# kra-31-at.cc — MALICIOUS

> kra-31-at.cc is a live Apple ID phishing site. 6 of 95 VirusTotal scanners flag it. Check the full report now.

## Summary
PhishDestroy identifies kra-31-at.cc as an active Apple ID credential phishing page that steals login details and multi-factor codes.

This domain was flagged by 6 of 95 VirusTotal security vendors on February 9 2025, just hours after it was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and issued an SSL certificate by Google Trust Services. The page is currently resolving to IP address 188.114.97.3, indicating a fast-moving campaign.

If you visited kra-31-at.cc, assume your Apple ID and any entered passwords or 2FA codes may be compromised. Log in only at appleid.apple.com, revoke any saved sessions in your Apple ID account, and enable two-factor authentication if it is not already on. Run a full antivirus scan and change the same password anywhere else you reused it. Report the domain to abuse channels and avoid clicking any links that mention kra-31-at.cc in the future.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-09 20:21:38
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a8143f4a-44a6-49c3-8a71-9f182ac84e80
- PhishDestroy: https://phishdestroy.io/domain/kra-31-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-31-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-31-at.cc/
Last updated: 2026-03-26