# me.sahkoautot.info — MALICIOUS > PhishDestroy identifies me.sahkoautot.info as a crypto drainer impersonating Sahkoautot.fi; flagged by 18/95 VirusTotal vendors. Block now. ## Summary me.sahkoautot.info is a recently active crypto drainer posing as the Finnish electric-vehicle site Sahkoautot.fi. When visited, the page attempts to trick users into connecting a wallet and signing a malicious transaction that drains tokens directly from the wallet. Criminals behind the domain use Let’s Encrypt certificates to appear legitimate and rely on generic-looking subdomains to evade simple blocklists. Security vendors have already blacklisted the host at 104.21.36.30, yet new visitors still land on the page every day. PhishDestroy’s records show this domain was first observed on public feeds on 2024-05-12 and is registered through Namecheap Inc. The site is currently detected by 18 out of 95 VirusTotal scanners, and it appears on four additional threat intelligence feeds including PhishingArmy, StevenBlack, OISD, and CERT-PL. Despite the takedown-resistant hosting on Cloudflare IP 104.21.36.30, the Let’s Encrypt certificate is only valid for the exact domain name, giving analysts an easy pivot for further hunting. If you or someone in your organization visited me.sahkoautot.info, immediately disconnect the device from the internet, revoke any wallet connections shown in your browser’s extension list, and transfer remaining funds to a newly created wallet. Scan the workstation with an up-to-date antivirus and reset browser profiles. Report the incident to your security team and include the domain, the timestamp, and any wallet addresses involved for rapid threat containment. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.21.36.30 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 4 hits Lists: ["PhishingArmy", "StevenBlack", "OISD", "CERT-PL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fdc13831-e21a-43e4-8c57-df0d304e4d30 - PhishDestroy: https://phishdestroy.io/domain/me.sahkoautot.info/ - LLM endpoint: https://phishdestroy.io/domain/me.sahkoautot.info/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/me.sahkoautot.info/ Last updated: 2026-04-14