# t-mobile.zkxra.icu — MALICIOUS

> Warning: t-mobile.zkxra.icu is an active phishing site. Avoid entering credentials and report suspicious activity immediately.

## Summary
PhishDestroy identifies t-mobile.zkxra.icu as a high-risk phishing domain actively targeting users by impersonating the T-Mobile brand. This phishing threat aims to steal sensitive information such as login credentials, which can lead to identity theft and financial loss. Due to its ongoing activity, users should exercise extreme caution when encountering this domain.

The domain t-mobile.zkxra.icu was registered recently on February 21, 2026, and resolves to the IP address 172.67.193.42. VirusTotal analysis flags it by 12 out of 95 security vendors, and it appears on at least one security blocklist, confirming its malicious nature. Despite these detections, the domain remains operational, indicating persistent threat activity.

Users are strongly advised to avoid visiting t-mobile.zkxra.icu and never submit any personal or account information on this website. If you suspect you have interacted with the domain, change your passwords immediately and monitor accounts for suspicious activity. Reporting this phishing domain to your organization's security team or through appropriate channels can help mitigate the impact and protect others.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 172.67.193.42
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b90d4-1b25-7238-828b-d19d818ca937.png
- PhishDestroy: https://phishdestroy.io/domain/t-mobile.zkxra.icu/
- LLM endpoint: https://phishdestroy.io/domain/t-mobile.zkxra.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/t-mobile.zkxra.icu/
Last updated: 2026-03-19