# kra31-att.cc — MALICIOUS > kra31-att.cc is a malicious phishing domain flagged by 15 of 95 VirusTotal vendors. It mimics legitimate services to steal credentials and should be avoided. ## Summary kra31-att.cc is a malicious domain currently active and posing as a generic phishing threat. The domain is engaged in deceptive activities aimed at impersonating legitimate services to harvest user credentials and sensitive information. kra31-att.cc has been flagged by 15 of 95 VirusTotal security vendors, indicating significant malicious activity. The domain resolves to IP address 185.226.92.168, was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on July 10, 2025, and appears on 2 security blocklists including PhishDestroy and MetaMask. Additionally, it utilizes a Let's Encrypt SSL certificate to appear legitimate. Given its active status and the confirmed malicious intent, users should avoid interacting with kra31-att.cc entirely. Blocking the domain at the network level and reporting any observed activity to security teams is strongly recommended. Security solutions should be updated to include this domain as a known threat indicator. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-07-10 18:31:01 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 185.226.92.168 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["PhishDestroy", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/568a704d-6e2a-4537-aaac-793141b306e3 - PhishDestroy: https://phishdestroy.io/domain/kra31-att.cc/ - LLM endpoint: https://phishdestroy.io/domain/kra31-att.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kra31-att.cc/ Last updated: 2026-03-26