# earn-etherfi.xyz — SUSPICIOUS

> earn-etherfi.xyz was flagged for phishing activities and is now offline. Stay vigilant and avoid interacting with this suspicious domain.

## Summary
PhishDestroy identifies earn-etherfi.xyz as a medium-risk phishing domain designed to deceive users, likely targeting cryptocurrency investors under the guise of EtherFi. The domain was reported on three security blocklists, indicating a consensus in the security community about its malicious intent. This domain presented a generic phishing threat aimed at harvesting sensitive user credentials or financial information.

Technically, earn-etherfi.xyz resolved to the IP address 104.21.36.149 and was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 12, 2026. VirusTotal scans flagged 3 out of 95 security vendors for suspicious activity related to this domain, reinforcing the medium-risk classification. The page title discovered was "Suspected phishing site | Cloudflare," reflecting its interception by Cloudflare's security protections.

Currently, earn-etherfi.xyz is offline and inaccessible, likely due to takedown actions or proactive blocking by hosting or domain registrars. Users are strongly advised to avoid visiting this domain or providing any personal information. Organizations should update their blocklists to include this domain and monitor for similar phishing attempts using related infrastructure. Continuous vigilance and prompt reporting of suspicious domains remain crucial to preventing credential theft and fraud.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-12 03:07:01
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 104.21.36.149
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["treasure.ns.cloudflare.com", "junade.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["alphaMountain.ai", "Forcepoint ThreatSeeker", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce201-9d6a-72bd-9dc2-82fbdcbd4288.png
- PhishDestroy: https://phishdestroy.io/domain/earn-etherfi.xyz/
- LLM endpoint: https://phishdestroy.io/domain/earn-etherfi.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/earn-etherfi.xyz/
Last updated: 2026-03-19