# krab17at.cc — SUSPICIOUS > krab17at.cc confirmed as crypto drainer stealing assets, flagged by 4/95 VirusTotal vendors. Avoid any transactions on this site immediately. ## Summary PhishDestroy identifies krab17at.cc as an active crypto-drainer domain designed to trick users into approving malicious wallet transactions that drain digital assets. Once a visitor connects a wallet and approves a transaction, the site silently diverts approved token allowances and native currency to attacker-controlled addresses. Security telemetry shows this domain was created on December 11, 2025, just days ago, indicating a fast-moving threat likely deployed to capitalize on holiday shopping or year-end trading activity. The domain resolves to 188.114.96.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often abused for bulletproof hosting and short-lived malicious domains. This threat is confirmed by 4 out of 95 VirusTotal security vendors who flagged krab17at.cc as malicious, and the domain holds a Google Trust Services SSL certificate, giving it a false appearance of legitimacy. The combination of fresh registration, low detection ratio at launch, and hosting on an IP with a history of crypto-related abuse signals elevated risk for unsuspecting users. The domain’s recent creation date and low vendor detection rate suggest attackers are testing new campaigns with minimal resources, increasing the chance of successful compromise for visitors who do not verify site authenticity before interacting with wallet connections. If you visited krab17at.cc or connected your wallet to the site, immediately revoke any token allowances and check your wallet’s transaction history for unauthorized transfers. Use tools like revoke.cash or your wallet’s built-in allowance manager to remove permissions granted to the domain. Next, transfer any remaining assets to a newly created wallet and enable hardware wallet signing for all future transactions. Report the domain to your antivirus vendor, block it in your hosts file or firewall, and warn others in your community to prevent further victimization. Always verify domain spelling, use bookmarked links for known services, and inspect every wallet connection request carefully to avoid falling victim to crypto-drainer attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-11 19:58:34 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/be916e85-6365-45c1-a46b-6b213ff77d1b - PhishDestroy: https://phishdestroy.io/domain/krab17at.cc/ - LLM endpoint: https://phishdestroy.io/domain/krab17at.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/krab17at.cc/ Last updated: 2026-03-28