# votes-ore.supply — SUSPICIOUS > PhishDestroy flags votes-ore.supply as a fake voting site phishing domain hosted on 188.114.97.3. Virustotal score 0/95. Check the full report. ## Summary PhishDestroy identifies votes-ore.supply as an active fake voting site phishing domain designed to harvest credentials under the guise of a legitimate voting portal. The domain mimics an official voting interface to trick users into entering personal or financial information. No known drainer kit artifacts were detected in open-source intelligence feeds; the threat appears to rely on social engineering and domain spoofing rather than custom malicious scripts. The domain name leverages the word "votes" and the ccTLD "supply" to appear relevant to election or survey contexts, a common tactic in domain squatting campaigns targeting civic participation. Technical indicators confirm elevated risk: VirusTotal currently reports 0 detections out of 95 engines, suggesting the domain has evaded automated detection mechanisms thus far. The domain was registered on April 03, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP address 188.114.97.3 and is associated with a Let’s Encrypt SSL certificate, increasing perceived legitimacy. Google Safe Browsing has flagged the domain, and it appears on at least 2 public blocklists. MetaMask and SEAL have also implemented network-level blocks. The combination of a recent registration date, blocklist presence, and low detection rate indicates early-stage deployment with potential for rapid escalation. At present, votes-ore.supply remains active and under investigation with a status classified as 'active' by monitoring systems. PhishDestroy recommends users avoid interacting with the domain and organizations apply network-level blocking via the known IP and domain. While risk is currently categorized as 'under_investigation' due to low detection scores, the presence on multiple blocklists and browser security tools suggests imminent escalation to confirmed malicious status. Immediate action is advised to prevent credential harvesting or fund loss through impersonation of legitimate voting infrastructure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-03 17:33:00 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["SEAL", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/votes-ore.supply - PhishDestroy: https://phishdestroy.io/domain/votes-ore.supply/ - LLM endpoint: https://phishdestroy.io/domain/votes-ore.supply/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/votes-ore.supply/ Last updated: 2026-04-04