# krab-2.cc — MALICIOUS

> krab-2.cc is linked to credential harvesting phishing. 7 of 95 VirusTotal engines flag it. Check the full report for details.

## Summary
PhishDestroy identifies krab-2.cc as an elevated risk domain involved in credential harvesting phishing scams. This specific threat aims to deceive users into submitting sensitive login information by mimicking legitimate sites. The active status of this domain combined with its targeted phishing approach increases the risk to unsuspecting users and organizations.

Technical intelligence reveals that krab-2.cc was created recently on September 26, 2025, a common characteristic of fraudulent domains. It resolves to the IP address 172.67.157.156, receiving an SSL certificate issued by Google Trust Services, which can lend false legitimacy to phishing attempts. The domain is registered through Hosting Concepts B.V. d/b/a Registrar.eu. VirusTotal scans indicate that 7 out of 95 security vendors flagged the domain, signaling notable detection among many security engines. While not universally flagged, these detections mark krab-2.cc as a credible threat, warranting caution and preventive measures.

To mitigate the risk posed by krab-2.cc's credential harvesting phishing scam, users should avoid clicking unsolicited links directing to this domain and be vigilant about entering credentials on unfamiliar sites. Organizations should deploy web filtering solutions that block access to krab-2.cc and monitor network traffic for connections to the IP 172.67.157.156. Enforcing multi-factor authentication (MFA) can reduce the impact of compromised credentials. Additionally, maintaining up-to-date threat intelligence feeds and educating users on social engineering risks are critical steps to minimize exposure to this elevated phishing threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-26 21:17:52
- Registrar: Hosting Concepts B.V. d/b/a Registrar.eu
- IP: 172.67.157.156

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9315e2f7-6b5a-4e56-91ff-c46f9550c19c
- PhishDestroy: https://phishdestroy.io/domain/krab-2.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab-2.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab-2.cc/
Last updated: 2026-03-28