Protocol-impersonator domain registered (typosquat)
JustLend DAO's assessment for RD-F-161 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Protocol-impersonator domain registered (typosquat) — red. Active, confirmed protocol-impersonator domain and phishing infrastructure targeting JustLend users. Official domain: justlend.org. Confirmed impersonators: (1) justlend-dao.com — URLScan first scan August 2023; presents as 'JustLend DAO — TRON's premier decentralized money market protocol' with $2.1B TVL claim; misattributes audits to CertiK, SlowMist, PeckShield; uses Cloudflare/PrivacyGuardian.org privacy protection; confirmed active phishing site. (2) web-jus-tlend-dao-wallet.typedream.app, web-justl-end-da-o-wallet.typedream.app, web-justl-endao-wal-let-cdn.typedream.app — multiple typedream-hosted phishing wallet pages. (3) auth-web-justlenddaowallet.teachable.com, web-just-len-dao-walle-t.teachable.com — teachable-hosted phishing pages. At least 6 confirmed phishing/impersonation surfaces identified in this session's web searches as of 2026-05-17. Users connecting wallets to these sites face direct fund loss risk. The 90
Sources #
- URLURLScan — justlend-dao.com domain recordURLScan domain record for justlend-dao.com — first scan August 2023; active domain with Cloudflare/PrivacyGuardian protectionretrieved 2026-05-17
- justlend-dao.com — Confirmed phishing site contentjustlend-dao.com — WebFetch confirmed active phishing content presenting as JustLend DAO with $2.1B TVL claim and misattributed auditsretrieved 2026-05-17
- Typedream phishing wallet page — JustLend impersonationGoogle search results confirming multiple typedream.app and teachable.com phishing wallet pages in JustLend nameretrieved 2026-05-17
Methodology #
Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.
See the full factor methodology and distribution across all protocols →