# attesim.us — SUSPICIOUS

> Beware! attesim.us hosts a crypto drainer impersonating legitimate crypto services. With only 1/95 VirusTotal detections, users are urged to verify links using.

## Summary
PhishDestroy identifies attesim.us as a recently activated crypto drainer phishing domain leveraging a generic but deceptive naming convention. The domain appears designed to impersonate legitimate cryptocurrency platforms, likely targeting users through social engineering or spoofed communications. While no specific drainer kit details are publicly available, the site's infrastructure suggests capabilities aligned with credential theft or cryptocurrency wallet draining, a common tactic in modern phishing campaigns. No direct association with a major crypto brand has been confirmed, but the generic 'attesim' string may mimic authentic service domains to enhance believability among potential victims. 

Technical analysis reveals a newly established domain, registered on September 13, 2023, resolving to IP address 107.21.229.127. The domain is registered through GoDaddy.com, LLC, and secured with an SSL certificate issued by Let’s Encrypt, likely to establish trust. VirusTotal currently flags the domain with a detection ratio of 1 out of 95 security vendors, indicating low visibility in automated threat feeds. While specific blocklist counts or Google Safe Browsing (GSB) status are not disclosed, the limited detections suggest the domain is actively operating beneath typical radar. 

At the time of this advisory, the domain remains active and constitutes an elevated risk due to its recent appearance and lack of widespread detection. PhishDestroy recommends immediate blocking of 107.21.229.127 and the domain attesim.us at the network perimeter. Users are strongly advised to avoid all interactions, particularly input of credentials or cryptocurrency wallet connections. Remaining risk is elevated due to the domain’s freshness, minimal vendor detections, and potential for rapid expansion into spam campaigns. Regular monitoring and proactive blocking are essential to prevent user exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2023-09-13 19:46:14
- Registrar: GoDaddy.com, LLC
- IP: 107.21.229.127

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cd9ee455-d033-49d3-8d7e-6fa62167ed04
- PhishDestroy: https://phishdestroy.io/domain/attesim.us/
- LLM endpoint: https://phishdestroy.io/domain/attesim.us/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/attesim.us/
Last updated: 2026-03-24