# netflix-clone-1a4f2.firebaseapp.com — MALICIOUS > PhishDestroy identifies netflix-clone-1a4f2.firebaseapp.com as a brand impersonation site flagged by 22/95 VirusTotal vendors. Avoid entering credentials. ## Summary PhishDestroy identifies netflix-clone-1a4f2.firebaseapp.com as a live brand impersonation page mimicking Netflix to harvest login credentials and payment data. This malicious Firebase-hosted site resolves to 199.36.158.100 and has been blocked by OpenPhish, yet remains accessible via direct link. The domain leverages Google’s Firebase infrastructure and Google Trust Services SSL certificate to appear legitimate, exploiting trust in well-known domains to deceive visitors into entering sensitive information. This domain was flagged by 22 out of 95 VirusTotal security vendors within hours of activation, indicating elevated malicious intent. Registered through Google LLC, it was likely created recently and positioned to exploit user trust in familiar brands. Unlike legitimate Netflix domains, this site uses unconventional subdomains under firebaseapp.com, a common tactic among phishing operators to bypass domain-based detection. The combination of a trusted SSL issuer and obscure Firebase hosting creates a false sense of security, increasing the risk of credential theft and financial fraud. If you visited netflix-clone-1a4f2.firebaseapp.com, immediately cease entering any information and close the browser tab. Do not attempt to log in or provide payment details. Clear your browser cache and run a full antivirus scan. Change your Netflix password from a known-safe device using a direct link to netflix.com. Enable two-factor authentication on all accounts linked to your Netflix profile. Report the incident to Netflix via their official support page and consider monitoring your bank statements for unauthorized transactions. Avoid clicking similar links in emails or messages—always access services directly through verified domains. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Google LLC - IP: 199.36.158.100 ## Detection Status - VirusTotal: 22 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f39b9858-e137-459d-b403-0bce31e72dee - PhishDestroy: https://phishdestroy.io/domain/netflix-clone-1a4f2.firebaseapp.com/ - LLM endpoint: https://phishdestroy.io/domain/netflix-clone-1a4f2.firebaseapp.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/netflix-clone-1a4f2.firebaseapp.com/ Last updated: 2026-03-31