Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11B21C02580584C778AD395FC67A1AF1B32DAC241CB871A0847F4C7AE5FF6E85CE462D4 |
|
CONTENT
ssdeep
|
24:n9CCqy1MD+2occVkstErAN9uZtSG0/7HMGTumak9TxPIYgIt/uOMJ8Dm:n9VMjquAH5sGTuSPOl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc48333799dc6666 |
|
VISUAL
aHash
|
000050d8dbe7e7ff |
|
VISUAL
dHash
|
028c94b296848c1c |
|
VISUAL
wHash
|
00005058fee7e7ff |
|
VISUAL
colorHash
|
38000000007 |
|
VISUAL
cropResistant
|
028c94b296848c1c |
• Threat: Phishing attack
• Target: Netflix users
• Method: Impersonation of Netflix login page
• Exfil: Potentially harvesting credentials.
• Indicators: Recent domain, domain mismatch, form submission, fromCharCode detected, impersonation.
• Risk: High
The attacker is attempting to steal user's Netflix login credentials (email and password) via a fake login form that is visually similar to the legitimate Netflix login page.
The attacker is using JavaScript code to potentially obfuscate malicious behavior, such as credential harvesting, from detection. This may involve form submission and/or data exfiltration.
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain