# votme.top — SUSPICIOUS

> PhishDestroy flags votme.top for crypto drainer phishing—0/95 VirusTotal detections. Targets users with fake voting platform. Block immediately.

## Summary
PhishDestroy identifies votme.top as a live crypto drainer domain impersonating a voting platform to siphon cryptocurrency assets. The domain leverages social engineering tactics by mimicking legitimate voting service branding to deceive users into connecting wallets and authorizing malicious transactions. Security researchers have observed drainer kits embedded in the site's frontend, designed to harvest private keys and execute unauthorized transfers upon wallet connection.  votme.top was registered on March 22, 2026 through Spaceship, Inc., and resolves to IP 188.114.97.3. The domain currently shows 0 detections out of 95 engines on VirusTotal, indicating low signature coverage. It uses a Let's Encrypt SSL certificate for credibility, but Google Safe Browsing (GSB) has not yet flagged the domain, and no public blocklists currently include it. This combination of fresh registration, neutral VT score, and absence from major blocklists suggests early-stage deployment with potential for rapid expansion.  The domain remains active and under active investigation by PhishDestroy analysts. Immediate action is recommended: network and endpoint blocks at the firewall and DNS level, user awareness alerts, and increased monitoring for related infrastructure. While the immediate risk is assessed as under_investigation due to low detection rates, the threat is escalating due to drainer tooling presence. Users should avoid interaction, and organizations are advised to deploy behavioral detection rules targeting wallet connection patterns and transaction anomalies.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-22 21:38:38
- Registrar: Spaceship, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/81323d20-103b-4e02-b592-c1a94bae87e9
- PhishDestroy: https://phishdestroy.io/domain/votme.top/
- LLM endpoint: https://phishdestroy.io/domain/votme.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/votme.top/
Last updated: 2026-03-23