# krabi.cc — SUSPICIOUS

> krabi.cc is actively hosting credential phishing targeting unsuspecting users. 2 of 95 VirusTotal vendors flagged this domain, imperiling your data.

## Summary
PhishDestroy identifies krabi.cc as an active credential-phishing domain engineered to harvest login credentials under the guise of a legitimate service.

This domain was flagged by 2 of 95 VirusTotal security vendors, indicating marginal but notable detection coverage. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 15, 2025, it resolves to IP 188.114.96.3 and leverages a Google Trust Services SSL certificate for a veneer of legitimacy. With only two detections and no confirmed blocklist entries, the infrastructure presents a low barrier to takedown evasion and persists with minimal scrutiny. The domain’s youth and minimal footprint suggest opportunistic deployment rather than sustained operation.

Given the elevated risk profile and active status, organizations and end-users should treat krabi.cc as a hostile domain. Immediately block DNS resolution to 188.114.96.3 and flag any inbound emails or links referencing the domain. Review authentication logs for anomalous login attempts originating from this IP space. Proactively hunt for user reports of credential submission to krabi.cc endpoints and update threat intelligence platforms with this indicator. Exercise heightened scrutiny for newly observed domains registered via NICENIC INTERNATIONAL GROUP CO., LIMITED, especially those with minimal age and sparse detection coverage.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-15 01:50:27
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/257f2463-0038-415d-a7df-67918d50f689
- PhishDestroy: https://phishdestroy.io/domain/krabi.cc/
- LLM endpoint: https://phishdestroy.io/domain/krabi.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krabi.cc/
Last updated: 2026-03-28