# kra-31-at.com — MALICIOUS

> Check if kra-31-at.com is a MetaMask phishing scam? MetaMask security blocked this domain. View the full report now.

## Summary
PhishDestroy identifies kra-31-at.com as an active MetaMask credential phishing domain currently being distributed in the wild.

This domain was flagged by 6 of 95 VirusTotal security vendors, indicating elevated risk. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 07, 2025, the domain resolves to IP address 185.114.97.3 and has appeared on 1 security blocklist. Despite utilizing a Let’s Encrypt SSL certificate for perceived legitimacy, the domain’s trust score remains critically low, compounded by explicit blocking from MetaMask infrastructure.

Immediate caution is advised. Users encountering kra-31-at.com should not enter any login credentials or personal information. Organizations are urged to update browser blocklists, alert employees, and monitor for downstream compromise. PhishDestroy recommends treating this domain as hostile and removing it from trusted sources immediately.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-07 23:53:32
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/16cb9618-356a-4e37-bb1e-86854dfb37b4
- PhishDestroy: https://phishdestroy.io/domain/kra-31-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-31-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-31-at.com/
Last updated: 2026-03-27