# blacksprut2rprrt3aoigwh7zftiprzqyqynzz2eiimmwmykw7wkpyad.net — SUSPICIOUS > PhishDestroy identifies Blacksprut2rprrt3aoigwh7zftiprzqyqynzz2eiimmwmykw7wkpyad.net as an active crypto drainer domain flagged by 2 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies the domain blacksprut2rprrt3aoigwh7zftiprzqyqynzz2eiimmwmykw7wkpyad.net as an active crypto drainer threat currently propagating malicious activity. The domain is categorized under generic phishing with an elevated risk level, indicating a credible threat to cryptocurrency holders and digital asset users. PhishDestroy’s threat intelligence confirms this domain is actively resolving and engaging in fraudulent operations designed to deceive victims into transferring cryptocurrency assets to attacker-controlled wallets. This domain was first observed on April 3, 2023, and is currently hosted on IP address 188.114.97.3. Analysis by security vendors reveals a low but concerning detection rate: only 2 out of 95 VirusTotal security products flagged this domain as malicious as of the latest scan. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known to host both legitimate and malicious domains. The presence of a Let's Encrypt SSL certificate suggests an attempt to appear legitimate, while the obfuscated subdomain structure (blacksprut2rprrt3aoigwh...) is a common tactic used to mimic legitimate service names or evade detection. The combination of low detection, recent creation, and cryptocurrency-related targeting elevates the risk profile of this domain. Given its elevated risk status and confirmed malicious activity, PhishDestroy recommends immediate defensive action. Network administrators and end users should block access to this domain and associated IP address (188.114.97.3) at the firewall and DNS level. Security teams should scan for any internal exposure or compromise, particularly among users with cryptocurrency holdings. This domain should be added to threat intelligence feeds and blocklists without delay. Continuous monitoring is advised due to the evolving nature of crypto drainer campaigns, which frequently adapt by creating new subdomains or domains to bypass defenses. Users are urged to verify URLs, avoid clicking unsolicited links, and use multi-factor authentication on all financial accounts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2023-04-03 14:04:49 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0e1109b6-ae73-49a0-a136-b4287834abfe - PhishDestroy: https://phishdestroy.io/domain/blacksprut2rprrt3aoigwh7zftiprzqyqynzz2eiimmwmykw7wkpyad.net/ - LLM endpoint: https://phishdestroy.io/domain/blacksprut2rprrt3aoigwh7zftiprzqyqynzz2eiimmwmykw7wkpyad.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/blacksprut2rprrt3aoigwh7zftiprzqyqynzz2eiimmwmykw7wkpyad.net/ Last updated: 2026-03-28