# nft-aave.com — MALICIOUS

> Stay cautious of nft-aave.com, a high-risk crypto drainer domain. Avoid interaction and report suspicious activity to protect your assets.

## Summary
PhishDestroy identifies nft-aave.com as a high-risk threat classified as a crypto drainer. This domain was designed to deceive users by impersonating the legitimate Aave NFT platform, aiming to steal cryptocurrency wallets or funds through malicious means.

Supporting intelligence reveals that nft-aave.com was flagged by 10 out of 95 security vendors on VirusTotal and appeared on two distinct security blocklists. The domain resolved to the IP address 172.67.205.141 and was registered recently on February 21, 2026, through NiceNIC International Group Co., Limited. Despite its malicious nature, the domain is currently offline, returning a 522 connection timeout error, indicating that the threat infrastructure has been disrupted or taken down.

Users are advised to avoid visiting nft-aave.com or engaging with any related content. Given its high-risk status and crypto drainer classification, any interaction could lead to significant financial loss. PhishDestroy recommends updating security tools, reporting suspicious domains, and remaining vigilant for similar impersonation attempts. The domain's current offline status reduces immediate risk, but caution remains essential as threat actors may deploy new variants.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: nft-aave.com | 522: Connection timed out

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.205.141
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ace.ns.cloudflare.com", "tegan.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "Enkrypt"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b9ebf-b4d6-775f-a9d1-ef796c87359f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c6ee45ce-69b2-40a1-92e2-294a953f4459
- PhishDestroy: https://phishdestroy.io/domain/nft-aave.com/
- LLM endpoint: https://phishdestroy.io/domain/nft-aave.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nft-aave.com/
Last updated: 2026-03-19