Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://im.nbpublic.com/loading_page/snack_box/snack_box_cf_3
Detected Brand
Amazon
Country
USA
Confidence
95%
HTTP Status
200
Report ID
2c5a2dde-910…
Analyzed
2026-03-16 23:51
Final URL (after redirects)
http://im.nbpublic.com/loading_page/snack_box/snack_box_cf_3/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T176618A715449D8BF82C3C2E086783B5E36C1CA86EE2B1A9886F4D30D1FEBD90ED07155 |
|
CONTENT
ssdeep
|
48:llMLEY0OW2IbSAwwy6qj4OQHj4OQgj4OQtj4OQ8pt8BjH5c7BjHY3BjHM/9MBjH3:LTaw9ycAzuozscqK0 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e666c666cccc9833 |
|
VISUAL
aHash
|
e7e7e7e7e7e7ffff |
|
VISUAL
dHash
|
2d4d0f0d4d0d0008 |
|
VISUAL
wHash
|
27278080a581ffff |
|
VISUAL
colorHash
|
07400018000 |
|
VISUAL
cropResistant
|
2d4d0f0d4d0d0008 |
Code Analysis
Risk Score
3/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🔬 Threat Analysis Report
• Threat: Phishing
• Target: Amazon customers
• Method: Gift incentive to obtain user information
• Exfil: Unknown (likely user clicks lead to data harvesting)
• Indicators: Gift offer, Amazon branding, short survey
• Risk: High
🔒 Obfuscation Detected
- unescape
📡 API Calls Detected
- POST
📊 Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Mismatched Domain
The domain is not related to Amazon.
Impersonation of Brand
The website attempts to impersonate Amazon with branding and a gift offer.
Suspicious Content
The offering of 'mystery gifts' and a test for a prize is a red flag.
🔬 Comprehensive Threat Analysis
Threat Type
Amazon Phishing Landing Page
Target
Amazon users (USA)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- 2 obfuscation techniques
🏢 Brand Impersonation Analysis
Impersonated Brand
Amazon
Official Website
https://www.amazon.com
Fake Service
Gift offers or surveys
Fraudulent Claims
⚔️ Attack Methodology
Primary Method: Brand Impersonation
The attacker uses the Amazon brand to lure victims. The site creates an initial hook with a welcoming message and a simple prompt to engage.
Secondary Method: Social Engineering
The attacker uses an incentive, a prize or gift, to entice the user to interact with the page.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
im.nbpublic.com
Registered
2022-09-14
Registrar
Namecheap
Status
ACTIVE
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Amazon
https://im.nbpublic.com/loading_page/amazon/AmazonGiftCard_5...
Mar 07, 2026
Amazon
https://im.nbpublic.com/loading_page/snack_box/snack_box_cf_...
Dec 31, 2025
Amazon
http://im.nbpublic.com/loading_page/snack_box/snack_box_cf_3...
Dec 31, 2025
No screenshot
Amazon
http://im.nbpublic.com/loading_page/snack_box/snack_box_cf_3
Dec 22, 2025
Scan History for im.nbpublic.com
Found 10 other scans for this domain
-
https://im.nbpublic.com/loading_page/paypal/paypal...
https://im.nbpublic.com/loading_page/amazon/Amazon...
https://||im.nbpublic.com/loading_page_cpl/amazon/...
https://||im.nbpublic.com/loading_page/amazon/amaz...
http://im.nbpublic.com/loading_page/amazon/AmazonG...
https://im.nbpublic.com/loading_page/paypal/paypal...
https://im.nbpublic.com/loading_page/amazon/Amazon...
https://im.nbpublic.com/loading_page/snack_box/sna...
http://im.nbpublic.com/loading_page/snack_box/snac...
http://im.nbpublic.com/loading_page/snack_box/snac...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.