# at-krab1.cc — SUSPICIOUS

> at-krab1.cc is a fake Krab app phishing site with 0/95 VirusTotal detections. Check the full report for detailed threat analysis and safety recommendations.

## Summary
PhishDestroy identifies at-krab1.cc as an active fake Krab application phishing domain designed to deceive users into downloading malicious software under the guise of a legitimate application.

This domain was flagged with a risk level of under_investigation due to its clear intent to impersonate a popular app, despite operating with a recently created domain registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 11, 2025. The domain resolves to IP 104.21.76.143 and currently shows 0 detections out of 95 VirusTotal scans, indicating it has evaded immediate detection. The presence of an SSL certificate issued by Google Trust Services may further lend false credibility to the site, as malicious actors increasingly exploit trusted certificate authorities to appear legitimate.

Users are strongly advised to avoid interacting with at-krab1.cc due to the high risk of credential theft or malware infection. To mitigate exposure, immediately block the domain and IP address 104.21.76.143 at the network level. Verify any application downloads directly from official sources and educate users to recognize red flags such as recent domain registrations and unexpected SSL certificates. Report the domain to relevant threat intelligence platforms to aid in broader detection and takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-11 20:02:53
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.76.143

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2a900140-0e13-42d4-a065-24871d429fe8
- PhishDestroy: https://phishdestroy.io/domain/at-krab1.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-krab1.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-krab1.cc/
Last updated: 2026-03-28