# voting-avici.money — SUSPICIOUS > voting-avici.money is a crypto drainer site impersonating voting portals; 0/95 detections. Verify on PhishDestroy before any wallet interaction. ## Summary PhishDestroy identifies voting-avici.money as a generic crypto drainer domain actively posing as a voting portal to trick users into connecting wallets and draining crypto assets under the seed 5c2a34. The domain uses a deceptive naming scheme combining 'voting' with 'avici' to mimic legitimate government or election-related platforms, suggesting an intent to exploit users seeking voting information or participation. No specific drainer kit signature has been extracted from public sandboxing yet, but the domain exhibits classical drainer behavior patterns by redirecting users to wallet-connecting pages after initial engagement. voting-avici.money was registered on April 01, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 104.21.37.102 with a Let's Encrypt SSL certificate. VirusTotal currently shows 0/95 antivirus detections, indicating low signature coverage, while the domain appears on at least 2 public security blocklists including SEAL and MetaMask. The domain is newly created, suggesting a short operational window, but its presence on blocklists and security tools indicates early detection by some vendors despite low AV coverage. The combination of young age, low VT detection, and multiple blocklist hits points to a rapidly evolving but not yet widely recognized threat. This domain remains under active investigation with a status of 'active' and risk level 'under_investigation'. Current response actions include blocklisting by SEAL and MetaMask, though broader network-level blocking may be lagging due to the low detection rate. Remaining risk is elevated due to the domain’s ability to evade signature-based detection systems, its plausible naming, and the potential for social engineering targeting users seeking voting-related services. Users are strongly advised to avoid interacting with voting-avici.money and to verify any suspicious voting or crypto-related domains using PhishDestroy’s real-time scanning tools before entering credentials or connecting wallets. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-01 00:09:00 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.37.102 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["SEAL", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/voting-avici.money - PhishDestroy: https://phishdestroy.io/domain/voting-avici.money/ - LLM endpoint: https://phishdestroy.io/domain/voting-avici.money/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/voting-avici.money/ Last updated: 2026-04-04