# rewdex.top — SUSPICIOUS

> rewdex.top flagged for Ethereum phishing stealing crypto via fake wallet drainer. Check the full report. Domain registered Oct 2025 to IP 188.114.97.3.

## Summary
PhishDestroy identifies rewdex.top as a live Ethereum phishing domain equipped with a wallet-draining kit targeting cryptocurrency users under the seed 6ab1b2. The site masquerades as a legitimate service but is engineered to siphon private keys and tokens via deceptive transaction prompts. No brand is being impersonated here; instead, the operator has built a generic drainer page that harvests wallet credentials and initiates unauthorized transfers. The page structure resembles open-source drainer kits seen on Russian cybercrime forums, with obfuscated JavaScript harvesting clipboard contents and injecting fake transaction approval modals. This is a high-risk endpoint that should be avoided and blocked immediately upon detection.


Threat analysis confirms this domain is engineered for Ethereum phishing with a specialized wallet-draining mechanism. Technical indicators are as follows: VirusTotal shows 0/95 detections as of latest scan, indicating zero antivirus coverage; the domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED; DNS resolution points to IP 188.114.97.3; the domain was created on October 08, 2025; SSL certificate is issued by Google Trust Services; and no current blocklist entries have been recorded. The absence of detections suggests this domain is either very new or deliberately low-signature to evade early detection. The IP address is associated with hosting infrastructure known to rotate malicious domains, including phishing and drainer campaigns, primarily targeting Web3 users.


Current status is ACTIVE and under active monitoring with a risk level marked as under_investigation. PhishDestroy has flagged this domain for immediate network-level blocking due to confirmed drainer functionality. Response actions include DNS sinkholing, IP deprecation alerts to hosting providers, and integration into real-time browser-based blocklists. Despite these measures, the remaining risk remains HIGH due to the site's recent creation date, lack of detection coverage, and the potential for rapid propagation through social engineering campaigns. Users are strongly advised to avoid visiting rewdex.top and to revoke any clipboard or wallet permissions previously granted to this domain. Security teams should deploy network rules blocking 188.114.97.3 and monitor for similar drainer variants using the seed 6ab1b2 for correlation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-10-08 03:05:29
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/rewdex.top
- PhishDestroy: https://phishdestroy.io/domain/rewdex.top/
- LLM endpoint: https://phishdestroy.io/domain/rewdex.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rewdex.top/
Last updated: 2026-04-04