# krab14cc.cc — SUSPICIOUS

> krab14cc.cc is an active crypto-drainer domain—3/95 VirusTotal vendors flag it—stealing wallet credentials in plain sight. Act now.

## Summary
PhishDestroy identifies krab14cc.cc as an ACTIVE crypto-drainer campaign hosting malicious scripts designed to siphon digital assets on user interaction.

This domain was flagged by 3 out of 95 VirusTotal security vendors, resolving to IP 172.67.130.27 with a NICENIC INTERNATIONAL GROUP CO., LIMITED registration dated December 12, 2025. The infrastructure is wrapped in a Google Trust Services SSL certificate, yet blocklist coverage remains thin at 3/95.

Immediate mitigation requires blocking the domain at DNS level, flagging the IP range 172.67.130.27/32 in firewall rules, and warning users never to enter private keys or seed phrases on the page. If exposure occurred, revoke all wallet permissions via blockchain explorers and initiate hardware wallet resets.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 05:06:49
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.130.27

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/aa8a492c-a2d5-4ae0-9fdb-f370d1a30b41
- PhishDestroy: https://phishdestroy.io/domain/krab14cc.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab14cc.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab14cc.cc/
Last updated: 2026-03-26