# velmora-live.store — SUSPICIOUS

> velmora-live.store operates as a crypto drainer site with 0/95 VirusTotal detections, targeting unsuspecting users. Investigate now.

## Summary
PhishDestroy identifies velmora-live.store as an active crypto drainer posing as a legitimate streaming platform. This domain employs deceptive tactics to trick users into connecting their cryptocurrency wallets, enabling unauthorized fund transfers upon approval of fraudulent transactions. The threat is classified as under investigation but remains active, with no detections recorded on VirusTotal at the time of analysis. Alerts have been generated due to suspicious SSL certificate issuance and an unresolved risk profile, warranting immediate scrutiny by SOC teams and security platforms.

This domain was flagged with zero detections on VirusTotal (0/95) as of the latest scan, despite hosting a malicious infrastructure. It resolves to IP 178.128.90.186, which is associated with hostile activity reports. The SSL certificate is issued by Let's Encrypt, a trusted provider often exploited by threat actors to lend legitimacy to fraudulent domains. Further investigation reveals no prior listings on major blocklists, including URLVoid, PhishTank, or OpenPhish, at the time of this advisory. Domain registration details are pending, but the certificate’s short validity and recent creation suggest a rapidly deployed campaign. Given the absence of detections, this domain poses a significant blind-spot risk for organizations relying solely on signature-based detection.

Mitigation efforts should prioritize blocking the domain velmora-live.store at the DNS and network levels, including all subdomains or related domains that may emerge under similar naming conventions. Users and organizations must exercise extreme caution when encountering this domain, particularly in contexts involving cryptocurrency transactions or wallet connections. Security teams should isolate any endpoints that have accessed this domain and scan for unauthorized cryptocurrency wallet connections or unusual outbound traffic. Additionally, consider blocking the associated IP 178.128.90.186 and updating firewall rules to prevent lateral movement. Educate users about the risks of crypto drainers and enforce wallet connection policies to minimize exposure to such threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 178.128.90.186

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/45d3c47f-e964-4704-977a-a03ef9a8a6e8
- PhishDestroy: https://phishdestroy.io/domain/velmora-live.store/
- LLM endpoint: https://phishdestroy.io/domain/velmora-live.store/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/velmora-live.store/
Last updated: 2026-03-23