# kra25-cc.com — MALICIOUS

> PhishDestroy identifies kra25-cc.com as an active Netflix credential theft phishing domain. 15/95 vendors flagged it. Check the full report.

## Summary
PhishDestroy identifies kra25-cc.com as an active Netflix login credential theft phishing domain operating at an elevated risk level. This site impersonates the official Netflix login portal to harvest user credentials and payment details under the guise of account verification or payment resolution. The threat is highly targeted, leveraging brand impersonation to deceive users into entering sensitive information, which is then exfiltrated to attacker-controlled servers.  This domain was flagged by 15 out of 95 VirusTotal security vendors, indicating a strong consensus on its malicious nature. It resolves to IP address 188.114.97.3 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on January 09, 2025. The domain holds a Google Trust Services SSL certificate, likely used to enhance authenticity and bypass browser security warnings. Despite the SSL certificate, the domain remains absent from widely used blocklists due to its recent creation, increasing the window of opportunity for attackers.  To mitigate exposure to this credential theft campaign, users should avoid clicking links in unsolicited emails or messages claiming to be from Netflix, especially those urging immediate account verification. Organizations should deploy DNS filtering to block kra25-cc.com and similar domains, while individuals should enable multi-factor authentication on their Netflix accounts and monitor for unauthorized login attempts. If credentials were entered, users must change their Netflix password immediately and review accounts for suspicious activity. Security teams are advised to block the IP 188.114.97.3 and monitor for related infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-01-09 21:40:50
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/afee1b25-cc1f-43f4-a3a8-9607a770191d
- PhishDestroy: https://phishdestroy.io/domain/kra25-cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra25-cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra25-cc.com/
Last updated: 2026-03-28