# kra27cc-at.com — SUSPICIOUS

> kra27cc-at.com hosts a fake Apple login page stealing credentials. VirusTotal flags it with 2/95 detections.

## Summary
PhishDestroy identifies kra27cc-at.com as a fraudulent Apple account login page designed to steal users' Apple IDs and passwords. The domain mimics Apple's official authentication portal to trick victims into revealing sensitive credentials, which are then harvested for account takeover or sold on dark web markets.  This domain was flagged by only 2 out of 95 security vendors on VirusTotal, despite being registered just days ago on February 14, 2025. The domain is hosted at IP address 104.21.46.131 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently abused for malicious domains. While the site uses a Google Trust Services SSL certificate to appear legitimate, this does not guarantee safety—phishing sites commonly obtain valid certificates to deceive users.  If you visited kra27cc-at.com and entered any information, immediately change your Apple ID password from a trusted device and enable two-factor authentication. Scan all devices connected to that Apple ID for unauthorized access and revoke any unrecognized sessions. Report the phishing attempt to Apple via reportphishing@apple.com and your organization's security team. Do not reuse passwords across different services, as credential stuffing attacks often follow phishing incidents.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-14 19:21:15
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.46.131

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bf1828ee-ee2e-4ca5-96da-6fe4cef4bb61
- PhishDestroy: https://phishdestroy.io/domain/kra27cc-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra27cc-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra27cc-at.com/
Last updated: 2026-03-27