# livodex.com — SUSPICIOUS

> PhishDestroy flags livodex.com as a crypto drainer domain with 0/95 VirusTotal detections. Immediate browser block recommended.

## Summary
PhishDestroy identifies livodex.com as an active crypto drainer domain under investigation for credential theft. The domain mimics legitimate crypto platforms to siphon victim wallet keys and funds, leveraging deceptive UI and fake transaction prompts. No specific drainer kit signature is exposed in public sandboxes, suggesting either a zero-day variant or obfuscated payload delivery via obfuscated JavaScript on the landing page.

Technical indicators confirm high-risk attributes: VirusTotal shows 0/95 detections at time of capture despite active live phishing content; the domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED; it resolves to IP 172.67.192.216 (Cloudflare); the SSL certificate is issued by Google Trust Services; domain creation occurred on April 03, 2025; no current blocklist presence is recorded in PhishDestroy’s real-time feeds.

This domain remains active with status marked as live compromise. PhishDestroy recommends immediate enterprise browser blocking via DNS or endpoint policies, disabling access to 172.67.192.216, and user awareness training focusing on crypto wallet security prompts. Remaining risk is elevated due to low AV coverage and absence on blocklists, enabling continued undetected access to victims. Continuous threat hunting and sandbox analysis are advised until definitive mitigation is achieved.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-03 15:40:47
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.192.216

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/952fd819-4535-4d02-a8df-5046e341f6f4
- PhishDestroy: https://phishdestroy.io/domain/livodex.com/
- LLM endpoint: https://phishdestroy.io/domain/livodex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/livodex.com/
Last updated: 2026-03-27