# kr047.cc — SUSPICIOUS

> PhishDestroy flags kr047.cc as a live crypto-draining page: 4/95 vendors detected, registered 11/30/2025 via NameSilo. Block now.

## Summary
PhishDestroy identifies kr047.cc as an active crypto-draining landing page designed to siphon funds from unsuspecting wallet users. The domain resolves to IP 185.149.120.187 and is engineered to mimic legitimate blockchain interfaces, tricking visitors into authorizing malicious transactions that drain crypto assets without additional prompts. Threat actors registered the domain on November 30, 2025, and are already leveraging it in campaigns targeting crypto investors under the guise of wallet updates or token airdrops.  This domain was flagged by 4 out of 95 security vendors on VirusTotal, indicating a high risk despite low initial detection coverage. The domain was registered through NameSilo, LLC shortly before going live, showing a pattern of rapid deployment commonly used to evade takedowns. Given the domain’s newness and low blocklist presence, it remains highly effective against users relying on reputation-based defenses.  Users who visited kr047.cc should immediately disconnect from the internet, revoke any transaction approvals via wallet extensions or app, and transfer remaining assets to a fresh wallet. Clear browser cache and disable suspicious browser extensions, then scan devices with updated antivirus software. Report the domain to your wallet provider and relevant crypto platforms to help block further abuse and protect others.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-30 11:15:28
- Registrar: NameSilo, LLC
- IP: 185.149.120.187

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4ae8c7b6-4d46-44e5-9e42-c823932c1cb3
- PhishDestroy: https://phishdestroy.io/domain/kr047.cc/
- LLM endpoint: https://phishdestroy.io/domain/kr047.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kr047.cc/
Last updated: 2026-03-28