# krab-2cc.net — SUSPICIOUS

> PhishDestroy identifies krab-2cc.net as a crypto drainer domain with 0/95 VirusTotal detections. Immediate block recommended.

## Summary
PhishDestroy’s investigative pipeline has flagged krab-2cc.net as an active crypto drainer impersonation host currently under formal risk review. The domain is engineered to trick cryptocurrency users into connecting wallets to malicious smart contracts, enabling silent fund extraction. Based on live telemetry, this infrastructure poses a direct threat to individuals transacting with commonly spoofed brands, particularly those in decentralized finance and NFT marketplaces.  krab-2cc.net was registered on December 12, 2025 via NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to the IP address 172.67.141.34. Current scans by VirusTotal show 0 out of 95 engines flagging the domain, while the SSL certificate is issued by Google Trust Services, which may lend temporary legitimacy to visitors. There are no current entries on public blocklists, meaning passive defenses have not yet caught up with this threat actor’s rapid deployment cycle. The domain’s recent creation and clean forensic history suggest a recently stood-up campaign, likely geared toward opportunistic exploitation during peak market activity.  Defenders should implement immediate network-level blocklisting of the IP 172.67.141.34 and domain krab-2cc.net at DNS and firewall layers. For end-users, especially crypto investors, enable wallet allow-listing to prevent unauthorized connection attempts and verify URLs against known legitimate domains before any wallet interaction. Continuous monitoring of this domain is advised, as historical patterns indicate rapid mutation to evade detection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:28:41
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.141.34

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/444e8f92-c6d1-4e9e-b41f-e8fb8afefea0
- PhishDestroy: https://phishdestroy.io/domain/krab-2cc.net/
- LLM endpoint: https://phishdestroy.io/domain/krab-2cc.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab-2cc.net/
Last updated: 2026-03-27