# originsdefi.pro — SUSPICIOUS > originsdefi.pro is a crypto drainer targeting Web3 users. VirusTotal shows 0/95 detections. Check the full report. ## Summary PhishDestroy identifies originsdefi.pro as an active crypto drainer posing as a Web3 investment platform. This domain was flagged for its role in actively stealing cryptocurrency via fake DeFi yield opportunities. Originsdefi.pro leverages a recently registered domain (March 28, 2026), a Let's Encrypt SSL certificate, and hosting on IP 104.21.68.82 to appear legitimate. VirusTotal currently shows 0/95 detections (seed: e5be6e), while the domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often abused by scammers. The low detection rate suggests this threat may be newly active and under the radar. Users who visited originsdefi.pro should immediately scan their devices for malware, revoke any wallet connection permissions granted to the site, and transfer remaining funds to a secure wallet. Do not enter any credentials or connect wallets to this domain. Report the site to relevant authorities (e.g., Chainalysis, local cybercrime units) and warn others in Web3 communities. Monitor transactions for unauthorized transfers and consider using hardware wallets for added security. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 18:05:43 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.68.82 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/originsdefi.pro - PhishDestroy: https://phishdestroy.io/domain/originsdefi.pro/ - LLM endpoint: https://phishdestroy.io/domain/originsdefi.pro/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/originsdefi.pro/ Last updated: 2026-04-02