# krab1cc.cc — SUSPICIOUS

> krab1cc.cc hosts a credential harvesting campaign linked to 3/95 VirusTotal flags. Check the full report for detailed risk info.

## Summary
The domain krab1cc.cc is currently assessed with an elevated risk level due to its involvement in credential harvesting phishing schemes. This type of malicious activity aims to deceptively collect user login information by impersonating legitimate services, posing significant threats to affected individuals and organizations.

Technical analysis of krab1cc.cc reveals it was registered on September 26, 2025, through the registrar PDR Ltd. d/b/a PublicDomainRegistry.com. The domain resolves to the IP address 172.67.150.115 and uses an SSL certificate issued by Google Trust Services, which attackers may leverage to lend credibility to their phishing pages. Notably, 3 out of 95 security vendors on VirusTotal have flagged this domain for malicious behavior, indicating emerging but limited detection. There are no additional blocklist mentions at this time, but the combination of these indicators elevates the domain’s threat profile.

To mitigate risks associated with krab1cc.cc’s credential harvesting activity, organizations should implement email filtering rules to block messages originating from or referencing this domain. User education is crucial to recognize phishing attempts, particularly those involving deceptive SSL certificates. Network defenders should monitor DNS resolution requests for krab1cc.cc and consider blocking its IP address 172.67.150.115 to prevent access. Prompt reporting of any user interactions with this domain to cybersecurity teams will aid in rapid response and containment.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-26 22:00:06
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.150.115

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f17aa7a8-5674-46db-880d-ca0a0ebd3ec4
- PhishDestroy: https://phishdestroy.io/domain/krab1cc.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab1cc.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab1cc.cc/
Last updated: 2026-03-28