DNS/CDN/frontend hash drift
Jupiter Perpetual Exchange's assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
DNS/frontend hash drift signal (T-09 v1 phase 2; not production-live). Applicable to jup.ag primary frontend. Official jup.ag DNS/TLS posture: no confirmed changes detected via public cert transparency logs as of 2026-05-16 — official domain appears stable. However, two impersonator/typosquat domains confirm active threat actor interest in the Jupiter brand: (a) jup.ag-rewards.lat — registered 2026-03-11, mimicked official site title, currently offline; (b) jup-ag.live — low-risk crypto drainer, currently offline. These are F161 class (Cat 11), not F105 fires against the official domain. Scored yellow because: (1) typosquat activity is within the monitoring window and confirms elevated social engineering risk for the frontend surface; (2) the 2025-02-06 X account hack precedent shows Jupiter is an active high-value target for frontend/social engineering attacks; (3) a F105 monitoring baseline has not been established for jup.ag (change-management allowlist not documented). Official dom
Sources #
- URLPhishDestroy — jup.ag-rewards.lat Domain ReportPhishDestroy — jup.ag-rewards.lat registered 2026-03-11 via PDR Ltd, mimicked Jupiter official site title. Currently offline.retrieved 2026-05-16
- PhishDestroy — jup-ag.live Domain ReportPhishDestroy — jup-ag.live low-risk crypto drainer, WebNic.cc registrar, IP 172.67.212.149 (Cloudflare). Currently offline.retrieved 2026-05-16
- The Block — Jupiter X Account Hack 2025-02-06The Block — 2025-02-06 X account hack. Confirms Jupiter is a high-value social engineering target. $0 to protocol funds.retrieved 2026-05-16
Methodology #
Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.
See the full factor methodology and distribution across all protocols →