# freekrab7.live — SUSPICIOUS > Domain freekrab7.live is a live crypto drainer impersonating FreeKrab DeFi platform (0/95 VirusTotal detections). Avoid connecting wallets to this site. ## Summary Domain freekrab7.live has been identified as an active crypto drainer impersonating the FreeKrab DeFi platform, designed to deceive users into connecting their cryptocurrency wallets under the guise of accessing 'free' rewards or services. This domain leverages social engineering tactics, mimicking FreeKrab’s branding and interface to trick victims into authorizing malicious token approvals or transactions. Security researchers note that crypto drainers like this typically exploit victims' trust in established platforms to siphon funds directly from connected wallets. This domain exhibits several high-risk technical indicators confirmed by forensic analysis. PhishDestroy first flagged freekrab7.live, which is currently unresolved by 95 VirusTotal engines (0/95 detections as of analysis). The domain was registered on February 12, 2026, through Sav.com, LLC, and resolves to IP address 172.67.160.166. It utilizes a Let’s Encrypt SSL certificate and is blocked by multiple security systems including MetaMask, SEAL, and PhishDestroy. Additionally, the domain appears on three separate security blocklists, indicating prior malicious activity or association with known threat actors. Despite its recent creation and high-risk infrastructure, VirusTotal has yet to detect this threat, underscoring the importance of proactive and crowdsourced threat intelligence in early-stage phishing campaigns. As of this report, freekrab7.live remains active and categorized under investigation, with a status of 'active' in the threat database. Immediate response actions have included blocking by PhishDestroy, MetaMask, and SEAL, effectively preventing end-user exposure in environments using these tools. However, the domain remains accessible via direct navigation or unprotected systems, posing an ongoing risk to cryptocurrency users seeking FreeKrab-related services. The low detection rate on VirusTotal and the domain’s recent creation date suggest this campaign may be in its early propagation phase. Users are strongly advised to avoid visiting freekrab7.live, verify all DeFi platform URLs via official channels, and ensure wallet connection alerts are enabled to detect unauthorized transaction requests. Security researchers should monitor this domain for escalation in malicious activity and update detection rules accordingly. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-12 10:38:05 - Registrar: Sav.com, LLC - IP: 172.67.160.166 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["PhishDestroy", "MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/20f7b3f9-b546-4f70-9e55-f8002fd0247e - PhishDestroy: https://phishdestroy.io/domain/freekrab7.live/ - LLM endpoint: https://phishdestroy.io/domain/freekrab7.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/freekrab7.live/ Last updated: 2026-03-31