# krab9x.cc — SUSPICIOUS

> Beware: krab9x.cc is a crypto drainer phishing domain flagged by 3 of 95 VirusTotal vendors. Avoid interaction and report immediately to block further attacks.

## Summary
PhishDestroy identifies krab9x.cc as an active crypto drainer phishing domain targeting cryptocurrency users. This domain, registered on December 12, 2025, has been confirmed as a threat and remains active as of the latest analysis. The domain is designed to trick users into connecting their wallets or entering private keys, resulting in unauthorized cryptocurrency transfers.  This domain was flagged by 3 of 95 VirusTotal security vendors, indicating low initial detection but rising suspicion. It resolves to IP address 188.114.96.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for both legitimate and malicious domain registrations. The domain holds an SSL certificate issued by Google Trust Services, which may be leveraged to appear legitimate and evade user suspicion.  Given the elevated risk level and active status, users are strongly advised to avoid accessing krab9x.cc or any associated subdomains. Security teams should block the domain and IP at the network level and monitor for related infrastructure. If accidental interaction occurs, disconnect wallets immediately, revoke any connected permissions, and report the domain to relevant authorities such as Google Safe Browsing, PhishTank, or local cybersecurity agencies. Proactive threat intelligence sharing can help prevent further exploitation of this and similar crypto drainer domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 17:17:27
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b14cb0d4-cf30-4005-b2ef-ad58d03602ad
- PhishDestroy: https://phishdestroy.io/domain/krab9x.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab9x.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab9x.cc/
Last updated: 2026-03-28