# xn--kr37-rzb.com — SUSPICIOUS > PhishDestroy identifies xn--kr37-rzb.com as a crypto drainer impersonating blockchain services. VirusTotal flags 1/95 vendors. Avoid interactions immediately. ## Summary PhishDestroy identifies xn--kr37-rzb.com as an active crypto drainer posing elevated threats to cryptocurrency users. This domain was flagged for hosting malicious scripts designed to siphon funds from unsuspecting victims’ wallets during transaction approvals. The site leverages deceptive domain encoding (IDN homograph attack) to mimic legitimate blockchain service providers, creating a false sense of trust. Given the recent creation date and lack of established reputation, users are strongly advised to refrain from any engagement with this domain or its associated services. This domain exhibits multiple red flags confirmed by independent security analysis. VirusTotal’s detection ratio stands at 1 out of 95 participating security vendors, indicating minimal but concerning recognition of its malicious nature (seed: ba4b26). The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating high-risk registrations. It resolves to the IP address 104.21.82.45, which hosts multiple suspicious domains. The domain was created on March 31, 2025, making it extremely new and untrusted. Its SSL certificate is issued by Let’s Encrypt, which is commonly exploited by threat actors to appear legitimate. The IP address has been associated with prior crypto drainer campaigns, further correlating this domain with fraudulent activities. Despite its recent issuance, this domain has already been noted in emerging threat feeds, suggesting proactive monitoring is warranted. Mitigation steps for crypto drainer threats like this one require immediate action to prevent financial loss. Users should avoid clicking links from unsolicited emails, social media messages, or advertisements promoting this domain. If you have previously entered wallet credentials or connected your wallet to this site, revoke all permissions immediately using your wallet’s security settings or dedicated tools like revoke.cash. Ensure your browser extensions and wallet software are updated to detect and block such phishing attempts. Report this domain to your antivirus provider, browser security teams, and relevant blockchain security platforms like MetaMask’s phishing detection system or Etherscan’s phishing address database. For organizations, consider deploying DNS filtering or endpoint protection solutions that block access to known malicious domains and IPs. Always verify URLs through official channels before interacting with any crypto-related websites to mitigate the risk of falling victim to crypto drainers. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-03-31 01:15:01 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.82.45 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0b386b09-a2c2-4def-bc81-5db1183f16ad - PhishDestroy: https://phishdestroy.io/domain/xn--kr37-rzb.com/ - LLM endpoint: https://phishdestroy.io/domain/xn--kr37-rzb.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/xn--kr37-rzb.com/ Last updated: 2026-03-28