Phishing Analysis: Netflix

Visual Capture

Detection Info

https://janvi-code2104.github.io/Netflix_clone

Detected Brand

Netflix

Country

Unknown

Confidence

95%

HTTP Status

200

Report ID

ec00a1ce-b80…

Analyzed

2026-02-17 04:58

Final URL (after redirects)

https://janvi-code2104.github.io/Netflix_clone/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1DEA12E7061A2D53701A7E2E137758B2A32D58289DA93070052FE93DE4FDEE05FD16645
CONTENT ssdeep	96:nx7EFRGr4CI+UOQJ7PAK0z0K4H0yaRG6rnRw:x7EFRGSPAK+09HlaRG6ry

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c336b0968e3437d5
VISUAL aHash	070000303c7c7e78
VISUAL dHash	8cd0d2e161e8d4d7
VISUAL wHash	07700070fc7c7e7b
VISUAL colorHash	31401010000
VISUAL cropResistant	8cd0d2e161e8d4d7

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

70/100

🔬 Comprehensive Threat Analysis

Threat Type

Netflix Phishing Landing Page

Target

Netflix users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Netflix

Official Website

https://www.netflix.com

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Brand Impersonation Redirect

Impersonates Netflix to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.