# defillama-4e386f.webflow.io — SUSPICIOUS

> PhishDestroy identifies defillama-4e386f.webflow.io as a crypto drainer scam. SSL-backed domain (VT 1/95) hosts a DeFiLlama impersonation.

## Summary
PhishDestroy confirms defillama-4e386f.webflow.io as an active crypto drainer site impersonating the legitimate DeFiLlama analytics platform. The page leverages Webflow hosting to deliver a malicious wallet-draining kit that siphons tokens via fake transaction approval prompts. Victims who connect wallets are immediately exposed to unauthorized fund transfers, with the drainer kit masquerading as a “portfolio tracker” to lower user suspicion.

Technical indicators for this domain are consistent with a high-risk operation: the SSL certificate is issued by Google Trust Services, indicating an attempt to appear legitimate, while the domain resolves to IP 104.18.36.248. VirusTotal analysis shows only 1 out of 95 security vendors currently detect the threat, highlighting the stealthiness of this campaign. No registrar or creation date data is publicly available at this time, and the domain has not been flagged by Google Safe Browsing (GSB) as of the latest scan. Despite low detection rates, the site remains unlisted on major blocklists, increasing exposure risk.

As of today, defillama-4e386f.webflow.io remains active and continues to propagate via social media and phishing links targeting DeFi users. PhishDestroy recommends immediate blocking of the domain and IP at network and endpoint levels. Users are urged to verify website URLs manually, avoid clicking unsolicited links, and use hardware wallets or transaction simulation tools before approving any blockchain interactions. Remaining risk is elevated due to low detection coverage and ongoing domain availability. Monitor for updates as this threat evolves.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1ec4a338-e083-4e49-8328-19d5ff7cf01f
- PhishDestroy: https://phishdestroy.io/domain/defillama-4e386f.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/defillama-4e386f.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/defillama-4e386f.webflow.io/
Last updated: 2026-04-13