# web-rabby.org — MALICIOUS

> web-rabby.org is flagged as a high-risk phishing site. Avoid interaction and report any suspicious activity to protect your data.

## Summary
PhishDestroy identifies web-rabby.org as a high-risk phishing domain targeting unsuspecting users. This site is associated with generic phishing attempts that aim to deceive victims into divulging sensitive personal or financial details. Given its classification, users should exercise caution and refrain from visiting or submitting information to this domain.

The domain web-rabby.org was registered recently, on February 21, 2026, and has been detected appearing on three separate security blocklists. Analysis via VirusTotal indicates that 14 out of 95 security vendors have flagged it as malicious, confirming its hazardous nature. Additionally, it is mentioned in one AlienVault OTX threat intelligence pulse, underlining its presence in cyber threat ecosystems. Intriguingly, the domain was registered through a service labeled as a "Dead domain," which often indicates prior malicious use or abandonment before being reactivated for phishing campaigns.

Currently, web-rabby.org is offline, which may reduce immediate risks to users. However, PhishDestroy advises maintaining vigilance, as threat actors might repurpose or replace offline domains rapidly. Users are urged to avoid interacting with such flagged domains, ensure their devices and security solutions are up to date, and report any suspicious links or communications related to web-rabby.org to help mitigate phishing risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Rabby Wallet: Secure Crypto Management Made Simple

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dead domain
- IP: 87.120.126.210
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS215730 H2NEXUS LTD
- SSL Issuer: R11

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Seclookup", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019887bf-0593-77a2-b0f0-ac8874bcb02f.png
- PhishDestroy: https://phishdestroy.io/domain/web-rabby.org/
- LLM endpoint: https://phishdestroy.io/domain/web-rabby.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web-rabby.org/
Last updated: 2026-03-17