# kpa41.cc — MALICIOUS

> kpa41.cc is a crypto drainer site flagged by 15 of 95 VirusTotal vendors. Avoid entering wallet credentials or connecting crypto wallets. Proceed with caution.

## Summary
PhishDestroy identifies kpa41.cc as an active crypto drainer posing elevated risks to cryptocurrency users. This domain is currently engaged in malicious activities aimed at illicitly draining digital assets from unsuspecting victims. The site's operational status remains active, indicating ongoing threats to potential targets who may interact with the platform.  

This domain was flagged by 15 of 95 VirusTotal vendors, demonstrating widespread recognition of its malicious nature within the cybersecurity community. kpa41.cc resolves to IP 104.21.24.91, was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 07, 2025, and holds a Google Trust Services SSL certificate. The domain's recent creation date and high-risk indicators underscore its potential for harm, especially given its low trust scores across multiple security platforms.  

Given the elevated risk level and specific threat of crypto draining, PhishDestroy strongly advises against visiting, interacting with, or entering any credentials or wallet connections on kpa41.cc. Users who have already engaged with this domain should immediately revoke any connected wallet permissions and transfer assets to a secure wallet. Implementing network-level blocking of the domain and associated IP address (104.21.24.91) is recommended to prevent further exposure. Stay vigilant and report any suspicious interactions to relevant cybersecurity authorities.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-07 18:02:46
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.24.91

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f37eb55a-f107-45ea-9cf9-fac0699b75cf
- PhishDestroy: https://phishdestroy.io/domain/kpa41.cc/
- LLM endpoint: https://phishdestroy.io/domain/kpa41.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kpa41.cc/
Last updated: 2026-03-29