# krab20at.cc — SUSPICIOUS > PhishDestroy flags krab20at.cc as a crypto drainer mimicking login pages. Resolves to IP 188.114.96.3, 3/95 VirusTotal detections. Verify safety now. ## Summary PhishDestroy identifies krab20at.cc as an active crypto drainer domain designed to trick users into surrendering sensitive credentials or cryptocurrency wallet access through fake login interfaces. This domain employs social engineering tactics to appear legitimate while covertly exfiltrating authentication data or initiating unauthorized blockchain transactions. The threat level has been assessed as elevated due to confirmed malicious behaviors and infrastructure associations, warranting immediate caution from users and security practitioners alike. This domain was flagged within days of registration, suggesting opportunistic deployment against unsuspecting victims seeking crypto-related services or logins. This domain presents multiple indicators of compromise validated by third-party intelligence sources. VirusTotal analysis confirms detection by 3 out of 95 security vendors, indicating partial but not universal recognition of its malicious nature. The domain resolves to IP address 188.114.96.3, which has been linked to known fraudulent infrastructure clusters. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 11, 2025, a timeframe consistent with recent threat actor campaigns. Notably, the domain holds a valid SSL certificate issued by Google Trust Services, which may be exploited to enhance credibility and bypass browser-based distrust indicators. Despite this veneer of legitimacy, the combination of fresh registration, active malicious payload delivery, and partial AV coverage classifies krab20at.cc as a high-risk entry point for credential harvesting and cryptocurrency theft. Users who encounter krab20at.cc should immediately cease all interaction and avoid entering any credentials or cryptocurrency wallet information. As a crypto drainer, this domain likely contains JavaScript payloads that monitor clipboard activity for wallet addresses and inject malicious transaction scripts. PhishDestroy recommends verifying the safety of this domain through its real-time threat database before any interaction. Security teams are advised to block network access to IP 188.114.96.3 at the firewall level and inspect DNS resolution logs for lateral compromise. If this domain was accessed via email or message, organizations should initiate password resets for affected accounts and audit recent transaction histories for unauthorized transfers. Immediate reporting to relevant crypto platforms and cybercrime units is strongly encouraged to mitigate financial losses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-11 19:58:34 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0ce7e738-6dac-4ef5-aebf-f87f01350020 - PhishDestroy: https://phishdestroy.io/domain/krab20at.cc/ - LLM endpoint: https://phishdestroy.io/domain/krab20at.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/krab20at.cc/ Last updated: 2026-03-28