# primehilltoknix-ai.net — MALICIOUS

> Warning: primehilltoknix-ai.net is linked to high-risk crypto drainer activity and is currently offline. Avoid any interaction to protect your assets.

## Summary
PhishDestroy identifies primehilltoknix-ai.net as a high-risk domain associated with crypto drainer threats. The domain poses significant danger to users, primarily due to its malicious intent to steal cryptocurrency assets. It is classified with a high threat level, warranting immediate caution and avoidance.

The domain resolves to IP 172.67.159.124 and was registered recently on February 21, 2026, through a common registrar, PDR Ltd. d/b/a PublicDomainRegistry.com. It appears on multiple security blocklists and is flagged by 16 out of 95 security vendors on VirusTotal. Additionally, AlienVault OTX has recorded this domain in a threat pulse, corroborating its malicious activity. The domain is currently offline, indicating possible takedown actions in response to its nefarious use.

Users and organizations are advised to block access to primehilltoknix-ai.net and monitor for any suspicious activity related to this domain. Avoid clicking on links or downloading any content from this source. Employ updated endpoint protection and ensure cryptocurrency wallets are secured with multi-factor authentication to mitigate potential risks from similar threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Primehill Toknix - Plataforma Oficial | Trading IA 2026

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 172.67.159.124
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: lennon.ns.cloudflare.com meiling.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bf92f-50f6-719f-87ea-82c472531644.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9754f9ec-6bbc-4211-bbb1-4e878997357e
- PhishDestroy: https://phishdestroy.io/domain/primehilltoknix-ai.net/
- LLM endpoint: https://phishdestroy.io/domain/primehilltoknix-ai.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/primehilltoknix-ai.net/
Last updated: 2026-03-19