# jupiterswap.to — SUSPICIOUS

> jupiterswap.to is an active phishing site impersonating Jupiter. Detected on multiple blocklists—avoid and report this domain now.

## Summary
PhishDestroy identifies jupiterswap.to as a medium-risk phishing domain engaged in brand impersonation targeting the Jupiter decentralized exchange ecosystem. The domain is actively misleading users by presenting itself as "Jupiter Swap — Fast, Best-Route DEX Aggregator on Solana," an attempt to exploit trust in the legitimate Jupiter brand.

This domain was registered on March 11, 2026, through the Government of Kingdom of Tonga. It resolves to IP address 104.21.93.158 and has appeared on three security blocklists. VirusTotal analysis shows limited detection, with 4 out of 95 security vendors flagging the domain. The relatively recent creation date and its registration details contribute to its suspicious profile, reinforcing concerns of deceptive intent.

Users and organizations should exercise caution to avoid interacting with jupiterswap.to, as it remains active and may attempt credential theft or other fraudulent activities. Immediate mitigation includes blocking the domain at network levels and educating users about the threat. PhishDestroy recommends reporting any suspicious activity linked to the domain and verifying all Jupiter-related URLs directly from official sources to prevent compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 200)
- Target brand: Jupiter
- Page title: Jupiter Swap — Fast, Best-Route DEX Aggregator on Solana

## Domain Intelligence
- Registered: 2026-03-11 15:07:01
- Registrar: Government of Kingdom of Tonga
- Country: TO
- IP: 104.21.93.158
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["megan.ns.cloudflare.com", "yew.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce215-ef30-75b8-9889-5db10d016251.png
- PhishDestroy: https://phishdestroy.io/domain/jupiterswap.to/
- LLM endpoint: https://phishdestroy.io/domain/jupiterswap.to/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jupiterswap.to/
Last updated: 2026-03-19