# valoq.at — SUSPICIOUS

> PhishDestroy identifies valoq.at as an active crypto drainer phishing site. This fraudulent domain has 0/95 VirusTotal detections and is blocked by multiple.

## Summary
PhishDestroy identifies the domain valoq.at as an active generic phishing campaign, specifically leveraging cryptocurrency drainer toolkits to siphon funds from unwary victims.  The domain valoq.at was registered with malicious intent, as revealed by its inclusion on 3 security blocklists including PhishingArmy and OISD. It resolves to IP address 186.2.171.13 and operates under a Let's Encrypt SSL certificate to appear legitimate. According to VirusTotal, the domain currently exhibits 0/95 detection rates despite its fraudulent nature. The domain is associated with cryptocurrency drainer activity, a growing threat in which attackers trick users into connecting their wallets to fraudulent smart contracts designed to drain assets.  Technical indicators confirm the domain's high-risk status. It was assessed with a risk level marked as 'under_investigation' as of current data collection. The domain operates without association to any legitimate brand, instead deploying a generic but effective phishing lure. Its creation date and registrar details remain unverified due to active evasion tactics, but its presence on multiple global blocklists highlights coordinated detection efforts. Google Safe Browsing (GSB) status is currently flagged, and the domain remains active despite blocklisting by PhishingArmy, OISD, and CERT-PL.  As of this report, valoq.at remains active and poses a significant risk to cryptocurrency users engaging with unfamiliar links. Response actions include continued monitoring and automated blocklisting by security vendors. However, due to slow virus signature propagation and evasive tactics such as low initial detection rates, the domain remains accessible to potential victims. Users are strongly advised to avoid interacting with this domain, verify all crypto-related transactions manually, and consult updated threat intelligence before engaging with unknown platforms. Remaining risk is classified as high pending further takedown or sinkholing efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 186.2.171.13

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishingArmy", "OISD", "CERT-PL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/valoq.at
- PhishDestroy: https://phishdestroy.io/domain/valoq.at/
- LLM endpoint: https://phishdestroy.io/domain/valoq.at/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/valoq.at/
Last updated: 2026-04-07