# v2-thorchain.net — SUSPICIOUS

> v2-thorchain.net mimics Thorchain to deceive users. Medium risk detected. Stay alert and avoid interacting with this domain to protect your assets.

## Summary
PhishDestroy has identified v2-thorchain.net as a medium-risk brand impersonation domain targeting the Thorchain cryptocurrency ecosystem. This domain falsely presents itself as the official Thorchain network by using similar branding and page titles such as "Thorchain — Cross-Chain Liquidity Protocol & RUNE Crypto Asset | Thorchain Network," aiming to mislead users into trusting the site.

Technical analysis reveals that v2-thorchain.net was registered on February 21, 2026, through NiceNIC International Group Co., Limited. The domain resolves to the IP address 104.21.112.1, which is associated with multiple security blocklists. VirusTotal flags 4 out of 95 security vendors for suspicious activity linked to this domain, indicating some malicious indicators. The use of a subdomain prefix "v2-" suggests an attempt to appear as a version update or legitimate subservice of Thorchain.

At present, the domain is offline, reflecting a successful takedown or voluntary shutdown. Despite this, the domain’s prior presence on three security blocklists and its impersonation tactics highlight the importance of vigilance. Users are strongly advised to verify URLs carefully and avoid engaging with any suspicious Thorchain-related sites to safeguard their digital assets.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Target brand: Thorchain
- Page title: Thorchain — Cross-Chain Liquidity Protocol & RUNE Crypto Asset | Thorchain Network

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.112.1
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["april.ns.cloudflare.com", "kayden.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Fortinet"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019875ee-9045-749c-a814-d6f88d36eb6c.png
- PhishDestroy: https://phishdestroy.io/domain/v2-thorchain.net/
- LLM endpoint: https://phishdestroy.io/domain/v2-thorchain.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/v2-thorchain.net/
Last updated: 2026-03-19