# jupiteragg.co.com — MALICIOUS > jupiteragg.co.com impersonates Jupiter Exchange with a 9/95 VirusTotal flag for crypto drainer scams. Check the full report. ## Summary PhishDestroy identifies jupiteragg.co.com as a fraudulent domain actively impersonating Jupiter, a legitimate cryptocurrency exchange platform, to deceive users into transferring funds to attacker-controlled wallets. The site leverages social engineering tactics, including brand imitation and false investment opportunities, to trick victims into engaging with malicious smart contract drainer kits designed to siphon cryptocurrency assets. This domain is part of a broader campaign targeting unsuspecting users by exploiting Jupiter’s reputation in the crypto space. Technical analysis reveals critical indicators of compromise: the domain resolves to IP address 23.172.217.229 and is flagged by 9 out of 95 security vendors on VirusTotal, indicating significant but not universal detection. Registrar data shows this domain was created recently, though the exact creation date is not publicly disclosed. Google Safe Browsing has classified jupiteragg.co.com as a SOCIAL_ENGINEERING threat, further validating its deceptive intent. The domain utilizes a Let’s Encrypt SSL certificate, which may lend an air of legitimacy to casual observers, while its infrastructure and behavior align with known cryptocurrency drainer operations. As of the latest assessment, jupiteragg.co.com remains active and poses an elevated risk due to its impersonation of Jupiter and the presence of drainer infrastructure. Immediate user action is advised: avoid interacting with this domain or any linked platforms, and verify the authenticity of any communications purporting to represent Jupiter through official channels. Users who have already engaged are urged to disconnect wallets, revoke suspicious smart contract approvals, and report the incident to Jupiter’s official support. While the domain remains accessible, ongoing monitoring and collaborative blacklisting efforts are critical to mitigate further victimization. Remaining risk remains high as long as the domain stays online and active. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Jupiter ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 23.172.217.229 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/28aa2044-91b4-4a7d-8753-9f2c5dce5463 - PhishDestroy: https://phishdestroy.io/domain/jupiteragg.co.com/ - LLM endpoint: https://phishdestroy.io/domain/jupiteragg.co.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/jupiteragg.co.com/ Last updated: 2026-03-28