# extension-rabby.com — SUSPICIOUS > PhishDestroy identifies extension-rabby.com as a crypto drainer impersonating Rabby Wallet. VT 0/95, IP 188.114.97.3, danger now—scan your link. ## Summary PhishDestroy identifies extension-rabby.com as a generic phishing domain currently under investigation for hosting a cryptocurrency drainer kit. The site masquerades as the legitimate Rabby Wallet extension, tricking users into connecting wallets and authorizing malicious token transfers under the guise of routine transactions. No specific drainer kit variant has been publicly documented for this domain yet, leaving its exact payload unverified but strongly suspected to target MetaMask, Rabby, or similar Web3 interfaces. This domain resolves to IP 188.114.97.3 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on March 24, 2026 and secured with a Let’s Encrypt SSL certificate. VirusTotal currently reports 0 detections out of 95 engines, indicating a zero detection score at time of writing. Google Safe Browsing (GSB) has not yet flagged the domain, and third-party blocklist counts remain undocumented but are likely low due to its recent emergence. The lack of detections and new registration suggests an early-stage campaign relying on social engineering rather than overtly malicious infrastructure. As of this assessment, extension-rabby.com remains active and is not yet blocked by major browsers or security vendors. PhishDestroy continues to monitor the domain and its associated infrastructure for updates. Remaining risk is moderate-to-high given its active status, zero detections, and clear intent to impersonate a legitimate crypto wallet. Users are strongly advised to avoid interacting with this domain, verify any wallet-related download via official sources, and scan links using PhishDestroy before engaging. The threat remains under active investigation, with coordinated remediation efforts pending broader detection coverage. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-24 01:50:31 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/400d5b2e-c677-4103-8cf9-0b0c0eaebbb2 - PhishDestroy: https://phishdestroy.io/domain/extension-rabby.com/ - LLM endpoint: https://phishdestroy.io/domain/extension-rabby.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/extension-rabby.com/ Last updated: 2026-03-24