Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://sonaligusain.github.io/netflix-clone
Detected Brand
Netflix
Country
International
Confidence
95%
HTTP Status
200
Report ID
5c14cc10-4bf…
Analyzed
2026-03-02 00:53
Final URL (after redirects)
https://sonaligusain.github.io/netflix-clone/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FDB145A61341DD2E4567C2E2FB36776A23B7A188D98A031495FDC3181FD9D49EC3B8C4 |
|
CONTENT
ssdeep
|
96:TXY81ReAt7kJLoWKjR9kHo2f9me2/LbosKOe:DYwReykloWKjDkHo2f9me2noste |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d2c9363469966dd2 |
|
VISUAL
aHash
|
007c7c387c026604 |
|
VISUAL
dHash
|
d4c5f1ebe884cccc |
|
VISUAL
wHash
|
6a70fe7c7e046606 |
|
VISUAL
colorHash
|
31401008000 |
|
VISUAL
cropResistant
|
e4f43230e4a1a1e0,d4c5f1ebe884cccc |
Code Analysis
Threat Level
ALTO
⚠️ Phishing Confirmed
🔬 Threat Analysis Report
• Threat: Phishing
• Target: Netflix users
• Method: Impersonation via fake login page
• Exfil: Email and likely password
• Indicators: Free hosting, brand logo, form
• Risk: HIGH
📊 Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Free Hosting
The site is hosted on a free hosting platform, a common indicator of phishing.
Brand Impersonation
The site closely mimics the Netflix website design.
Form on Landing Page
The presence of a form to collect user information increases the risk.
🔬 Comprehensive Threat Analysis
Threat Type
Netflix Phishing Landing Page
Target
Netflix users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
🏢 Brand Impersonation Analysis
Impersonated Brand
Netflix
Official Website
https://www.netflix.com/
Fake Service
Netflix streaming service
⚔️ Attack Methodology
Primary Method: Credential Harvesting
The attacker attempts to steal user credentials (email, and potentially password) by creating a fake login page that mimics Netflix.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
sonaligusain.github.io
Registered
Not Available
Registrar
Not Available
Status
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Netflix
http://gauri426.github.io/netflix-clone
May 10, 2026
Netflix
http://netflix-clone-lilac-iota.vercel.app
May 08, 2026
Netflix
https://netflix-clone-lilac-iota.vercel.app/
May 06, 2026
Netflix
http://vrushabhgvs.github.io/net-clone
May 05, 2026
Netflix
http://sufyan17809.github.io/Project-10
May 02, 2026
Scan History for sonaligusain.github.io
Found 3 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.