# krab15at.cc — SUSPICIOUS

> PhishDestroy flags krab15at.cc hosting a fake login portal. 4/95 security vendors detected this threat. Check the full report.

## Summary
PhishDestroy identifies krab15at.cc as an active phishing domain impersonating a login portal to steal user credentials. This domain was flagged by 4 out of 95 leading security vendors on VirusTotal, signaling elevated risk. The site was registered on December 11, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP 104.21.72.134, secured with a Google Trust Services SSL certificate.  This domain poses a significant threat to users who may unknowingly enter sensitive login details, believing they are accessing a legitimate service. The combination of a recently registered domain, low detection rates, and a deceptive portal design increases the likelihood of successful credential theft. Attackers often use such tactics to harvest usernames, passwords, or other personal information for further exploitation, including identity theft or unauthorized account access.  If you visited krab15at.cc or entered any information, immediately change your passwords for the affected account and enable multi-factor authentication where possible. Monitor your accounts for unusual activity and consider running a security scan on your device. Report the domain to your IT administrator or cybersecurity team if it appears in corporate environments. Sharing this information can help others avoid falling victim to similar threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-11 19:58:37
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.72.134

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4555a68e-6f1e-49de-b388-ba5001b544ee
- PhishDestroy: https://phishdestroy.io/domain/krab15at.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab15at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab15at.cc/
Last updated: 2026-03-26