# kksave.com — MALICIOUS > kksave.com is actively impersonating Aave. Malicious domain flagged by 6 of 95 VirusTotal vendors. Check the full report. ## Summary PhishDestroy identifies kksave.com as a malicious domain engaged in active brand impersonation targeting Aave, currently classified with an elevated risk rating. This domain was flagged by 6 of 95 VirusTotal security vendors, registered through NAMECHEAP INC on October 25, 2025, and resolves to IP 162.159.140.98 with a Google Trust Services SSL certificate. Intelligence sources indicate kksave.com appears on 2 separate security blocklists and has been blocked by OpenPhish and PhishingArmy, raising immediate concerns over its legitimacy and potential for credential harvesting. Organizations and users are strongly advised to block all traffic to and from kksave.com immediately. Verify any Aave-related communications through official channels using authenticated sources only. Update endpoint security solutions with the latest threat intelligence to block this domain at the network level. Report suspicious interactions involving this domain to your SOC and relevant threat intelligence platforms to enhance collective defense. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Aave ## Domain Intelligence - Registered: 2025-10-25 06:36:58 - Registrar: NAMECHEAP INC - IP: 162.159.140.98 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["OpenPhish", "PhishingArmy"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/kksave.com - PhishDestroy: https://phishdestroy.io/domain/kksave.com/ - LLM endpoint: https://phishdestroy.io/domain/kksave.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kksave.com/ Last updated: 2026-04-08