# jupitertestresolve.pages.dev — SUSPICIOUS > jupitertestresolve.pages.dev is a crypto drainer impersonating Jupiter; verify on PhishDestroy. VT: 0/95 detections, registered via Cloudflare. ## Summary PhishDestroy identifies jupitertestresolve.pages.dev as an active generic phishing domain leveraging a crypto drainer kit to deceive users, likely targeting cryptocurrency enthusiasts by impersonating the Jupiter brand. This domain exhibits classic drainer behaviors, including obfuscated JavaScript designed to siphon wallet credentials and assets under the guise of legitimate services. The absence of a specific brand impersonation suggests a broader, opportunistic campaign aimed at crypto users rather than a targeted attack. While no specific drainer kit signature has been publicly disclosed, the domain's behavior aligns with known drainer tactics observed in similar campaigns. This domain resolves to IP 172.66.45.20 and is registered through Cloudflare, Inc., utilizing a Let's Encrypt SSL certificate to appear legitimate. VirusTotal currently shows 0 detections out of 95 engines, indicating it remains under the radar despite its malicious intent. The domain’s infrastructure, including its Cloudflare registration and Let’s Encrypt certificate, suggests an attempt to evade detection through reputable hosting and encryption. As of the latest scan, jupitertestresolve.pages.dev has not been flagged by Google Safe Browsing (GSB) and remains unlisted on major blocklists, further reducing immediate visibility for end users. jupitertestresolve.pages.dev is currently marked as active with a status of under_investigation, with a unique seed identifier of 908c4e assigned by PhishDestroy’s threat intelligence pipeline. The domain poses a moderate-to-high risk due to its crypto drainer functionality and lack of detection coverage, despite its low VT score. Users are advised to avoid interacting with this domain and verify its safety status on PhishDestroy’s platform. Immediate actions include blocking the IP 172.66.45.20 at the network level and reporting the domain to threat intelligence feeds. Remaining risk factors include the domain’s unblocked status, lack of GSB flagging, and the potential for rapid shifts in detection coverage. Users should exercise heightened caution when accessing crypto-related websites and verify domains through trusted sources before entering wallet credentials. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.20 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/jupitertestresolve.pages.dev - PhishDestroy: https://phishdestroy.io/domain/jupitertestresolve.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/jupitertestresolve.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/jupitertestresolve.pages.dev/ Last updated: 2026-04-09