# receive-origindcefi.xyz — MALICIOUS > receive-origindcefi.xyz is a fraudulent site mimicking a decentralized finance platform. 5 of 95 VirusTotal scanners flag it as malicious. ## Summary PhishDestroy identifies receive-origindcefi.xyz as an active generic-phishing domain posing as a decentralized finance (DeFi) investment portal. The site lures users with promises of high-yield returns to steal cryptocurrency wallet credentials and funds. This domain was registered on March 15, 2026, through NameSilo, LLC, and currently resolves to IP address 104.21.15.114. It uses a valid Let’s Encrypt SSL certificate to appear legitimate, but 5 out of 95 VirusTotal security vendors have already flagged it as malicious. This domain exemplifies a classic cryptocurrency phishing campaign. Threat actors often clone legitimate DeFi platforms, using slight misspellings or similar-sounding names to deceive users into entering sensitive information such as private keys, wallet seed phrases, or login credentials. Once compromised, victims may experience unauthorized fund transfers, drained wallets, or identity theft. The domain’s newness—created just days ago—combined with low but growing detection rates, suggests it is part of a rapidly evolving campaign targeting crypto investors. The use of NameSilo as a registrar and a cloud-hosted IP indicates low operational cost and high mobility, enabling quick takedown evasion. If you visited receive-origindcefi.xyz, do not enter any wallet addresses, private keys, or personal information. Disconnect from the internet if possible and run a full antivirus scan. If you entered a wallet seed phrase or private key, transfer remaining funds to a new wallet immediately. Report the domain to your antivirus provider and consider filing a complaint with local cybercrime units or platforms like Chainalysis Reactor. Avoid clicking links in unsolicited emails or social media messages related to DeFi or crypto promotions. Always verify URLs manually and use hardware wallets or official app stores when interacting with financial platforms. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-15 13:54:00 - Registrar: NameSilo, LLC - IP: 104.21.15.114 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ce950d1b-e800-4d22-8bf3-9a7ff18841ef - PhishDestroy: https://phishdestroy.io/domain/receive-origindcefi.xyz/ - LLM endpoint: https://phishdestroy.io/domain/receive-origindcefi.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/receive-origindcefi.xyz/ Last updated: 2026-03-23