# netlfix-clone-b5f18.web.app — MALICIOUS > netlfix-clone-b5f18.web.app targets Netflix credentials with clone-site phishing. VirusTotal flags 17/95 engines. Check the full report. ## Summary PhishDestroy identifies netlfix-clone-b5f18.web.app as an active elevated risk domain involved in Netflix credential harvesting via clone-site phishing. The domain impersonates the popular streaming service to deceive users into submitting their login information, posing a significant threat to account security and personal data. Technical analysis reveals that netlfix-clone-b5f18.web.app is registered through Google LLC and currently resolves to IP address 199.36.158.100. The domain is flagged by 17 out of 95 security vendors on VirusTotal, indicating moderate consensus on its malicious nature. It appears on one security blocklist and is actively blocked by OpenPhish, a known threat intelligence provider. The domain uses a legitimate SSL certificate issued by Google Trust Services, which could falsely reassure victims about site authenticity. This combination of trusted infrastructure and malicious intent heightens the risk for users encountering this site. To mitigate the threat from this clone-site phishing attack, users should avoid interacting with suspicious domains imitating Netflix or other services. Organizations should deploy domain and IP blocking based on threat intelligence feeds like OpenPhish and regularly update endpoint protections to detect credential phishing attempts. Educating users about verifying URLs and refraining from entering credentials on unofficial or unexpected login pages is critical. Monitoring for indicators such as SSL certificates issued by trusted providers on unusual domains can also aid in early detection. Immediate reporting and blocking of netlfix-clone-b5f18.web.app can reduce potential credential compromise incidents. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Google LLC - IP: 199.36.158.100 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/99fd82c8-ab73-40b6-8e9f-d47de454d1d6 - PhishDestroy: https://phishdestroy.io/domain/netlfix-clone-b5f18.web.app/ - LLM endpoint: https://phishdestroy.io/domain/netlfix-clone-b5f18.web.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/netlfix-clone-b5f18.web.app/ Last updated: 2026-03-31