# defillama-defi-llama.com — MALICIOUS

> Defillama-defi-llama.com is flagged as a high-risk crypto drainer domain. Avoid interaction and ensure your wallet security remains intact.

## Summary
PhishDestroy identifies defillama-defi-llama.com as a high-threat cryptocurrency draining domain specifically designed to deceive users into compromising their digital assets. Targeting decentralized finance (DeFi) users, this domain was used to trick victims into providing private keys or seed phrases, resulting in unauthorized crypto asset withdrawals. Due to its malicious intent and potential financial impact, this domain is classified as high risk.

Technical analysis reveals that defillama-defi-llama.com was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, with a creation date of February 21, 2026. The domain was flagged by multiple security vendors on VirusTotal and appears on several security blocklists, indicating widespread recognition of its malicious behavior. Its infrastructure was likely set up to mimic legitimate DeFi platforms, exploiting user trust to harvest sensitive cryptographic credentials.

Currently, defillama-defi-llama.com has been taken offline, reducing immediate risk to users. However, given its history and aggressive nature, users should remain vigilant by avoiding interaction with any similarly named or suspicious domains. It is recommended to keep cryptocurrency wallets secure by using hardware wallets and enabling multi-factor authentication where possible. PhishDestroy advises users to verify URLs carefully and consult trusted security resources before engaging with DeFi services.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Defilama | DeFi Analytics Hub: Live TVL Data, Crypto Protocol Rankings & Blockchain Metrics

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["audrey.ns.cloudflare.com", "augustus.ns.cloudflare.com"]
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198cd98-c6c7-7218-9136-a62e23615159.png
- PhishDestroy: https://phishdestroy.io/domain/defillama-defi-llama.com/
- LLM endpoint: https://phishdestroy.io/domain/defillama-defi-llama.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/defillama-defi-llama.com/
Last updated: 2026-03-18