# krab---6at.ru — SUSPICIOUS

> krab---6at.ru is a live crypto drainer impersonating crypto brands, flagged by 0 of 95 VirusTotal scanners. Immediate domain block recommended.

## Summary
PhishDestroy identifies krab---6at.ru as an active crypto drainer domain involved in a credential theft campaign targeting cryptocurrency users. The domain is currently classified as 'under_investigation' with a status of 'active', indicating ongoing malicious operations. This site poses a high risk to users engaging with crypto platforms and requires immediate containment to prevent further compromise.  This domain was flagged by 0 of 95 VirusTotal vendors during the latest scan, indicating no detections despite its active status. The domain was registered through RU-CENTER-RU on March 17, 2026, and resolves to the IP address 185.212.128.10. The infrastructure leverages a Let's Encrypt SSL certificate for HTTPS traffic, potentially enhancing its legitimacy in phishing campaigns. The domain has not yet been documented on major threat intelligence feeds, suggesting a recently deployed or stealthy operation. Risk assessment remains elevated due to the lack of detections and active deployment timeline.  As of the latest analysis, krab---6at.ru continues to operate without widespread recognition from security vendors, increasing the likelihood of successful user deception. Organizations and individuals are advised to block this domain at the network and endpoint levels immediately. Additionally, users interacting with cryptocurrency platforms should verify URLs manually and avoid clicking unverified links. Security teams should monitor this domain for updates and consider it a high-priority threat until further intelligence emerges. Continuous reassessment of this domain’s status is strongly recommended.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 15:51:14
- Registrar: RU-CENTER-RU
- IP: 185.212.128.10

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a102acca-9e04-4022-b3f4-e69b82710427
- PhishDestroy: https://phishdestroy.io/domain/krab---6at.ru/
- LLM endpoint: https://phishdestroy.io/domain/krab---6at.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab---6at.ru/
Last updated: 2026-03-28