# cobraking.site — SUSPICIOUS

> cobraking.site linked to a crypto drainer phishing campaign. Flagged by 0 of 95 VirusTotal vendors. Avoid interactions and block the domain immediately.

## Summary
cobraking.site has been identified as a crypto drainer phishing domain, currently active and under investigation by the SOC team. The threat involves malicious actors attempting to deceive users into connecting cryptocurrency wallets to fraudulent services, resulting in unauthorized fund transfers. Given its active status, immediate caution and preventive measures are advised to mitigate potential financial losses.  

This domain was flagged by 0 out of 95 VirusTotal vendors, indicating it has evaded detection by most security solutions as of the latest scan. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain resolves to IP address 188.114.96.3 and was created on January 31, 2024. Notably, it holds a valid SSL certificate issued by Google Trust Services, which may lend a false sense of legitimacy to unsuspecting users. Despite its recent creation, there are no current entries in blocklist databases, further emphasizing its stealthy nature.  

Given the absence of detections and the domain's active status, the risk of exposure remains significant, particularly for users engaging with cryptocurrency platforms. The SOC recommends blocking cobraking.site at the network perimeter and endpoints, along with inspecting any recent wallet connection attempts to this domain. Additionally, users should be advised to verify URLs and avoid interacting with unsolicited links purporting to offer crypto services. Continuous monitoring of this domain for emerging threat intelligence is strongly encouraged to preempt potential attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-01-31 02:24:32
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/704baab3-3e68-4c13-bd90-f28c42e8984a
- PhishDestroy: https://phishdestroy.io/domain/cobraking.site/
- LLM endpoint: https://phishdestroy.io/domain/cobraking.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cobraking.site/
Last updated: 2026-03-27