# swap-jup.icu — SUSPICIOUS

> swap-jup.icu is a recently-registered crypto-scam domain that already shows zero VirusTotal detection despite hosting a live phishing page on 188.114.96.3.

## Summary
PhishDestroy identifies swap-jup.icu as a cryptocurrency-themed phishing domain actively deployed to harvest wallet credentials and seed phrases from unsuspecting users who mistake it for the legitimate Jupiter aggregator. The domain’s landing page mirrors Jupiter’s UI and prompts visitors to connect their wallets under the pretext of swapping tokens. Once connected, the phishing kit exfiltrates private keys, mnemonic phrases, and wallet passwords to backend infrastructure controlled by the threat actor. PhishDestroy analysts note that the page is served over HTTPS via a Let’s Encrypt certificate, adding a veneer of legitimacy for potential victims.  Technical indicators and historical data for this domain reveal significant red flags: the domain was created on March 20, 2026, indicating an extremely young age; it resolves to IP 188.114.96.3, a hosting address with a history of abuse; it was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for low-friction, privacy-protected registrations that are favored by illicit actors; and crucially, VirusTotal currently shows 0 detections across 95 security engines, suggesting the phishing page remains undetected by most endpoint and network defenses as of the latest analysis. These factors elevate the risk profile and indicate an ongoing, targeted campaign.  Users who may have visited swap-jup.icu should IMMEDIATELY disconnect any connected wallets, revoke any permissions granted on the site via blockchain explorers or wallet managers, and transfer remaining funds to a newly generated wallet. Scan local devices for malware or browser extensions injected by the phishing kit, enable hardware wallet signing for future transactions, and monitor on-chain activity for unauthorized transfers. Report any suspicious transactions to the appropriate chain or platform support teams, and consider rotating wallet seeds and passwords as a precautionary measure. Organizations should block the domain at DNS and firewall levels and flag the associated IP and SSL certificate for proactive blocking across enterprise environments.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-20 13:24:02
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/458d0168-abc8-4ac6-b0b0-6f82e444d074
- PhishDestroy: https://phishdestroy.io/domain/swap-jup.icu/
- LLM endpoint: https://phishdestroy.io/domain/swap-jup.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/swap-jup.icu/
Last updated: 2026-03-23