# krab12at.cc — MALICIOUS

> krab12at.cc is a live credential-harvesting domain detected by 7/95 VirusTotal vendors. Created Dec 11 2025, it resolves to 188.114.97.

## Summary
PhishDestroy identifies krab12at.cc as an active credential-harvesting domain engineered to trick users into surrendering login credentials under the guise of a legitimate service. The site mimics popular login portals and immediately transmits captured inputs to attacker-controlled servers, enabling subsequent account takeovers and potential lateral movement within victim networks. Analysis shows this domain is currently resolving to 188.114.97.3 and is protected by a Google Trust Services SSL certificate, increasing its perceived legitimacy to unsuspecting visitors.  This domain was flagged by 7 of 95 VirusTotal security vendors, indicating elevated threat recognition within the threat intelligence community. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 11, 2025, a recently observed creation date that suggests opportunistic domain squatting rather than long-standing infrastructure. The combination of low detection at time of analysis, fresh registration, and live resolution underscores a high-risk, short-lived campaign designed for rapid exploitation before takedown measures can be coordinated.  Users who visited krab12at.cc should immediately rotate passwords for any credentials entered on the site, enable multi-factor authentication where available, and scan local systems for signs of compromise. Report the domain to your security team or block the IP 188.114.97.3 at the network perimeter. If you provided sensitive information, consider placing fraud alerts with credit agencies and monitor accounts for anomalous transactions. Proactive blocking and user awareness remain the most effective defenses against similar fleeting credential-harvesting campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-11 19:58:34
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fdc697a4-b526-4080-b6dc-0207b068d409
- PhishDestroy: https://phishdestroy.io/domain/krab12at.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab12at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab12at.cc/
Last updated: 2026-03-28