# sparkly-netflux.digital — SUSPICIOUS

> sparkly-netflux.digital impersonates Netflix to steal credentials. Registered April 06, 2026, resolving to 104.21.86.236. Avoid entering any login details.

## Summary
PhishDestroy identifies sparkly-netflux.digital as a generic phishing domain masquerading as a Netflix login page. The site leverages spoofed visuals and branding to trick users into entering their Netflix credentials, risking immediate account takeover and financial fraud. No known drainer kit payloads were observed during initial analysis, but social engineering tactics remain active. The infrastructure suggests opportunistic credential harvesting rather than targeted malware deployment.  This domain was registered on April 06, 2026, through Dynadot Inc and resolves to IP 104.21.86.236. It uses a valid Let's Encrypt SSL certificate to appear legitimate, yet remains undetected on VirusTotal with a 0/95 detection score. As of today, the domain has not been flagged in Google Safe Browsing (GSB) and currently shows no presence on major threat intelligence blocklists. The recent registration date and clean VT score indicate a newly active but unmitigated threat.  The threat is currently ACTIVE with status 'under_investigation'. Immediate user actions include blocking the domain at DNS/network level, reporting to Netflix abuse teams, and flagging via browser safety tools. While no active credential theft campaigns have been confirmed, the combination of fresh infrastructure and deceptive branding poses a high risk for credential compromise. Remaining risk is elevated due to lack of third-party detection and spoofed legitimacy via SSL and domain similarity to legitimate services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-06 10:18:52
- Registrar: Dynadot Inc
- IP: 104.21.86.236

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/sparkly-netflux.digital
- PhishDestroy: https://phishdestroy.io/domain/sparkly-netflux.digital/
- LLM endpoint: https://phishdestroy.io/domain/sparkly-netflux.digital/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sparkly-netflux.digital/
Last updated: 2026-04-08