EN ES PT
Back to Stats

Visual Capture

Screenshot of netcredlt-support.pl

Detection Info

https://netcredlt-support.pl/
Detected Brand
NetCredit
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
5d30fdf2-843โ€ฆ
Analyzed
2026-07-04 23:12

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1774194195194CC669AD1EAF5B7A1AF0A32AAC3A183451A006FCEB3EE29C5980CF10295
CONTENT ssdeep
24:h6CxiFXtvFfQcBdYCnuomIitOnEes8WWYtBhcvRrbn63pHankFV4ouwJxpE:MFdvFfLdu8iknFs8WfX+5T6NfVlJ0

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
8e7897c331c734cc
VISUAL aHash
00181800003e3e3f
VISUAL dHash
7fb3b2753f796969
VISUAL wHash
031f1f01013f3f3f
VISUAL colorHash
000000001c0
VISUAL cropResistant
a2aa8ad2aab28e8e,7fb3b2753f796969

Code Analysis

Risk Score 23/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed

๐Ÿ” Credential Harvesting Forms

๐Ÿ”’ Obfuscation Detected

  • unescape

๐ŸŽฏ Kit Endpoints

  • send.php

๐Ÿ“ก API Calls Detected

  • https://api.ipify.org?format=json
  • POST
  • https://ipapi.co/json/

๐Ÿ“ค Form Action Targets

  • send.php

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
70/100

Contributing Factors

Credential Harvesting
Credential harvesting detected with 1 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 2 technique(s) to evade detection

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
NetCredit Credential Harvester
Target
NetCredit users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
LOW - Automated credential harvesting with HTTP POST to backend

โš ๏ธ Indicators of Compromise

  • 2 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
NetCredit
Official Website
N/A
Fake Service
Credential harvesting service

โš”๏ธ Attack Methodology

Primary Method: NetCredit Credential Harvesting

Fake NetCredit login page with 1 form. Victim enters credentials which are captured and transmitted to attacker's server. Page may impersonate NetCredit official login to appear legitimate.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
netcredlt-support.pl
Registered
2026-04-23 16:19:41+00:00
Registrar
Dynadot LLC
Status
Active (72 days old)

Hosting Information

Provider
Dynadot LLC
ASN

๐Ÿค– AI-Extracted Threat Intelligence

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.