# krkn.site — SUSPICIOUS

> PhishDestroy flags krkn.site as a crypto drainer impersonating crypto services right now. Site registered Feb 18 2026, VirusTotal score 0/95 clean so far.

## Summary
PhishDestroy identifies krkn.site as an active crypto drainer site designed to trick users into connecting wallets and signing malicious transactions.

This domain was flagged because it resolves to IP 72.52.178.23, obtained a Let’s Encrypt SSL certificate, and went live on February 18, 2026 through registrar GMO Internet, Inc. VirusTotal currently shows 0 security engines detecting the site, keeping the window open for unsuspecting visitors.

If you visited krkn.site, immediately disconnect your wallet, revoke any permissions, and run a malware scan on your device. Report the incident with wallet addresses and transaction hashes so investigators can trace stolen funds and blacklist the domain quickly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-18 00:06:18
- Registrar: GMO Internet, Inc.
- IP: 72.52.178.23

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/842b406e-8b4a-4a50-8a34-8e413c0b412b
- PhishDestroy: https://phishdestroy.io/domain/krkn.site/
- LLM endpoint: https://phishdestroy.io/domain/krkn.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krkn.site/
Last updated: 2026-03-28