# krab-cc-at.ru — SUSPICIOUS

> krab-cc-at.ru identified as credential harvesting phishing domain with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies krab-cc-at.ru as an active credential harvesting phishing domain designed to deceive users into submitting sensitive login credentials. The domain mimics legitimate services to trick victims into entering their usernames and passwords, which are then harvested by attackers for unauthorized access. Analysis reveals this infrastructure is currently operational, with reconnaissance efforts ongoing to assess the full scope of its malicious activities.

This domain was flagged with 0 out of 95 VirusTotal detections as of the latest scan, indicating it remains largely undetected by antivirus engines. Registered through RU-CENTER-RU on December 19, 2025, the domain resolves to IP address 188.114.97.3 and utilizes a Google Trust Services SSL certificate to appear legitimate. The recent creation date and lack of detections suggest this phishing campaign may be newly deployed or operating under the radar to avoid early detection.

Users who have visited krab-cc-at.ru should immediately change any credentials entered on the site and enable multi-factor authentication on all related accounts. Avoid interacting with this domain or any associated links, and report the activity to your security team. Organizations are advised to block the domain and IP address at the network perimeter to prevent further exposure. Monitor for unusual login attempts or unauthorized access tied to credentials submitted on this domain.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-19 10:37:21
- Registrar: RU-CENTER-RU
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0ffb4d65-b561-46ca-b4ee-2b777793356c
- PhishDestroy: https://phishdestroy.io/domain/krab-cc-at.ru/
- LLM endpoint: https://phishdestroy.io/domain/krab-cc-at.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab-cc-at.ru/
Last updated: 2026-03-28