Phishing Analysis: Netflix

Visual Capture

Screenshot of stefannydossantos26.github.io

Detection Info

https://stefannydossantos26.github.io/NetAlura/catalogo/catalogo.html

Detected Brand

Netflix

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

236370bf-d79…

Analyzed

2026-04-06 16:54

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1445236F251C6767B0323E6C9617ACB1B71D2918ECDCA6B0267FC97E84BE5C54E806093
CONTENT ssdeep	192:PaD47qsDCjsjVjnRA8bj5jsjV1yjIjCjIVN:PB7LOoxnh/Nov+cOC

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c0e03337cc0f3f33
VISUAL aHash	00f000f8f8000000
VISUAL dHash	03829cb2922c4c80
VISUAL wHash	f3f8f8f8f8800000
VISUAL colorHash	30c00000001
VISUAL cropResistant	8a0b898b9b233333,a9a9ab6a5a6a6a4a,03829cb2922c4c80

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

Netflix Phishing Landing Page

Target

Netflix users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Netflix

Official Website

https://www.netflix.com

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Brand Impersonation Redirect

Impersonates Netflix to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.