# web.rpcnodeprotocol.network — MALICIOUS — Crypto Drainer (Angel Drainer)

> web.rpcnodeprotocol.network is a high-risk crypto drainer flagged by multiple blocklists. Avoid interaction and secure your assets now.

## Summary
PhishDestroy identifies web.rpcnodeprotocol.network as a malicious domain engaged in crypto drainer activities. Classified under high threat due to its use of the Angel Drainer kit, this domain aims to illicitly extract cryptocurrency assets from victims by exploiting wallet vulnerabilities. The alias page title web.dapp-protocol.com suggests attempts at masquerading as a decentralized application protocol to lure users.

Technical analysis reveals that web.rpcnodeprotocol.network resolved to IP address 192.3.190.189, hosted within ASN 36352, registered via CC-192-3-190-184-29. The domain is listed on two prominent security blocklists and flagged by 18 out of 95 VirusTotal security engines, confirming its malicious nature. The use of the Angel Drainer kit indicates a sophisticated toolkit designed to compromise crypto wallets, increasing the risk posed to users.

Currently, the domain status is offline, indicating it has been taken down or suspended following detection. Despite its offline state, users are strongly advised to remain vigilant and avoid any interaction with related domains or phishing campaigns. PhishDestroy recommends immediate review of wallet security and awareness of similar phishing tactics to prevent future compromise. The unique seed e6eb0d underscores the importance of recognizing this variant in ongoing threat intelligence efforts.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Page title: web.dapp-protocol.com

## Domain Intelligence
- Registrar: CC-192-3-190-184-29 (ASN: 36352)
- IP: 192.3.190.189
- IP Country: US
- IP City: Buffalo
- IP Org: AS36352 HostPapa
- Nameservers: NS_NOT_FOUND
- SSL Issuer: none

## Detection Status
- VirusTotal: 18 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos", "Trustwave", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a92e9-417e-7597-9c9e-b36c4007d1a6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8a5417b2-cc80-436a-b35f-fb46c8ee0fee
- PhishDestroy: https://phishdestroy.io/domain/web.rpcnodeprotocol.network/
- LLM endpoint: https://phishdestroy.io/domain/web.rpcnodeprotocol.network/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web.rpcnodeprotocol.network/
Last updated: 2026-03-19