Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E5E2E836A11C693F931709C8B0A16F6BF157571FEA5268806BAC7BF01FD6CB1D90A10B |
|
CONTENT
ssdeep
|
768:uEpISgGK2u+8y/RsMSwKMnaRARn8+n8gA:uEp3KTS9B8+nLA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e8bf17a4e189a05b |
|
VISUAL
aHash
|
d383f9f9e1f30000 |
|
VISUAL
dHash
|
266e119387a7f3c0 |
|
VISUAL
wHash
|
f7a3fde1f1e30000 |
|
VISUAL
colorHash
|
39600010000 |
|
VISUAL
cropResistant
|
266e119387a7f3c0 |
• Threat: Phishing
• Target: Netflix users
• Method: Impersonation via a fake login page
• Exfil: Credentials
• Indicators: Domain mismatch, obfuscation, forms.
• Risk: HIGH
The attacker is attempting to steal Netflix login credentials by presenting a fake login form on a domain unrelated to Netflix (kfz-service-lenz.com). The form captures the user's email and password, which are then likely transmitted to the attacker.
The attacker uses the recognizable Netflix login page to trick users into believing they are on the real Netflix website. The use of familiar branding and design elements is a common social engineering tactic to build trust and deceive users.
Pages with identical visual appearance (based on perceptual hash)
Found 3 other scans for this domain