Phishing Analysis: Netflix

Visual Capture

Screenshot of chhatarapati-chandril.github.io

Detection Info

https://chhatarapati-chandril.github.io/NetflixClone/

Detected Brand

Netflix

Country

International

Confidence

100%

HTTP Status

200

Report ID

40852a6e-fca…

Analyzed

2026-02-02 12:11

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1ACA253A051059D3741A393D27673472B32F0C205DB07066953FD93A99BEECB8ED2F962
CONTENT ssdeep	192:A4UR+B488HRT26lOq+KBaIYqk961b8AtOQGHzwc9dGRbOj/:A4UR+4HRTdlOqHaIYq91/rGTwc9dDz

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cc99336699996666
VISUAL aHash	0000181818180000
VISUAL dHash	0000303030300000
VISUAL wHash	00003c3c18180000
VISUAL colorHash	38000000007
VISUAL cropResistant	0000303030300000

Code Analysis

Risk Score 68/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Netflix users
• Method: Impersonation via loading screen.
• Exfil: Unknown (likely credentials or malware download)
• Indicators: Free hosting, Netflix logo, loading screen
• Risk: High

🔒 Obfuscation Detected

fromCharCode

📡 API Calls Detected

https://www.youtube.com/results?search_query=Dark%20trailer
https://www.youtube.com/results?search_query=Money%20Heist%20trailer
https://www.youtube.com/results?search_query=Black%20Mirror%20trailer
https://www.youtube.com/results?search_query=Narcos%20trailer
https://www.youtube.com/results?search_query=The%20Crown%20trailer
https://www.youtube.com/results?search_query=${encodeURIComponent(movie.title +
https://www.youtube.com/results?search_query=Breaking%20Bad%20trailer
https://www.youtube.com/results?search_query=Lucifer%20trailer
https://www.youtube.com/results?search_query=Wednesday%20trailer
https://www.youtube.com/results?search_query=The%20Witcher%20trailer
https://www.youtube.com/results?search_query=Stranger%20Things%20trailer

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Free Hosting + Brand Logo

Combination of free hosting and the Netflix logo is a strong indicator of phishing.

Obfuscation

Presence of obfuscation suggests a more sophisticated attempt and increases risk.

🔬 Comprehensive Threat Analysis

Threat Type

Two-Factor Authentication Stealer

Target

Netflix users (International)

Attack Method

Brand impersonation + obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: OTP Stealer, Personal Info
2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Netflix

Official Website

https://www.netflix.com

Fake Service

Netflix

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker likely intends to steal Netflix login credentials. They use a familiar visual element (the loading screen) to entice users and then redirect them to a fake login form or execute malicious script.