# voting-kinetiq.com — SUSPICIOUS > voting-kinetiq.com operates as a crypto drainer impersonating voting services, with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies voting-kinetiq.com as an active crypto drainer domain designed to deceive visitors into connecting cryptocurrency wallets under the guise of voting services. The domain mirrors legitimate voting platforms to trick users into authorizing malicious transactions that drain wallet funds. Security researchers assessing this domain observed no cryptocurrency-related brand impersonation, suggesting the threat actor is leveraging the generic 'voting' theme to cast a wide net rather than targeting a specific brand. The domain exhibits characteristics of a freshly deployed drainer kit, likely utilizing JavaScript-based wallet connection approvals to exfiltrate private keys and transaction approvals. Technical analysis of voting-kinetiq.com reveals critical indicators for security teams. VirusTotal currently rates the domain at 0/95 detections, indicating it remains undetected by most antivirus engines as of the time of analysis. This domain, registered through PDR Ltd. d/b/a PublicDomainRegistry.com, resolves to IP address 104.21.82.137 and holds a Let's Encrypt SSL certificate. The domain was created on April 12, 2026, making it a recent registration likely intended for short-term malicious campaigns. Google Safe Browsing (GSB) has not yet flagged the domain, and open-source intelligence shows no entries in major threat intelligence feeds at this time. The absence of detections and blocklist entries suggests this campaign may be in its initial deployment phase. The current status of voting-kinetiq.com is classified as active with an 'under_investigation' risk level. Security teams are advised to block this domain at the network perimeter and DNS level immediately to prevent user exposure. Users should be warned to avoid interacting with any links or websites promoting 'voting-kinetiq.com' or similar domains, particularly those requesting cryptocurrency wallet connections. The remaining risk is assessed as high due to the domain's recent creation, lack of detections, and potential for rapid propagation across unsuspecting victims. Continuous monitoring of this domain and associated infrastructure is recommended to track its evolution and mitigate further compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-12 14:25:29 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 104.21.82.137 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/66614b66-adfb-487d-b245-3168bfe4ec2d - PhishDestroy: https://phishdestroy.io/domain/voting-kinetiq.com/ - LLM endpoint: https://phishdestroy.io/domain/voting-kinetiq.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/voting-kinetiq.com/ Last updated: 2026-04-12