# https--krab2.cc — SUSPICIOUS

> PhishDestroy flags https--krab2.cc as a crypto drainer impersonating a wallet brand, detected by 0/95 engines. Domain registered Dec 12 2025 via Nicenic.

## Summary
PhishDestroy identifies https--krab2.cc as an active crypto drainer site designed to trick users into connecting cryptocurrency wallets and automatically drain funds. The domain mimics legitimate wallet login pages and prompts visitors to sign malicious transactions that transfer tokens to attacker-controlled addresses without additional approval. Visitors should treat any pop-up or prompt from this domain as hostile and immediately revoke any wallet connections made to it.  This domain was flagged on December 12, 2025, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP address 188.114.97.3 and holds a valid SSL certificate issued by Google Trust Services. VirusTotal currently shows 0 detections out of 95 scanning engines, indicating this threat is newly active and not yet widely detected by automated tools. The combination of recent registration, clean SSL, and low detection rate suggests this campaign is operating under the radar to target early victims.  If you visited https--krab2.cc, disconnect your wallet immediately, revoke any permissions granted, and transfer remaining assets to a clean wallet. Run a malware scan on your device and change passwords used on the same browser profile. Report the domain to PhishDestroy and your wallet provider to help block further attacks. Never interact with wallet connection prompts or transaction signing requests from untrusted sites.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 19:37:26
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/124a6f73-b45c-449c-809a-280613cfe660
- PhishDestroy: https://phishdestroy.io/domain/https--krab2.cc/
- LLM endpoint: https://phishdestroy.io/domain/https--krab2.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/https--krab2.cc/
Last updated: 2026-03-27