# kvatoday.top — SUSPICIOUS

> kvatoday.top is a crypto drainer phishing domain with 0/95 VirusTotal detections. Avoid entering wallet credentials or connecting wallets to this site.

## Summary
PhishDestroy identifies kvatoday.top as a crypto drainer phishing domain actively targeting cryptocurrency users through malicious website impersonation. The domain mimics legitimate crypto platforms to trick users into connecting their wallets or entering private keys, enabling unauthorized fund transfers. No specific drainer kit signatures were detected in the available telemetry, but the domain's structure and recent creation strongly suggest crypto drainer infrastructure deployment.  kvatoday.top resolves to IP 104.21.66.234 and was registered through Dynadot LLC on March 21, 2026, with a Let's Encrypt SSL certificate providing fraudulent legitimacy. VirusTotal currently shows 0/95 detections and no known blocklist inclusions, while Google Safe Browsing (GSB) status remains unflagged. The domain's recent registration date indicates opportunistic deployment against emerging threats or trending events.  This domain remains in active status with under_investigation risk classification. Security researchers should block the domain and IP while monitoring for associated wallet addresses. Users are advised to verify URLs, avoid wallet connections to unfamiliar sites, and report any suspicious transactions immediately. Remaining risk is moderate due to low detection rates despite active crypto drainer behavior patterns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 06:43:34
- Registrar: Dynadot LLC
- IP: 104.21.66.234

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/677253c2-41d6-4c0c-aecc-eb9c4479bfc8
- PhishDestroy: https://phishdestroy.io/domain/kvatoday.top/
- LLM endpoint: https://phishdestroy.io/domain/kvatoday.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kvatoday.top/
Last updated: 2026-04-12