# buyxai.org — MALICIOUS

> buyxai.org flagged as crypto drainer phishing site with 7/95 VirusTotal detections. Avoid interacting with this domain immediately.

## Summary
PhishDestroy identifies buyxai.org as an active crypto drainer domain impersonating cryptocurrency platforms to steal user funds through fraudulent transaction requests. This domain leverages a drainer kit designed to intercept and manipulate blockchain transactions, tricking victims into approving malicious transfers that drain wallet assets without their knowledge. The infrastructure mimics legitimate crypto services to establish false credibility, making it a high-risk threat for cryptocurrency users.  This domain was flagged by PhishDestroy with the following forensic indicators: VirusTotal detection score of 7 out of 95 security vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP address 188.114.96.3, issued an SSL certificate by Google Trust Services, and created on July 21, 2025. While the domain currently has a clean Safe Browsing status, it has appeared on 7/95 blocklists, indicating emerging malicious activity. The recent domain creation date suggests this is a short-lived campaign designed to evade long-term detection.  As of this analysis, buyxai.org remains active and poses an elevated risk to cryptocurrency users. Immediate actions for security teams include blocking the domain at the network level and updating threat intelligence feeds with the IP address and registrant details. Users should avoid visiting this domain and verify URLs before engaging in cryptocurrency transactions. Remaining risk is high due to the drainer kit's ability to bypass user awareness, requiring ongoing monitoring and proactive blocking to mitigate potential asset loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-21 00:42:33
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/381271d7-85ea-41ac-b1ce-78663642713d
- PhishDestroy: https://phishdestroy.io/domain/buyxai.org/
- LLM endpoint: https://phishdestroy.io/domain/buyxai.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/buyxai.org/
Last updated: 2026-04-14