Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://netflix-clone-site.vercel.app/
Detected Brand
Netflix
Country
International
Confidence
95%
HTTP Status
200
Report ID
9e162335-15cā¦
Analyzed
2026-03-12 20:26
Final URL (after redirects)
https://netflix-clone-site.vercel.app/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1643285B311496537130391D1A32B1787B7E6C65CD5934B0063FE93382FE9CA9ED662A8 |
|
CONTENT
ssdeep
|
192:GM6GdXV7qbiJK5Prq8NzTuSJXQWl8o+dM3p4syBMUy3GorodHjGmd3dQHF:GS/78RlAGpR3UBIuX/i |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
85d80d7a2d7a8d5a |
|
VISUAL
aHash
|
187e7e7e7e7e003a |
|
VISUAL
dHash
|
b0f0e0c4c8c48cf2 |
|
VISUAL
wHash
|
187e7e3e3c7e0032 |
|
VISUAL
colorHash
|
180000001c0 |
|
VISUAL
cropResistant
|
26e64839d4c42900,98ddddd6c723a3a7,b040d0d051d1f0e8,b0f0e0c4c8c48cf2 |
Code Analysis
Threat Level
ALTO
ā ļø Phishing Confirmed
š¬ Threat Analysis Report
ā¢ Threat: Phishing
ā¢ Target: Netflix users
ā¢ Method: Impersonation via a clone site
ā¢ Exfil: JavaScript form submission detected (unclear where data goes)
ā¢ Indicators: Free hosting, Netflix branding, Sign in CTA
ā¢ Risk: High
šÆ Kit Endpoints
- https://www.netflix.com/in/login
š Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Free hosting with Brand Logo
The use of free hosting and the presence of the Netflix logo is a clear indicator of a phishing attempt.
Login Attempt
Presence of a login sign-in button pointing to credentials theft.
š¬ Comprehensive Threat Analysis
Threat Type
Netflix Phishing Landing Page
Target
Netflix users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
š¢ Brand Impersonation Analysis
Impersonated Brand
Netflix
Official Website
https://www.netflix.com/
Fake Service
Netflix
āļø Attack Methodology
Primary Method: Credential Harvesting
The attacker attempts to steal user credentials by creating a website that looks like Netflix. It is hosted on a free platform to avoid security detections.
š Infrastructure Indicators of Compromise
Domain Information
Domain
netflix-clone-site.vercel.app
Registered
None
Registrar
None
Status
None
š¤ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for netflix-clone-site.vercel.app
Found 3 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.