# krab129.cc — MALICIOUS

> krab129.cc is a crypto drainer phishing site flagged by 5 of 95 VirusTotal scanners. Analyze transactions carefully to prevent asset theft.

## Summary
PhishDestroy identifies krab129.cc as an active crypto drainer posing under a deceptive domain. This website employs fraudulent tactics to trick users into connecting crypto wallets under the guise of legitimate transactions. No specific brand impersonation or drainer kit was publicly disclosed in available threat intelligence, but the domain’s behavior aligns with on-chain credential theft observed in similar campaigns. The site leverages social engineering to prompt wallet connections, enabling unauthorized transaction signing and asset drainage through smart contract interactions. Users should avoid interacting with this domain entirely to prevent irreversible financial loss.


exact technical indicators confirm elevated risk: the domain resolves to IP 188.114.97.3 and was created on December 12, 2025, a suspiciously recent registration. The SSL certificate is issued by Google Trust Services, which does not inherently validate legitimacy. VirusTotal analysis shows 5 out of 95 security vendors flagging the domain, indicating partial detection but not universal consensus. The registrar is NICENIC INTERNATIONAL GROUP CO., LIMITED, a known entity used in bulk domain registrations that often obscure malicious intent. While no blocklist count was provided, the combination of new domain age, low VT coverage, and crypto-drainer behavior elevates operational risk significantly. The Google Safe Browsing (GSB) status remains unconfirmed in current feeds, suggesting potential evasion of real-time blacklists.


As of the latest assessment, krab129.cc remains active and unblocked by major browsers. PhishDestroy has flagged this domain with an elevated risk rating due to its alignment with crypto drainer activity and low detection coverage. Immediate user action includes avoiding all wallet connections, reporting the domain to security platforms, and sharing indicators with threat intelligence communities. Remaining risk is high given the domain’s recency, partial detection, and absence from major blocklists. Users are advised to verify domains via official project websites and avoid unsolicited links promising rewards or urgent actions.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 05:08:36
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ad32a05c-54e1-43b6-a9bc-5f1a9ff71b89
- PhishDestroy: https://phishdestroy.io/domain/krab129.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab129.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab129.cc/
Last updated: 2026-03-26