# votes-kmno.org — SUSPICIOUS

> PhishDestroy flags votes-kmno.org as a fake voting portal stealing crypto wallet credentials; 2/95 VirusTotal detections; view full report.

## Summary
PhishDestroy identifies votes-kmno.org as an active fake-voting scam designed to trick visitors into connecting their cryptocurrency wallets and signing malicious transactions that drain funds.  The page mimics legitimate vote portals but installs drainer scripts once a wallet is linked, siphoning tokens to attacker-controlled addresses.  Security telemetry shows the site has already been flagged by SEAL and MetaMask, proving it is actively weaponized against visitors.  This domain was flagged by PhishDestroy after resolving to 104.21.85.40 and presenting a Let’s Encrypt SSL certificate.  VirusTotal analysis recorded detections by 2 out of 95 security vendors, while public blocklists already list the domain as hostile.  The site was registered on April 04, 2026 through PDR Ltd. d/b/a PublicDomainRegistry.com, a pattern consistent with short-lived malicious domains used in credential harvesting and fund theft campaigns.  If you visited votes-kmno.org, immediately disconnect your wallet, revoke any unauthorized signatures via your wallet’s activity tab, and run a malware scan on your device.  Report the domain to your wallet provider and to PhishDestroy for further investigation.  Do not interact with this site or any linked pages; treat any wallet prompts as suspicious and verify the destination URL before proceeding.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-04 03:57:18
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.85.40

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/votes-kmno.org
- PhishDestroy: https://phishdestroy.io/domain/votes-kmno.org/
- LLM endpoint: https://phishdestroy.io/domain/votes-kmno.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/votes-kmno.org/
Last updated: 2026-04-09