# spotify-clone-sandy-delta.vercel.app — MALICIOUS

> Spotify-clone-sandy-delta.vercel.app is a Spotify-themed phishing site with a 16/95 VirusTotal detection score. Check the full report.

## Summary
PhishDestroy identifies an active Spotify-themed phishing domain, spotify-clone-sandy-delta.vercel.app, posing as a cloned music-streaming service to harvest user credentials. This domain employs a generic phishing tactic leveraging the credibility of the Spotify brand to deceive victims into entering login details on a spoofed interface. No advanced drainer kit or JavaScript-based credential theft framework was observed during sandbox analysis; instead, the page simply redirects stolen input to a backend server for manual harvesting.  

This domain resolves to IP address 64.29.17.3 and was registered via Vercel Inc., a platform commonly exploited for hosting malicious content due to its permissive infrastructure. VirusTotal flags this domain with a detection score of 16 out of 95 security vendors as of the latest scan, indicating moderate but not universal recognition as malicious. The domain holds a valid SSL certificate issued by Google Trust Services, adding a false layer of legitimacy. It remains unblocked by Google Safe Browsing (GSB) and has not yet been widely added to global threat intelligence blocklists, increasing its potential reach.  

As of the latest assessment, spotify-clone-sandy-delta.vercel.app remains active and accessible via multiple browsers and regions. While immediate takedown efforts are underway through Vercel’s abuse reporting channels, the domain’s use of a legitimate cloud provider and valid SSL certificate delays mitigation. Users are strongly advised to avoid accessing this domain and to verify all streaming service URLs before entering credentials. Remaining risk is elevated due to slow enforcement response and the domain’s use of a trusted hosting provider and certificate authority.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Vercel Inc.
- IP: 64.29.17.3

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/44f9f047-3691-4e7b-8130-7d037c5cca79
- PhishDestroy: https://phishdestroy.io/domain/spotify-clone-sandy-delta.vercel.app/
- LLM endpoint: https://phishdestroy.io/domain/spotify-clone-sandy-delta.vercel.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/spotify-clone-sandy-delta.vercel.app/
Last updated: 2026-03-23