# sneklabs.net — SUSPICIOUS

> sneklabs.net impersonates a cryptocurrency wallet service to steal credentials and crypto assets. Domain created April 20, 2024 and hosted on 172.67.185.

## Summary
PhishDestroy identifies sneklabs.net as an active cryptocurrency wallet scam infrastructure posing as a legitimate service. This domain was flagged under seed 970635 on April 20, 2024, and remains unlisted by 95 VirusTotal engines, indicating a low detection rate despite active hosting on 172.67.185.190 via Cloudflare infrastructure. The registration through NICENIC INTERNATIONAL GROUP CO., LIMITED and issuance of an SSL certificate by Google Trust Services suggests an attempt to appear legitimate, while the absence of blocklist entries and current detections implies a recently deployed campaign targeting cryptocurrency users.  sneklabs.net exhibits multiple indicators of a cryptocurrency-themed phishing operation. The domain was registered on April 20, 2024, and is currently resolving to IP 172.67.185.190, a Cloudflare address commonly used to obfuscate malicious hosting. VirusTotal shows 0 detections out of 95 engines, highlighting the evasive nature of this threat. The domain leverages a valid SSL certificate from Google Trust Services to establish trust, a tactic frequently observed in wallet scams to deceive users into entering recovery phrases or private keys. While the registrar is legitimate, the combination of recent creation, Cloudflare hosting, and zero detections raises immediate concern for cryptocurrency users seeking wallet services.  To mitigate exposure to sneklabs.net, users must avoid accessing or interacting with the domain under any circumstances. Cryptocurrency wallet services should only be accessed through official, bookmarked links or verified URLs. Enable multi-factor authentication on all wallet accounts and never enter recovery phrases or private keys on any site unless the domain has been independently verified. Report this domain to your browser’s safe browsing tool, network administrator, or cybersecurity team using seed 970635 for further analysis. Organizations should consider blocking 172.67.185.190 at the network level and monitoring DNS resolutions for sneklabs.net across endpoints.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-04-20 00:10:28
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.185.190

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eec64156-ee2b-49cb-b20d-bf9f8ed36634
- PhishDestroy: https://phishdestroy.io/domain/sneklabs.net/
- LLM endpoint: https://phishdestroy.io/domain/sneklabs.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sneklabs.net/
Last updated: 2026-03-30