# krsb4.cc — SUSPICIOUS

> PhishDestroy identifies krsb4.cc as an active phishing site posing medium risk. Learn about its infrastructure and ongoing threats.

## Summary
PhishDestroy identifies krsb4.cc as an active phishing domain targeting users with a deceptive 'Captcha' page designed to harvest sensitive information. Classified as medium risk, this domain exemplifies common phishing tactics that exploit user trust through minimal verification prompts.

The domain krsb4.cc was registered on October 18, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED and currently resolves to the IP address 188.114.97.3. It has been flagged by several security vendors on VirusTotal, indicating ongoing malicious activity. The use of a recent registration date and a generic page title suggests attempts to avoid detection while maintaining operational infrastructure.

Currently, krsb4.cc remains active and continues to pose a threat to unsuspecting users. PhishDestroy recommends heightened vigilance when encountering unfamiliar captcha prompts and advises organizations to implement robust email filtering and endpoint protections. Immediate blocking of this domain and user awareness training will help mitigate the risks associated with this phishing campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Captcha

## Domain Intelligence
- Registered: 2026-03-05 01:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kareem.ns.cloudflare.com", "pola.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Forcepoint ThreatSeeker", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd705-6daf-7255-a04b-1a0212ee6b50.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9b84c4b1-4f77-407f-9c4a-f490a6b9bc4d
- Wayback Machine: https://web.archive.org/web/https://krsb4.cc
- PhishDestroy: https://phishdestroy.io/domain/krsb4.cc/
- LLM endpoint: https://phishdestroy.io/domain/krsb4.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krsb4.cc/
Last updated: 2026-03-19