EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of gauri426.github.io

Detection Info

https://gauri426.github.io/netflix-clone/
Detected Brand
Netflix
Country
International
Confidence
95%
HTTP Status
200
Report ID
209cd059-714…
Analyzed
2026-02-13 23:58

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1ADA110A61241DE2E5177C3E2B332777A23A68289DA46130484FED3681BD6D5DEC3B8C4
CONTENT ssdeep
96:n4Ys1ReAt7kJLoWKjRzkHo2f9me281JfbQorn5:4YAReykloWKj5kHo2f9me28bfbQor5

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d2c9363469966dd2
VISUAL aHash
007c7c387c006604
VISUAL dHash
d4c5f1ebe884cccc
VISUAL wHash
6af0fe7c7e006606
VISUAL colorHash
31401008000
VISUAL cropResistant
d4c5f1ebe884cccc

Code Analysis

Risk Score 50/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Netflix users
• Method: Impersonating Netflix to steal credentials.
• Exfil: Unknown (likely the entered email address)
• Indicators: Free hosting, Netflix logo, email input.
• Risk: High

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting + Brand Logo
The site uses free hosting (gauri426.github.io) and displays the Netflix logo. This combination is highly indicative of phishing.
Impersonation
The site attempts to imitate the official Netflix website to gain user trust and collect user information.

🔬 Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
Netflix users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester

🏢 Brand Impersonation Analysis

Impersonated Brand
Netflix
Official Website
https:
Fake Service
Netflix Service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials (email address, etc.) by mimicking the Netflix login page on a free hosting site.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
gauri426.github.io
Registered
N/A
Registrar
N/A
Status
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Netflix
http://gauri426.github.io/netflix-clone
May 10, 2026
 Screenshot
Netflix
http://netflix-clone-lilac-iota.vercel.app
May 08, 2026
 Screenshot
Netflix
https://netflix-clone-lilac-iota.vercel.app/
May 06, 2026
 Screenshot
Netflix
http://vrushabhgvs.github.io/net-clone
May 05, 2026
 Screenshot
Netflix
http://sufyan17809.github.io/Project-10
May 02, 2026

Scan History for gauri426.github.io

Found 2 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.