# krab4b.cc — MALICIOUS

> krab4b.cc is a recent phishing domain (registered Dec 2025) pushing a fake bank login page. 5/95 security vendors flag this site—do not enter credentials here.

## Summary
PhishDestroy identifies krab4b.cc as an active generic phishing domain created on December 12, 2025. The site is impersonating bank login interfaces to harvest user credentials and session tokens. Although its SSL certificate is issued by Google Trust Services, the domain’s recent registration and low detection rate suggest it is a hastily deployed trap designed to siphon sensitive financial data.  

This domain was flagged by 5 out of 95 security vendors on VirusTotal, a notably low detection rate for a newly active site. It resolves to IP address 188.114.97.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. Google Safe Browsing (GSB) does not currently list it, and no public blocklists have yet incorporated it. These technical indicators highlight a window of opportunity for cybercriminals to operate with reduced immediate visibility.  

Currently, krab4b.cc remains active and poses an elevated risk to users who may encounter it through malicious links or injected content. Immediate action should include blocking the domain at the network perimeter and updating browser and DNS filters to quarantine traffic to 188.114.97.3. Remaining risk stems from its use of a valid SSL certificate and the slow uptake of signature-based detection, meaning users must remain vigilant and verify URLs manually before entering credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 07:42:55
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/37a66b3c-42fd-4ee5-9ae5-e625e6c677fb
- PhishDestroy: https://phishdestroy.io/domain/krab4b.cc/
- LLM endpoint: https://phishdestroy.io/domain/krab4b.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krab4b.cc/
Last updated: 2026-03-28