# distribution-zebec.app — SUSPICIOUS > PhishDestroy identifies distribution-zebec.app as a crypto drainer phishing site impersonating Zebec. 0/95 VirusTotal detections. Verify before clicking. ## Summary PhishDestroy identifies distribution-zebec.app as a phishing domain masquerading as the Zebec brand, hosting a crypto-wallet drainer kit designed to siphon private keys and tokens on user interaction. The threat actor has deployed a convincing fake login portal that mimics Zebec’s interface to harvest credentials and trigger wallet-draining transactions once authentication appears successful. Behavioral analysis indicates the drainer kit is configured to target MetaMask, WalletConnect, and similar Web3 wallets, with post-authentication scripts exfiltrating seed phrases and initiating silent transfers to attacker-controlled addresses. This domain was flagged on security blocklists after resolving to IP 188.114.96.3 and registering through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 01, 2026—an unusually recent creation that aligns with rapid deployment cycles typical of crypto drainer campaigns. VirusTotal currently reports 0 detections out of 95 engines, underscoring the evasive nature of the payload, while Google Safe Browsing has not yet flagged the domain. The combination of a fresh domain, low VT score, active blocklist presence, and SSL issued by Let’s Encrypt suggests a newly spun infrastructure leveraging trusted certificates to bypass browser warnings. As of this analysis, distribution-zebec.app remains active with an under-investigation status, having already been blocked by SEAL and MetaMask. Immediate response actions include domain takedown requests to registrars and hosting providers, alongside signature updates for browser and wallet extensions. Remaining risk is high due to the domain’s unknown longevity, low detection coverage, and active propagation through social engineering vectors. Users are strongly advised to verify any Zebec-related links using PhishDestroy’s real-time scanner and to revoke wallet approvals immediately if interaction with this domain has occurred. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-01 16:30:08 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["SEAL", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/distribution-zebec.app - PhishDestroy: https://phishdestroy.io/domain/distribution-zebec.app/ - LLM endpoint: https://phishdestroy.io/domain/distribution-zebec.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/distribution-zebec.app/ Last updated: 2026-04-04