# kvadux.net — SUSPICIOUS > Beware: kvadux.net is a crypto drainer phishing site hosting fake login portals. Verify suspicious links on PhishDestroy before interacting. VT: 0/95 detections. ## Summary PhishDestroy identifies kvadux.net as an active crypto drainer phishing domain classified under generic_phishing with a current risk level of under_investigation. This domain poses a HIGH threat to cryptocurrency users, as it is designed to trick victims into connecting their wallets to malicious smart contracts that drain funds. The threat type is specifically a crypto drainer, which targets blockchain assets by prompting users to sign fraudulent transactions. Threat actors behind this campaign leverage deceptive domains to impersonate legitimate crypto services, exchanges, or wallet interfaces to harvest private keys or authorize unauthorized transfers. Immediate action is required to mitigate exposure. This domain was flagged by PhishDestroy's automated pipeline, revealing critical technical indicators that demand attention. kvadux.net was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 2, 2026, a recently created domain with no established reputation. It resolves to IP address 157.20.182.41 and is secured with a Let's Encrypt SSL certificate, which may lend false credibility. Notably, VirusTotal currently reports 0 out of 95 security engines detecting this domain, indicating it remains under the radar of mainstream scanners. Without proactive blocking or reputation-based filtering, users are vulnerable to visiting this site unknowingly. The combination of a newly registered domain, low detection rates, and a crypto-specific attack vector amplifies the risk of financial loss. To protect against this crypto drainer phishing campaign, users must verify all links and domains before any interaction involving cryptocurrency. Never connect your wallet or enter private keys on untrusted sites. Use PhishDestroy to scan kvadux.net and similar domains before proceeding. Block the IP 157.20.182.41 at your network perimeter to prevent access. Additionally, report this domain to your wallet provider and crypto community platforms to raise awareness. Remain vigilant: crypto drainers often mimic popular platforms like MetaMask, Trust Wallet, or decentralized exchanges—always confirm URLs via official channels. Stay informed through threat intelligence feeds like PhishDestroy to receive real-time updates on emerging campaigns targeting blockchain users. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-02 13:54:53 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 157.20.182.41 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/kvadux.net - PhishDestroy: https://phishdestroy.io/domain/kvadux.net/ - LLM endpoint: https://phishdestroy.io/domain/kvadux.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kvadux.net/ Last updated: 2026-04-04