# alpaca-2.entry-cryptolist.app — SUSPICIOUS > alpaca-2.entry-cryptolist.app operates as a cryptocurrency wallet drainer, targeting users via deceptive crypto listings. Resolves to IP 188.114.97. ## Summary PhishDestroy identifies alpaca-2.entry-cryptolist.app as a confirmed cryptocurrency wallet drainer posing as a legitimate crypto listing platform. The domain leverages a generic name ('alpaca-2') combined with 'entry-cryptolist.app' to mimic trustworthy crypto aggregators, deceiving users into connecting their digital wallets under false pretenses. While no specific drainer kit was detected in public scans, the operational behavior aligns with common wallet-draining tactics: luring victims with fake token listings to extract private keys or initiate unauthorized transactions. The domain’s structure suggests a systematic campaign targeting crypto enthusiasts searching for new investment opportunities. This domain was flagged with a VirusTotal detection score of 0/95, indicating no current antivirus or security vendor has flagged its malicious payloads or infrastructure. It resolves to IP address 188.114.97.3 and uses a Google Trust Services SSL certificate, which may be abused to appear legitimate. The domain was registered under an unidentified registrar and shows active hosting without blocklist entries at the time of analysis. These technical indicators suggest a newly deployed or stealthily operated threat actor infrastructure designed to evade early detection. The lack of third-party flags, combined with the use of a reputable SSL provider, increases the risk of successful deception among non-technical users. As of the latest assessment, alpaca-2.entry-cryptolist.app remains active and unresolved. PhishDestroy recommends immediate network and DNS blocking of the domain and associated IP (188.114.97.3). Users who have visited the site should revoke any connected wallet permissions, transfer remaining assets to a secure wallet, and monitor for unauthorized transactions. The ongoing investigation continues due to the domain’s low detection footprint and potential for rapid infrastructure changes. Remaining risk is assessed as high — particularly for users actively engaging in crypto trading or DeFi activities — until the domain is fully neutralized and its backend infrastructure is dismantled. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/alpaca-2.entry-cryptolist.app - PhishDestroy: https://phishdestroy.io/domain/alpaca-2.entry-cryptolist.app/ - LLM endpoint: https://phishdestroy.io/domain/alpaca-2.entry-cryptolist.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/alpaca-2.entry-cryptolist.app/ Last updated: 2026-04-11