# jupag-app.pages.dev — SUSPICIOUS

> jupag-app.pages.dev is a Jupiter impersonation site hosting active brand abuse. VT shows 0/95 detections despite resolving to 188.114.96.

## Summary
Domain jupag-app.pages.dev was flagged for targeted brand impersonation of Jupiter, leveraging Cloudflare Pages for evasion. This domain is flagged as 5fa01f in PhishDestroy’s seed database and is currently under active investigation for redirection to malicious drainer kits. The infrastructure exploits legitimate hosting services to lend false legitimacy, posing a credible threat to users expecting Jupiter services.

Technical indicators reveal critical risk factors: VirusTotal detection remains at 0/95, indicating undetected malicious activity; registration is via Cloudflare, Inc.; the domain resolves to IP 188.114.96.3; and it has not yet been flagged by Google Safe Browsing. Preliminary analysis shows no presence on major blocklists, increasing the window of opportunity for exploitation. The absence of detections highlights the sophistication of the campaign, relying on delayed signature updates or novel obfuscation techniques.

Current status is labeled ‘active’ with an ‘under_investigation’ risk level. Immediate response includes adding the domain and IP to network blocklists, notifying brand stakeholders (Jupiter), and coordinating takedown via Cloudflare abuse channels. Despite these actions, residual risk remains elevated due to the domain’s active resolution and unpatched detection gaps. Users are advised to avoid interaction, block the domain/IP pair at the perimeter, and report any observed redirects or credential prompts. Continuous monitoring is required due to the domain’s evasive hosting and low initial detection footprint.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Jupiter

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- PhishDestroy: https://phishdestroy.io/domain/jupag-app.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/jupag-app.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jupag-app.pages.dev/
Last updated: 2026-03-26