# krab5cc.cc — SUSPICIOUS > PhishDestroy identifies krab5cc.cc as an active crypto drainer phishing domain, flagged by 4 of 95 VirusTotal vendors. Immediate block recommended. ## Summary krab5cc.cc is an active crypto drainer phishing domain currently engaged in credential theft operations. This domain is confirmed to be actively distributing malicious payloads designed to steal cryptocurrency wallet credentials and private keys. Security teams should treat this domain as hostile and implement immediate defensive measures to prevent user exposure and potential financial loss. This domain was flagged by 4 of 95 VirusTotal security vendors, indicating limited but present detection coverage. The domain was registered through NameSilo, LLC on September 26, 2025, and currently resolves to IP address 104.21.89.4. The SSL certificate is issued by Google Trust Services, which does not validate the domain's legitimacy. With a recent creation date and low VirusTotal detection rate, this domain represents an elevated risk to users interacting with cryptocurrency services. Currently active with an elevated risk level, krab5cc.cc requires immediate action. Security teams should block this domain at the network and DNS levels, update firewall rules to prevent communication with 104.21.89.4, and flag all associated indicators for enhanced monitoring. Users should be warned against visiting this domain, particularly those accessing cryptocurrency platforms. Organizations should also review SIEM alerts for any connections to this domain or IP address in the past 30 days. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-09-26 22:00:05 - Registrar: NameSilo, LLC - IP: 104.21.89.4 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7ceecfad-3c54-44da-a1a6-ecb5b5bc29f2 - PhishDestroy: https://phishdestroy.io/domain/krab5cc.cc/ - LLM endpoint: https://phishdestroy.io/domain/krab5cc.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/krab5cc.cc/ Last updated: 2026-03-28