# kra34--at.cc — MALICIOUS

> kra34--at.cc is a fake Apple Pay login page harvesting credentials. Blocked by MetaMask. Check the full report.

## Summary
PhishDestroy identifies kra34--at.cc as an active credential-harvesting domain designed to impersonate Apple Pay login pages. The risk level is elevated due to the combination of low trust scores, multiple security vendor detections, and active blocking by cryptocurrency wallet extensions. This domain should be treated as a high-risk threat to users who may unknowingly enter sensitive payment credentials.  

This domain was flagged by 14 out of 95 VirusTotal security vendors, indicating significant malicious activity. It resolves to IP address 185.226.92.168, was registered on July 16, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and appears on one security blocklist. The domain also holds an SSL certificate issued by Let's Encrypt, a common tactic among phishing operators to appear legitimate. Additionally, it is blocked by MetaMask, a browser extension used for cryptocurrency transactions, suggesting potential targeting of crypto users.  

Users should avoid interacting with this domain entirely. If credentials were entered, immediately change passwords on all accounts and enable two-factor authentication where available. Report the domain to your security team or browser extension provider (e.g., MetaMask) to increase collective defense. Use reputable ad-blockers or DNS filtering services to block known malicious domains like kra34--at.cc before they are accessed.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-16 19:13:02
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b1fec047-8986-480c-ac5f-37c6ac305352
- PhishDestroy: https://phishdestroy.io/domain/kra34--at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra34--at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra34--at.cc/
Last updated: 2026-03-26