# copmound.net — MALICIOUS

> copmound.net is a high-risk phishing domain impersonating Compound. Learn how it operates and how to protect yourself from this threat.

## Summary
PhishDestroy identifies copmound.net as a high-risk phishing domain designed to impersonate the legitimate Compound decentralized crypto lending platform. This brand impersonation poses a significant threat to users by attempting to deceive them into divulging sensitive information or engaging with fraudulent services, potentially leading to financial loss.

The domain copmound.net was registered on February 21, 2026, through NiceNIC International Group Co., Limited and currently resolves to IP address 104.21.40.252. This domain has appeared on two security blocklists and is listed in one AlienVault OTX threat intelligence pulse. Additionally, 13 out of 95 VirusTotal security vendors flag this domain as malicious. While the site is currently offline, its infrastructure and history indicate malicious intent related to brand deception.

Users are strongly advised to avoid interacting with copmound.net or any messages referencing it. Always verify URLs carefully and use official channels when accessing Compound’s services. Employing updated security software and remaining vigilant against unsolicited communications can help prevent falling victim to such impersonation attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Compound
- Page title: Compound Protocol | Decentralized Crypto Lending Platform

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.40.252
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["audrey.ns.cloudflare.com", "augustus.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198e127-bb97-7589-9d64-a70048c871c8.png
- PhishDestroy: https://phishdestroy.io/domain/copmound.net/
- LLM endpoint: https://phishdestroy.io/domain/copmound.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/copmound.net/
Last updated: 2026-03-19