# skinapp.kvantum.su — SUSPICIOUS

> skinapp.kvantum.su is a live phishing domain impersonating a skin app to steal credentials. VT score 0/95. Check the full report.

## Summary
PhishDestroy identifies an active phishing campaign targeting users of a fake skin application hosted at skinapp.kvantum.su. The domain is categorized under a generic_phishing threat type and is currently under investigation for credential harvesting and potential data exfiltration. No specific brand or drainer kit has been linked to this domain at this stage. The site mimics legitimate application interfaces to deceive users into entering sensitive login information. The campaign is believed to be in an early deployment phase, with threat actors leveraging newly registered domains to evade detection.


This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal detection score of 0/95, indicating no current detections by antivirus engines; registered through REGRU-SU; resolving to IP address 194.58.126.86; SSL certificate issued by Let's Encrypt; domain creation date of January 09, 2026. Google Safe Browsing (GSB) has not yet flagged this domain, and no third-party blocklist entries have been recorded as of the latest scan. These characteristics suggest a rapidly evolving threat with low detection coverage, increasing the risk of successful compromise for unaware users.


The domain remains active and is currently under investigation by PhishDestroy and associated threat intelligence teams. Immediate actions include continuous monitoring for changes in infrastructure, content, or detection signatures. Users are strongly advised to avoid accessing skinapp.kvantum.su and report any related suspicious activity. Remaining risk is assessed as moderate due to the domain's recent registration, low detection coverage, and potential for rapid expansion. Organizations should implement network-level blocking for the domain and IP address (194.58.126.86) and consider user awareness training focusing on recognizing newly registered or suspicious domains. The unique seed identifier for this campaign is 2ec539, ensuring accurate tracking and correlation with future threat reports.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-01-09 13:02:57
- Registrar: REGRU-SU
- IP: 194.58.126.86

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cd50784c-9475-41a1-9b82-54cfc81d7ea9
- PhishDestroy: https://phishdestroy.io/domain/skinapp.kvantum.su/
- LLM endpoint: https://phishdestroy.io/domain/skinapp.kvantum.su/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/skinapp.kvantum.su/
Last updated: 2026-03-23