# eth-lido.co — SUSPICIOUS

> eth-lido.co is a brand impersonation domain pushing crypto drainers. VirusTotal shows 0/95 detections for this domain. Review the safety report now.

## Summary
PhishDestroy identifies eth-lido.co as an active crypto drainer domain impersonating Lido Finance. The domain is categorized under generic phishing tactics designed to trick users into connecting wallets or transferring cryptocurrency under false pretenses. This threat represents a high-risk vector due to the irreversible nature of crypto transactions and the increasing sophistication of drainer scripts embedded in fake websites. Users who interact with this domain risk immediate financial loss, credential compromise, and potential exposure to malware that targets blockchain wallet software. The domain’s operational window appears to be recently established, which may indicate a short-lived campaign intended to capitalize on brand confusion during periods of high market activity or news cycles related to Lido Finance.  This domain was flagged with a risk level of under_investigation and remains active. It resolves to IP address 130.12.180.128 and is registered through Dynadot Inc. The domain was created on April 06, 2026, and secured an SSL certificate via Let's Encrypt, which is commonly exploited in phishing campaigns to appear legitimate. As of the latest scan, VirusTotal reports 0 detections out of 95 security engines, indicating that mainstream threat intelligence platforms have not yet flagged this domain. There is no evidence of inclusion on public blocklists such as Google Safe Browsing or PhishTank at this time, suggesting a potentially emergent threat. The domain’s trust scores across passive DNS and web reputation platforms are currently neutral or unrated, which may reflect its recent creation and low historical visibility.  Mitigation for this crypto drainer threat requires immediate action from both users and security teams. Block the domain and associated IP (130.12.180.128) at the network firewall and DNS level to prevent access. Users should avoid clicking links from unsolicited messages, especially those referencing Lido staking or liquidity pools. Verify any Lido-related URL by directly visiting lido.fi and confirming the correct domain. Organizations should deploy browser isolation or URL rewriting policies for domains with recent creation dates and low reputation. Additionally, monitor outbound traffic for connections to the IP or domain, as drainer scripts often beacon to command-and-control servers post-compromise. Educate stakeholders about the risks of wallet connection prompts and the importance of checking SSL certificates and domain age before engaging with crypto platforms. Report this domain to threat intelligence platforms and blocklists to help prevent wider victimization.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-06 10:32:59
- Registrar: Dynadot Inc
- IP: 130.12.180.128

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/eth-lido.co
- PhishDestroy: https://phishdestroy.io/domain/eth-lido.co/
- LLM endpoint: https://phishdestroy.io/domain/eth-lido.co/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eth-lido.co/
Last updated: 2026-04-06