# kpa50.cc — MALICIOUS

> PhishDestroy flags kpa50.cc as an active crypto drainer stealing digital assets via fake login. Verify before you click: 8/95 security vendors already block.

## Summary
PhishDestroy identifies kpa50.cc as an active crypto drainer domain designed to steal digital assets through deceptive login pages. This malicious site impersonates legitimate platforms to trick users into connecting crypto wallets, enabling unauthorized token transfers. The infrastructure and domain were specifically configured to harvest private keys and drain funds from unsuspecting victims. This is not a generic phishing attempt—it is a targeted crypto drainer actively operating since its creation on September 1, 2025.  

This domain resolves to IP address 188.114.97.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. Google Safe Browsing (GSB) does not currently list this domain, but 8 out of 95 VirusTotal security vendors have already flagged it as malicious. The domain was created on September 1, 2025, indicating a recent and likely opportunistic deployment aimed at exploiting current market interest or events. Despite using a Google Trust Services SSL certificate, this domain exhibits clear malicious intent through its operational behavior and threat infrastructure.  

As of today, kpa50.cc remains active and poses an elevated risk to users who interact with it. Immediate action includes blocking the domain at the network and browser levels, updating threat intelligence feeds, and informing users to verify any suspicious crypto-related links using platforms like PhishDestroy. While current detection rates are improving, the domain’s recent creation and partial detection coverage suggest it may continue to evade some security tools. Users are strongly advised to avoid visiting kpa50.cc and to report any encounters to their security teams. The remaining risk is elevated due to the active nature of the site and the potential for rapid expansion into new campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-01 17:27:14
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ff2fe9d0-47de-423b-bf4b-0c6092329a49
- PhishDestroy: https://phishdestroy.io/domain/kpa50.cc/
- LLM endpoint: https://phishdestroy.io/domain/kpa50.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kpa50.cc/
Last updated: 2026-03-26