SafeMode - Analysis: netflix555-login.com

Visual Capture

Detection Info

http://netflix555-login.com

Detected Brand

Netflix

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

8514f2a3-532…

Analyzed

2026-05-21 11:31

Final URL (after redirects)

https://netflix555-login.com/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1A3437673509D993E27A282C563607B1AE295A245EB73EFF063B0434C9FD2F11EC12DA5
CONTENT ssdeep	768:Rk25eVanqwDop15CxwECSjX8zmgr13C2FnDwGj9FQsu5yS1ua/5DXNCzCIwGhgaw:W24zmP3m1ufYcfZF

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	92926c6d3173c3d3
VISUAL aHash	3c3c3c3c1c3c3c3c
VISUAL dHash	dcf4dcd8d8c0e0e8
VISUAL wHash	3c3c3c3c3c3c3c3c
VISUAL colorHash	300000c0002
VISUAL cropResistant	3372b1b192d989a3,da1a144c6c6e4a9a,360e72704b4655d5,55559aaaaa9ad5c5,dcf4dcd8d8c0e0e8

Code Analysis

Risk Score 76/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔒 Obfuscation Detected

fromCharCode
unescape

🎯 Kit Endpoints

https://netflix555-login.com/%e0%b8%97%e0%b8%94%e0%b8%a5%e0%b8%ad%e0%b8%87%e0%b9%80%e0%b8%a5%e0%b9%88%e0%b8%99/
https://netflix555-login.com/comments/feed/
https://netflix555-login.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
https://netflix555-login.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnetflix555-login.com%2F
https://netflix555-login.com/wp-json/wp/v2/pages/46
https://netflix555-login.com/login/
https://netflix555-login.com/deposit-withdraw/
https://netflix555-login.com/%e0%b8%9a%e0%b8%97%e0%b8%84%e0%b8%a7%e0%b8%b2%e0%b8%a1/
https://netflix555-login.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
https://netflix555-login.com/wp-json/
https://netflix555-login.com/promotion/
https://netflix555-login.com/contact/
https://netflix555-login.com/wp-content/cache/min/1/wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-search.js?ver=1761475901
https://netflix555-login.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
https://netflix555-login.com/wp-content/cache/min/1/wp-content/themes/flatsome/inc/integrations/wp-rocket/flatsome-wp-rocket.js?ver=1761475901
https://netflix555-login.com/xmlrpc.php
https://netflix555-login.com/feed/
https://netflix555-login.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnetflix555-login.com%2F&format=xml
https://netflix555-login.com/
https://netflix555-login.com/xmlrpc.php?rsd
https://netflix555-login.com/wp-content/themes/flatsome/style.css?ver=3.19.6

📡 API Calls Detected

POST

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected kit types: Credential Harvester, OTP Stealer, Banking, Personal Info

Code Obfuscation

JavaScript code obfuscated using 5 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

Netflix users

Attack Method

obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
5 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Netflix

Official Website

https://www.netflix.com

Fake Service

Account login portal

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

netflix555-login.com

Registered

2026-05-18 07:40:58+00:00

Registrar

Realtime Register B.V.

Status

Recently registered (3 days old)

Hosting Information

Provider