# krab-5-at.cc — MALICIOUS

> PhishDestroy flags krab-5-at.cc as a crypto drainer with 8/95 VirusTotal detections. SSL issued by Google Trust Services. Avoid interaction immediately.

## Summary
PhishDestroy identifies krab-5-at.cc as an active crypto drainer site designed to steal cryptocurrency assets from unsuspecting visitors. When a user connects a wallet or enters private keys, the domain exfiltrates funds through malicious smart-contract interactions or clipboard hijacking routines. This domain is part of a broader campaign targeting decentralized finance users who may overlook subtle domain mismatches or expired certificate warnings.  This domain was flagged by PhishDestroy after 8 out of 95 VirusTotal security vendors detected malicious content hosted at krab-5-at.cc. Whois records show the domain was registered on December 12, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 104.21.66.109. The presence of a Google Trust Services SSL certificate may mislead users into believing the site is legitimate, but the short domain age and low detection ratio suggest a recently deployed threat actor asset.  If you visited krab-5-at.cc, disconnect your wallet immediately and revoke any connected permissions via your wallet’s interface or a reputable blockchain explorer. Do not enter private keys or sign transactions on the site. Report the domain to your antivirus vendor and consider rotating wallet addresses if exposure is suspected. Monitor transaction history for unauthorized transfers. Forward any wallet interaction logs to PhishDestroy for further analysis. Never reuse passwords or seed phrases across platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 05:01:09
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.66.109

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bbb8a738-b728-4864-b0bc-5032bd5510bb
- PhishDestroy: https://phishdestroy.io/domain/krab-5-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab-5-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab-5-at.cc/
Last updated: 2026-03-28