Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://bansalpratham.github.io/Netflix-/
Detected Brand
Netflix
Country
International
Confidence
100%
HTTP Status
200
Report ID
21faeee7-3deβ¦
Analyzed
2026-03-06 09:10
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11BA264A05105993741A393D27273475B32F1C209DB07066853FD93A9DBEECB8ED2FA62 |
|
CONTENT
ssdeep
|
192:8IDUR+B488HRT26lOq+KBaIYqk96Hb8AtOcGHzwc9dGRbOj/:8IDUR+4HRTdlOqHaIYq9H/DGTwc9dDz |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc99336699996666 |
|
VISUAL
aHash
|
0000181818180000 |
|
VISUAL
dHash
|
0000303030300000 |
|
VISUAL
wHash
|
30303c3c18180000 |
|
VISUAL
colorHash
|
38000000007 |
|
VISUAL
cropResistant
|
0000303030300000 |
Code Analysis
Risk Score
68/100
Threat Level
MEDIO
β οΈ Phishing Confirmed
π£ OTP Stealer
π£ Personal Info
π¬ Threat Analysis Report
β’ Threat: Phishing
β’ Target: Netflix users
β’ Method: Impersonation
β’ Exfil: Unknown (Likely credentials in later stages)
β’ Indicators: Netflix logo on free hosting
β’ Risk: Medium
π Obfuscation Detected
- fromCharCode
π‘ API Calls Detected
- https://www.youtube.com/results?search_query=Black%20Mirror%20trailer
- https://www.youtube.com/results?search_query=${encodeURIComponent(movie.title +
- https://www.youtube.com/results?search_query=The%20Witcher%20trailer
- https://www.youtube.com/results?search_query=Breaking%20Bad%20trailer
- https://www.youtube.com/results?search_query=Dark%20trailer
- https://www.youtube.com/results?search_query=Lucifer%20trailer
- https://www.youtube.com/results?search_query=Money%20Heist%20trailer
- https://www.youtube.com/results?search_query=Narcos%20trailer
- https://www.youtube.com/results?search_query=The%20Crown%20trailer
- https://www.youtube.com/results?search_query=Wednesday%20trailer
- https://www.youtube.com/results?search_query=Stranger%20Things%20trailer
π Risk Score Breakdown
Total Risk Score
75/100
Contributing Factors
Free Hosting
The use of free hosting is a strong indicator of phishing.
Brand Impersonation
The Netflix logo is used to deceive users and make them believe the site is legitimate.
π¬ Comprehensive Threat Analysis
Threat Type
Two-Factor Authentication Stealer
Target
Netflix users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
β οΈ Indicators of Compromise
- Kit types: OTP Stealer, Personal Info
- 1 obfuscation techniques
π’ Brand Impersonation Analysis
Impersonated Brand
Netflix
Official Website
https://www.netflix.com/
Fake Service
Netflix
βοΈ Attack Methodology
Primary Method: Credential Harvesting
The site likely aims to trick users into entering their Netflix login credentials.
π Infrastructure Indicators of Compromise
Domain Information
Domain
bansalpratham.github.io
Registered
None
Registrar
None
Status
None
π€ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Netflix
http://bansalpratham.github.io/Netflix-
Apr 05, 2026
Netflix
https://chhatarapati-chandril.github.io/NetflixClone/
Feb 02, 2026
No screenshot
Unknown
https://oildenlogistics.com/microsoft.365
Dec 29, 2025
No screenshot
Unknown
http://aetherclaim.xyz
Dec 27, 2025
No screenshot
Unknown
https://aetherclaim.xyz/
Dec 27, 2025
Scan History for bansalpratham.github.io
Found 1 other scan for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.