Report the domain to your security team or phishing response platform, and consider blocking the IP 104.21.70.135 and domain jup-exchange.cfd at the network level. Exercise heightened scrutiny for any follow-up contact purporting to be from 'Jupiter' or related services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Jupiter

## Domain Intelligence
- Registered: 2026-03-27 12:33:01
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.70.135

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/74c9963d-3b9b-436e-877a-43aefabe75e5
- PhishDestroy: https://phishdestroy.io/domain/jup-exchange.cfd/
- LLM endpoint: https://phishdestroy.io/domain/jup-exchange.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jup-exchange.cfd/
Last updated: 2026-03-28