# jup-exchange.icu — SUSPICIOUS

> PhishDestroy flags jup-exchange.icu as a Jupiter brand impersonation site created March 27, 2024; 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies jup-exchange.icu as a live brand-impersonation site mimicking Jupiter, a popular Solana-based decentralized exchange. The domain was registered on March 27, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP 75.2.60.5. At present it shows zero detections across 95 VirusTotal engines and holds a valid Let’s Encrypt SSL certificate, making it appear harmless at first glance.  This site was flagged specifically for brand impersonation of Jupiter, aiming to trick users into entering Solana wallet credentials or downloading malicious browser extensions under the guise of an “official” Jupiter interface. Domain registration occurred months after Jupiter’s legitimate domains, yet the attackers chose a name that closely mirrors the legitimate Jupiter exchange (jup.io) and added “-exchange” to sound official. The use of a recently created domain, a low VT score, and a benign-looking SSL certificate are classic red flags that often evade automated scanners until users report fraudulent activity.  If you visited jup-exchange.icu, stop using any wallets or browser extensions you may have connected. Revoke permissions immediately in your wallet app or via a reputable blockchain explorer. Run a full antivirus scan and consider rotating all Solana-related private keys or seed phrases. Report the site to PhishDestroy and your wallet provider to help block further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Jupiter

## Domain Intelligence
- Registered: 2026-03-27 12:33:01
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 75.2.60.5

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d0390bf4-87d5-4bbf-a025-a365e591c269
- PhishDestroy: https://phishdestroy.io/domain/jup-exchange.icu/
- LLM endpoint: https://phishdestroy.io/domain/jup-exchange.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jup-exchange.icu/
Last updated: 2026-03-28