Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://nextbanking.online/
Detected Brand
Next Banking (Impersonated)
Country
International
Confidence
100%
HTTP Status
200
Report ID
b8cfcac1-86fâŚ
Analyzed
2026-06-18 13:11
Final URL (after redirects)
https://www.nextbanking.online/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T104F23035A3502DEEBA6787E8E266BB3F70BDC39DCD4BC648F16C815013D6D54E822264 |
|
CONTENT
ssdeep
|
768:ZRuP3A3pWR+w618i24zUpr0hdlojuqDIEm6on8Z+xR4:vc |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3863c7919bcc4e6 |
|
VISUAL
aHash
|
0260767e70600000 |
|
VISUAL
dHash
|
96c9ccd8c4c8ca30 |
|
VISUAL
wHash
|
42607e7e7e7e6018 |
|
VISUAL
colorHash
|
38002038000 |
|
VISUAL
cropResistant
|
96c9ccd8c4c8ca30 |
Code Analysis
Risk Score
79/100
Threat Level
ALTO
â ď¸ Phishing Confirmed
đŁ Credential Harvester
đŁ OTP Stealer
đŁ Card Stealer
đŁ Banking
đŁ Personal Info
đŹ Threat Analysis Report
⢠Threat: Financial Phishing
⢠Target: Banking users
⢠Method: Brand impersonation of a digital bank
⢠Exfil: JavaScript-based data collection
⢠Indicators: Obfuscated JS code and generic TLD
⢠Risk: Critical
đ Obfuscation Detected
- atob
- fromCharCode
- unicode_escape
đ Risk Score Breakdown
Total Risk Score
95/100
Contributing Factors
Obfuscation
Use of atob/fromCharCode to hide malicious logic
Domain Age
42 days old is consistent with short-lived phishing campaigns
Brand Impersonation
High-quality visual mimicry of banking services
đŹ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Next Banking (Impersonated) users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
â ď¸ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 18 obfuscation techniques
đ˘ Brand Impersonation Analysis
Impersonated Brand
NEXT Banking
Official Website
Unknown
Fake Service
Digital Banking
Fraudulent Claims
âď¸ Attack Methodology
Primary Method: Credential Harvesting
The site lures users into an 'Open Account' flow to harvest sensitive personal and financial data.
Secondary Method: JavaScript Exfiltration
Uses obfuscated scripts to transmit inputs directly to attacker-controlled infrastructure.
đ Infrastructure Indicators of Compromise
Domain Information
Domain
nextbanking.online
Registered
2026-05-07
Registrar
Unknown
Status
Active
đ¤ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for nextbanking.online
Found 1 other scan for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.