# phase2-jito.com — MALICIOUS — Crypto Drainer (Angel Drainer)

> Check if phase2-jito.com is safe. This site mimics Jito for crypto draining but is currently offline. Learn more about its threat status.

## Summary
PhishDestroy identifies phase2-jito.com as a medium-risk crypto drainer domain that impersonates the Jito brand. The site was designed to lure victims with a fake "Jito Airdrop" page, aiming to steal cryptocurrency credentials or assets through the Angel Drainer kit. This tactic targets users interested in crypto giveaways, posing a financial threat by draining wallets connected to the scam.

The domain phase2-jito.com was registered on November 27, 2025, through Metaregistrar BV and resolved to the IPv6 address 2606:4700:3036::6815:2865. Despite appearing on three security blocklists and being flagged by 3 out of 95 VirusTotal vendors, its detection footprint remains relatively low, possibly due to its recent creation and limited spread. The domain mimics the legitimate Jito brand, a known entity in the cryptocurrency space, to increase its credibility among potential victims.

Currently, phase2-jito.com is offline and inaccessible, reducing immediate risk to users. However, PhishDestroy recommends continued vigilance for any future resurrection or similar scams targeting Jito users. Users should avoid interacting with suspicious airdrop offers and verify URLs carefully. Security teams are advised to update blocklists and monitor related domains for emerging threats.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Scam type: Airdrop Scam
- Target brand: Jito
- Page title: Jito Airdrop

## Domain Intelligence
- Registered: 2025-11-27 09:44:59
- Registrar: Metaregistrar BV
- Country: NL
- IP: 2606:4700:3036::6815:2865
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: gracie.ns.cloudflare.com odin.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Ermes", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ac5cd-45de-70e7-b4af-3e18f111e3b6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/115336cd-ef1f-421d-bdbc-f0d67a3e6d88
- Wayback Machine: https://web.archive.org/web/https://phase2-jito.com
- PhishDestroy: https://phishdestroy.io/domain/phase2-jito.com/
- LLM endpoint: https://phishdestroy.io/domain/phase2-jito.com/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/phase2-jito.com/
Last updated: 2026-03-19