# krab11at.cc — SUSPICIOUS

> krab11at.cc is currently hosting credential phishing targeting users. Check the full report on this emerging threat.

## Summary
PhishDestroy identifies krab11at.cc as an active credential-phishing domain with elevated risk, actively luring victims under the guise of legitimate services.

This domain was flagged by 3 out of 95 VirusTotal security vendors due to active credential-phishing campaigns. Registered on December 11, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain resolves to IP 172.67.194.248 and uses a Google Trust Services SSL certificate, increasing its appearance of legitimacy. Despite the low detection ratio, this combination of recent registration, suspicious infrastructure, and phishing behavior signals elevated risk to end users.

Organizations should block krab11at.cc at DNS and network levels using threat-intel feeds and update browser protections to block the domain. Users interacting with unexpected login prompts or shortened links should verify the domain manually, avoid entering credentials, and report suspicious activity immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-11 19:58:28
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.194.248

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1fb0b5cc-bc48-4e1a-9164-5e72e2edcab3
- PhishDestroy: https://phishdestroy.io/domain/krab11at.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab11at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab11at.cc/
Last updated: 2026-03-28