# netflix-clone-nine-sand.vercel.app — MALICIOUS

> netflix-clone-nine-sand.vercel.app mimics Netflix to steal credentials. Flagged by Safe Browsing and 21/95 VirusTotal scanners. Avoid entering any details.

## Summary
PhishDestroy identifies netflix-clone-nine-sand.vercel.app as a high-risk credential-harvesting domain masquerading as a Netflix clone. This site employs social engineering tactics to trick users into surrendering credentials under the guise of account verification or payment processing. No evidence suggests the use of a drainer kit, but the domain’s rapid deployment and obfuscated path (nine-sand) indicate an opportunistic campaign targeting streaming service users. The threat actor leverages Vercel’s hosting infrastructure to lend superficial legitimacy to the phishing page, exploiting free-tier deployments to evade traditional takedown mechanisms. 


Technical indicators confirm the domain’s malicious intent: VirusTotal flags this domain with a score of 21/95 security vendors, while Google Safe Browsing classifies it under SOCIAL_ENGINEERING. Registered through Vercel Inc., the domain resolves to IP 64.29.17.3 and has been observed on a single security blocklist. Notably, OpenPhish has already blacklisted this domain, underscoring its active threat status. The SSL certificate, issued by Google Trust Services, may further deceive users into trusting the fraudulent site. 


This domain remains active as of the latest assessment, with immediate takedown efforts complicated by Vercel’s hosting policies and the domain’s rapid evasion tactics. Users are strongly advised to avoid interacting with this site and report it through their browser’s built-in safety tools. While current blocklists mitigate exposure, the risk persists due to the threat actor’s potential to re-deploy under new subdomains or variations. Organizations should update firewall rules to block IP 64.29.17.3 and propagate the IOCs to threat intelligence platforms to prevent downstream compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Vercel Inc.
- IP: 64.29.17.3

## Detection Status
- VirusTotal: 21 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/233482b9-b423-42c3-bd24-183c0c9965bd
- PhishDestroy: https://phishdestroy.io/domain/netflix-clone-nine-sand.vercel.app/
- LLM endpoint: https://phishdestroy.io/domain/netflix-clone-nine-sand.vercel.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/netflix-clone-nine-sand.vercel.app/
Last updated: 2026-03-31