# defillama-protocol-eng.pages.dev — SUSPICIOUS

> Beware of defillama-protocol-eng.pages.dev, a medium-risk crypto drainer. Avoid interaction and secure your wallet immediately to protect assets.

## Summary
PhishDestroy identifies defillama-protocol-eng.pages.dev as an active crypto drainer domain posing a medium risk to users. Crypto drainers are designed to steal digital assets by tricking users into revealing wallet credentials or signing malicious transactions. This threat is significant given the rising value of cryptocurrencies and the increasing sophistication of phishing attacks targeting DeFi users.

The domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., a common registrar known for providing privacy and DDoS protection services. VirusTotal analysis shows limited detection with only 4 out of 95 security vendors flagging the domain, highlighting the need for vigilance beyond automated scanners. The use of a Cloudflare-hosted page further complicates takedown efforts, allowing the threat actor to remain operational.

Users are advised to avoid visiting defillama-protocol-eng.pages.dev or interacting with any content hosted on it. Wallet credentials and private keys must never be entered on suspicious sites. If exposure is suspected, immediately move funds to a secure wallet and revoke any connected approvals. Staying informed through trusted sources like PhishDestroy and practicing cautious browsing habits remain critical defenses against such crypto-related threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: DeFiLlama Wallet – Track and Manage DeFi Assets Securely

## Domain Intelligence
- Registered: 2026-03-10 13:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: brodie.ns.cloudflare.com georgia.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "Fortinet", "Trustwave"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd7a0-72b0-749f-9fb5-2d1bcac851a4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b442deb6-1ea6-4248-8005-67629d296400
- PhishDestroy: https://phishdestroy.io/domain/defillama-protocol-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/defillama-protocol-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/defillama-protocol-eng.pages.dev/
Last updated: 2026-03-19