# origndefi.xyz — SUSPICIOUS > origndefi.xyz is a crypto drainer site posing as a legitimate DeFi platform. Flagged by 2 of 95 VirusTotal vendors, users risk wallet theft. ## Summary origndefi.xyz is an active crypto drainer site currently distributing malicious payloads to steal cryptocurrency assets. The domain mimics legitimate decentralized finance (DeFi) platforms to deceive users into connecting their wallets, whereupon funds are drained via unauthorized transactions. This domain was flagged by 2 of 95 VirusTotal security vendors, registered through Web Commerce Communications Ltd, and resolves to IP 188.114.96.3. origndefi.xyz was created on March 16, 2026, indicating it is a recently deployed threat infrastructure. The low detection rate and new registration suggest this is an emerging campaign designed to evade early detection. The site uses a Let’s Encrypt SSL certificate to appear legitimate, adding to its deceptive credibility. As of the latest assessment, origndefi.xyz remains active and dangerous. Users should immediately block access to this domain and avoid any interaction. Always verify URLs, use hardware wallets, and consult community blocklists before engaging with DeFi platforms. Report this domain to security teams and update network firewall rules to prevent access. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-16 23:58:23 - Registrar: Web Commerce Communications Ltd - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/856b2b55-a473-4fc2-8d76-0793ac2b326a - PhishDestroy: https://phishdestroy.io/domain/origndefi.xyz/ - LLM endpoint: https://phishdestroy.io/domain/origndefi.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/origndefi.xyz/ Last updated: 2026-03-21