# pricex2.com — SUSPICIOUS

> PhishDestroy identifies pricex2.com as a live crypto-drain site flagged by only 1 of 95 VirusTotal engines.

## Summary
PhishDestroy has confirmed that pricex2.com is a currently active crypto-draining phishing site. The domain impersonates a financial service and hosts a JavaScript-based credential-stealing kit designed to siphon cryptocurrency wallet seed phrases and private keys from unsuspecting users. No direct brand impersonation has been linked at this time, suggesting the actor may be leveraging a generic ‘price comparison’ lure to attract victims who search for discounted offerings in the crypto space.  

Exact technical indicators point to a very recent campaign: VirusTotal shows a detection score of 1 out of 95 security engines, indicating extremely low coverage. The domain was registered on February 08, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP address 188.114.97.3. The SSL certificate is issued by Google Trust Services, which may be abused to lend false legitimacy. No presence on Google Safe Browsing (GSB) blacklists was detected as of the latest scan.  

As of today, pricex2.com remains live and actively resolving. The low VT detection rate and fresh registration suggest this is a fast-moving threat with potentially high victim impact. Immediate network and DNS blocking is recommended to prevent asset loss. Users should avoid accessing the domain and verify any financial service URLs through official, vetted channels. While the campaign is currently elevated in risk, proactive containment can reduce exposure. Remaining risk is assessed as elevated due to ongoing activity and low vendor detection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 21:10:31
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/37aaa37b-4c59-4952-a92a-d14025c435a2
- PhishDestroy: https://phishdestroy.io/domain/pricex2.com/
- LLM endpoint: https://phishdestroy.io/domain/pricex2.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pricex2.com/
Last updated: 2026-03-27