# xn--llvestream-pmp-hrb.fun — SUSPICIOUS

> xn--llvestream-pmp-hrb.fun is a crypto drainer mimicking live streams. 0/95 VirusTotal detections. Do not connect wallets or enter details.

## Summary
PhishDestroy identifies xn--llvestream-pmp-hrb.fun as an active crypto-draining domain designed to trick visitors into connecting crypto wallets or submitting credentials under the guise of a live stream platform. The domain resolves to 193.233.82.10, and despite using a Let’s Encrypt SSL certificate, it remains undetected by 95 scanners on VirusTotal (0/95 detections).  This domain was flagged by SEAL, ScamSniffer, and MetaMask, and it already appears on three security blocklists. Registered through Dynadot Inc on March 5, 2024, it is a recently created threat with evasive tactics, leveraging an internationalized domain name (IDN) to appear legitimate.  If you visited this site, disconnect your wallet immediately, revoke any unauthorized permissions via tools like revoke.cash, and run a malware scan. Do not interact further—treat any prompted transactions or login attempts as malicious.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-05 16:58:13
- Registrar: Dynadot Inc
- IP: 193.233.82.10

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["SEAL", "ScamSniffer", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/xn--llvestream-pmp-hrb.fun
- PhishDestroy: https://phishdestroy.io/domain/xn--llvestream-pmp-hrb.fun/
- LLM endpoint: https://phishdestroy.io/domain/xn--llvestream-pmp-hrb.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xn--llvestream-pmp-hrb.fun/
Last updated: 2026-04-05