# rabby-wallet-connect.click — MALICIOUS

> Beware of rabby-wallet-connect.click, a high-risk crypto drainer flagged for phishing. Learn how this domain threatens your digital assets.

## Summary
PhishDestroy identifies rabby-wallet-connect.click as a high-risk crypto drainer domain designed to steal cryptocurrency assets through deceptive tactics. This domain poses significant danger to users involved in digital currency transactions by attempting to drain wallets via fraudulent means.

The domain was registered on February 21, 2026, and has been flagged on six distinct security blocklists. Google Safe Browsing classifies it under SOCIAL_ENGINEERING threats, and 15 out of 95 security vendors on VirusTotal mark it as malicious. The domain’s registration is currently dead, indicating the infrastructure used for this campaign was short-lived but highly dangerous during its active phase.

Currently, rabby-wallet-connect.click is offline, mitigating immediate risks. Users should remain vigilant, avoid interacting with suspicious wallet connection prompts, and verify URLs before any crypto transaction. PhishDestroy recommends updating security tools to block related phishing attempts and reporting any suspicious activity to maintain safe crypto practices.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Rabby
- Page title: Rabby Wallet | Your Go-to Wallet for Ethereum and EVM

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Global Domain Group LLC
- Country: US
- IP: 170.168.61.198
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS63023 GTHost
- Nameservers: ["ns-cloud-d1.googledomains.com", "ns-cloud-d2.googledomains.com", "ns-cloud-d3.googledomains.com", "ns-cloud-d4.googledomains.com"]
- SSL Issuer: DigiCert Inc / DigiCert Global G2 TLS RSA SHA256 2020 CA1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Ermes", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 5 hits
  Lists: ["PhishDestroy", "MetaMask", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb2a6-ecb7-73aa-af8f-1f9df8092d8b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9291c405-e3c7-44bd-bc68-7d663baa9d59
- PhishDestroy: https://phishdestroy.io/domain/rabby-wallet-connect.click/
- LLM endpoint: https://phishdestroy.io/domain/rabby-wallet-connect.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rabby-wallet-connect.click/
Last updated: 2026-03-19