# xenfylor.live — MALICIOUS

> xenfylor.live is flagged for phishing risks. Avoid interacting with this domain to protect your personal data and devices.

## Summary
PhishDestroy identifies xenfylor.live as a high-risk generic phishing domain. The site is actively used to deceive users into divulging sensitive information such as login credentials or financial data. Due to its phishing nature, this domain poses a significant threat to user security and privacy.

The domain xenfylor.live was registered recently on April 17, 2025, through Unstoppable Domains Inc., a platform known for blockchain-based domain registrations. It appears on three separate security blocklists, indicating multiple independent detections of malicious activity. VirusTotal analysis shows that 12 out of 95 security vendors currently flag this domain, confirming its association with phishing campaigns. The infrastructure behind the domain leverages decentralized domain registration, which can complicate takedown efforts and increase persistence.

Currently, xenfylor.live remains active and continues to pose a threat. PhishDestroy strongly recommends that users avoid visiting this domain or entering any personal information. Organizations should consider blocking this domain at the network level and educating users about the risks associated with phishing attempts linked to this site. Continuous monitoring is advised to detect any changes in the domain's behavior or infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 526)
- Page title: Privacy error

## Domain Intelligence
- Registered: 2025-04-17 00:00:00
- Registrar: Unstoppable Domains Inc.
- Country: US
- IP: 45.9.148.51
- IP Country: NL
- IP City: Dronten
- IP Org: AS49447 Nice IT Services Group Inc.
- Nameservers: ["ns-cloud-c1.googledomains.com", "ns-cloud-c2.googledomains.com", "ns-cloud-c3.googledomains.com", "ns-cloud-c4.googledomains.com"]
- SSL Issuer: Hestia Control Panel / 8102be99.as49447.net

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198bb94-9577-712b-8943-830e06580dbd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e4212a12-6388-4570-b8ae-5b5d36856c84
- PhishDestroy: https://phishdestroy.io/domain/xenfylor.live/
- LLM endpoint: https://phishdestroy.io/domain/xenfylor.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xenfylor.live/
Last updated: 2026-03-15