# krab1cc.pro — MALICIOUS

> PhishDestroy identifies krab1cc.pro as an active crypto drainer site with Let's Encrypt SSL. VT flags 7/95 vendors. Check the full report.

## Summary
PhishDestroy identifies krab1cc.pro as an active cryptocurrency drainer phishing domain designed to steal wallet credentials via fake login pages. The domain is not associated with any legitimate brand and operates purely as a malicious asset impersonating crypto platforms. The site deploys a drainer kit that captures private keys or seed phrases upon user input, redirecting assets to attacker-controlled wallets without consent.  This domain resolves to IP address 185.149.120.187 and was created on December 21, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal flags this domain with a detection score of 7 out of 95 security vendors. Google Safe Browsing (GSB) status is active, indicating confirmed malicious activity. The domain appears on multiple threat intelligence blocklists, reflecting widespread recognition as a phishing threat.  The domain remains active and poses an elevated risk to crypto users due to its drainer functionality and recent domain registration. Immediate action is recommended to block access at the network level and update endpoint protections. While this domain is currently flagged across multiple platforms, new variants may emerge. Users are advised to avoid interacting with this domain and verify any crypto-related URLs using independent sources. Remaining risk is moderate due to active takedown efforts but persists due to the domain's recent creation and low-cost hosting infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-21 11:23:58
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.149.120.187

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7065cb28-d264-4ed4-9689-c5c3f770878e
- PhishDestroy: https://phishdestroy.io/domain/krab1cc.pro/
- LLM endpoint: https://phishdestroy.io/domain/krab1cc.pro/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab1cc.pro/
Last updated: 2026-03-27