# vortexspace630.top — SUSPICIOUS > Beware! vortexspace630.top is a crypto drainer phishing site hosting fake login pages. Verify URLs on PhishDestroy before entering credentials to protect your. ## Summary PhishDestroy has identified vortexspace630.top as a crypto drainer phishing domain deployed to siphon cryptocurrency from unwitting users. This domain impersonates legitimate platforms by hosting fraudulent login interfaces designed to harvest wallet credentials and private keys. The infrastructure supports automated fund transfers to attacker-controlled addresses, leveraging obfuscated JavaScript to bypass security measures and silently exfiltrate assets upon authentication. While the attacker’s drainer kit remains partially obfuscated, preliminary analysis reveals standard behaviors such as clipboard monitoring for wallet addresses, fake transaction confirmation overlays, and domain fronting to evade detection. This domain resolves to IP address 188.114.97.3 and was registered through Dynadot LLC on July 18, 2025. It utilizes a Google Trust Services SSL certificate to appear legitimate, though VirusTotal currently flags it as clean with 0/95 detections across multiple antivirus engines. Despite its clean status on public scanners, PhishDestroy’s behavioral sandbox analysis confirms malicious activity consistent with crypto drainer operations. The domain remains unlisted on major blocklists, highlighting the delay in threat intelligence dissemination and the need for proactive monitoring. As of this advisory, the domain remains active and under investigation. PhishDestroy has flagged the site for takedown, shared IOCs with partner CERT teams, and notified the domain registrar. Users are urged to avoid accessing vortexspace630.top and verify all URLs through PhishDestroy’s real-time scanner. The current risk is classified as active pending further analysis, with potential for escalation or expansion to related infrastructure. Organizations and individuals are encouraged to monitor wallet transactions and revoke any exposed credentials immediately if interaction with this domain has occurred. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-07-18 13:32:12 - Registrar: Dynadot LLC - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/vortexspace630.top - PhishDestroy: https://phishdestroy.io/domain/vortexspace630.top/ - LLM endpoint: https://phishdestroy.io/domain/vortexspace630.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/vortexspace630.top/ Last updated: 2026-04-10