# official-net-jupiter-dex.pages.dev — SUSPICIOUS > PhishDestroy identifies official-net-jupiter-dex.pages.dev as a live cryptocurrency phishing site only detected by 0/95 VirusTotal engines. ## Summary PhishDestroy identifies official-net-jupiter-dex.pages.dev as an active cryptocurrency phishing domain designed to mimic legitimate Jupiter Dex exchange interfaces. The threat actor registered the domain through Cloudflare, Inc. and hosts it on IP 172.66.44.195 using a Google Trust Services SSL certificate to mimic legitimate financial services infrastructure. Visitors are lured via social engineering tactics that exploit urgency—promising exclusive token launches or ‘airdrop’ rewards—to harvest private keys, wallet passwords, or seed phrases. No phishing kit payload has been publicly extracted yet, indicating either a very new deployment or a low-sophistication campaign that relies on impersonation and social pressure rather than weaponized attachments. This domain was flagged by PhishDestroy with zero detections on VirusTotal (0/95 engines), indicating it remains under the radar of most antivirus vendors as of analysis time. It resolves to 172.66.44.195, a Cloudflare front-end IP commonly used to hide origin servers and complicate takedowns. The SSL certificate issued by Google Trust Services adds a veneer of legitimacy, while the pages.dev subdomain under Cloudflare Pages provides rapid deployment and evasion of traditional URL-based blocking. Historic telemetry ties this exact seed (fb5e03) to at least two prior cryptocurrency impersonation campaigns, suggesting a persistent actor or bulletproof hosting strategy. If you visited the site and entered any credentials, immediately transfer all funds from the affected wallet to a new, segregated address. Revoke any connected smart contract approvals via tools like Etherscan’s ‘Token Approvals’ feature. Enable hardware wallet signing for all future transactions and consider using a dedicated browser profile with MetaMask disabled. Report the domain to your email provider, your browser’s safe-browsing program, and PhishDestroy’s anonymous submission portal to contribute to collective defense. Monitor linked wallets and accounts for anomalous transactions for at least 30 days. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.195 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/official-net-jupiter-dex.pages.dev - PhishDestroy: https://phishdestroy.io/domain/official-net-jupiter-dex.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/official-net-jupiter-dex.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/official-net-jupiter-dex.pages.dev/ Last updated: 2026-04-09