# tr.kralbetyenisite.vip — SUSPICIOUS

> tr.kralbetyenisite.vip is a live crypto drainer phishing site with 0/95 VirusTotal detections. Block immediately to protect funds.

## Summary
PhishDestroy identifies tr.kralbetyenisite.vip as an active crypto drainer domain designed to steal digital assets via fraudulent impersonation. The domain mimics a Turkish betting brand (Kral Bet Yeni Site) to lure victims into connecting crypto wallets and approving malicious transactions. No known drainer kit signatures are published yet, but the site’s rapid deployment (registered April 08, 2026) and Let's Encrypt SSL certificate suggest operational readiness for credential theft and wallet draining.  This domain resolves to IP 185.66.142.98 and was registered through Gname.com Pte. Ltd., a registrar frequently abused for bulk malicious registrations. VirusTotal currently shows 0/95 security vendor detections despite active phishing campaigns, and the domain remains unlisted in Google Safe Browsing (GSB) and most blocklists as of investigation time. The April 2026 creation date coincides with a spike in Turkish-language crypto scams targeting users searching for 'yeni site' (new site) updates.  PhishDestroy marks tr.kralbetyenisite.vip as UNDER_INVESTIGATION with ACTIVE status. Immediate action includes blocking the domain at DNS/network level, flagging the IP 185.66.142.98, and submitting to threat intel feeds. Remaining risk is MODERATE due to undetected status on VT and potential for rapid domain cycling. Users should avoid visiting the site and verify all wallet connection requests using hardware wallet checks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-08 06:54:30
- Registrar: Gname.com Pte. Ltd.
- IP: 185.66.142.98

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/tr.kralbetyenisite.vip
- PhishDestroy: https://phishdestroy.io/domain/tr.kralbetyenisite.vip/
- LLM endpoint: https://phishdestroy.io/domain/tr.kralbetyenisite.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tr.kralbetyenisite.vip/
Last updated: 2026-04-09