# krab-4-cc.net — SUSPICIOUS

> PhishDestroy identifies krab-4-cc.net as a crypto drainer phishing site resolving to 104.21.77.158. Check the full report.

## Summary
PhishDestroy identifies krab-4-cc.net as a malicious domain actively hosting a cryptocurrency drainer kit. The domain exhibits clear phishing characteristics with no association to any legitimate brand, suggesting a targeted campaign designed to deceive users into connecting fraudulent wallet drainers. Technical artifacts indicate the deployment of malicious JavaScript payloads intended to siphon digital assets from unsuspecting victims. The domain remains unblocked, presenting an immediate risk to cryptocurrency users engaging with unknown or unsolicited links.

This domain was flagged with a VirusTotal detection ratio of 0/95, indicating no antivirus or security vendor has yet classified it as malicious. It resolves to IP address 104.21.77.158 and utilizes a Google Trust Services SSL certificate for deceptive legitimacy. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain was created on December 12, 2023, ensuring it operates with minimal historical scrutiny. Despite its recent creation, the absence of inclusion in Google Safe Browsing (GSB) and other blocklists highlights the urgency for proactive defensive action.

Currently, krab-4-cc.net remains active and unmitigated, with no confirmed takedown or blocklisting observed. Users are advised to avoid interacting with this domain and to verify all cryptocurrency-related links via trusted sources. Organizations should implement network-level blocking of the IP and domain to prevent access. Remaining risk is assessed as HIGH due to the drainer kit’s operational status, lack of vendor detection, and potential for rapid propagation through phishing campaigns. Immediate containment and user awareness are critical to reduce exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:31:22
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.77.158

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4335516a-d675-471d-bde9-d8938e3f11cd
- PhishDestroy: https://phishdestroy.io/domain/krab-4-cc.net/
- LLM endpoint: https://phishdestroy.io/domain/krab-4-cc.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab-4-cc.net/
Last updated: 2026-03-27