# crabfun.app — SUSPICIOUS

> Security alert: crabfun.app is a brand impersonation phishing site detected by PhishDestroy with 0/95 VirusTotal detections. Check your device now.

## Summary
PhishDestroy identifies crabfun.app as an active brand impersonation phishing domain designed to deceive users into divulging sensitive information under false pretenses. This domain mimics legitimate services to exploit trust, potentially leading to credential theft or financial fraud. The site leverages a recently issued SSL certificate from Let's Encrypt to appear legitimate, tricking users into believing the connection is secure. Early analysis suggests the threat actor is actively operational, as the domain remains unflagged by most detection engines despite its malicious intent.  This domain was flagged by PhishDestroy after appearing on 1 security blocklist, with VirusTotal currently recording 0 detections out of 95 engines. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 21, 2026, and resolves to the IP address 188.114.96.3. The combination of recent registration, low detection rates, and blocklist inclusion indicates a newly deployed threat that evades conventional security measures. Threat actors often use registrars like NICENIC to obfuscate ownership due to lax enforcement of abuse policies.  Users who visited crabfun.app should immediately scan their devices for malware, clear cached credentials, and avoid re-entering any sensitive information on the site. If any data was submitted, reset passwords for affected accounts and enable multi-factor authentication. Report the domain to security teams or platforms like PhishDestroy to aid in blocking efforts. Monitor financial accounts for unauthorized transactions and consider using identity theft protection services if sensitive details were exposed.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 13:06:18
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c2378244-e504-4bc0-bcc4-e110fcefb4e2
- PhishDestroy: https://phishdestroy.io/domain/crabfun.app/
- LLM endpoint: https://phishdestroy.io/domain/crabfun.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/crabfun.app/
Last updated: 2026-03-31