# krab-17cc.com — SUSPICIOUS

> Domain krab-17cc.com linked to credential harvesting phishing, flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies krab-17cc.com as an active credential harvesting domain under investigation. This domain is currently posing as a legitimate service to deceive users into submitting sensitive login credentials. The threat remains active and under continuous monitoring for further indicators of compromise.


This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely recognized as malicious. krab-17cc.com resolves to IP address 172.67.163.32 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 12, 2025. The domain operates with a Google Trust Services SSL certificate, which may enhance its perceived legitimacy. Despite its recent creation, the lack of detections suggests this domain is either newly deployed or employing evasion techniques to avoid detection.


Current risk assessment remains under investigation, but the absence of VirusTotal detections and recent domain registration date warrant immediate caution. Users and organizations are advised to block traffic to this domain at the network perimeter and avoid any interaction with its URLs or associated IP addresses. Security teams should monitor for any inbound or outbound communications with this domain and update firewall rules accordingly. Additionally, users should remain vigilant for phishing emails or messages referencing this domain and report any suspicious activity to their IT security teams.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:17:44
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.163.32

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e0a96dfd-ec65-4873-a63c-11ab13087ffb
- PhishDestroy: https://phishdestroy.io/domain/krab-17cc.com/
- LLM endpoint: https://phishdestroy.io/domain/krab-17cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab-17cc.com/
Last updated: 2026-03-28