Phishing Analysis: Netflix

Captura Visual

Screenshot of chhatarapati-chandril.github.io

Información de Detección

https://chhatarapati-chandril.github.io/NetflixClone/

Detected Brand

Netflix

Country

International

Confidence

100%

HTTP Status

200

Report ID

40852a6e-fca…

Analyzed

2026-02-02 12:11

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1ACA253A051059D3741A393D27673472B32F0C205DB07066953FD93A99BEECB8ED2F962
CONTENT ssdeep	192:A4UR+B488HRT26lOq+KBaIYqk961b8AtOQGHzwc9dGRbOj/:A4UR+4HRTdlOqHaIYq91/rGTwc9dDz

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cc99336699996666
VISUAL aHash	0000181818180000
VISUAL dHash	0000303030300000
VISUAL wHash	00003c3c18180000
VISUAL colorHash	38000000007
VISUAL cropResistant	0000303030300000

Análisis de Código

Risk Score 68/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: usuarios de Netflix
• Método: Suplantación de identidad mediante pantalla de carga.
• Exfil: Desconocido (probablemente credenciales o descarga de malware)
• Indicadores: Alojamiento gratuito, logo de Netflix, pantalla de carga
• Riesgo: Alto

🔒 Obfuscation Detected

fromCharCode

📡 API Calls Detected

https://www.youtube.com/results?search_query=Dark%20trailer
https://www.youtube.com/results?search_query=Money%20Heist%20trailer
https://www.youtube.com/results?search_query=Black%20Mirror%20trailer
https://www.youtube.com/results?search_query=Narcos%20trailer
https://www.youtube.com/results?search_query=The%20Crown%20trailer
https://www.youtube.com/results?search_query=${encodeURIComponent(movie.title +
https://www.youtube.com/results?search_query=Breaking%20Bad%20trailer
https://www.youtube.com/results?search_query=Lucifer%20trailer
https://www.youtube.com/results?search_query=Wednesday%20trailer
https://www.youtube.com/results?search_query=The%20Witcher%20trailer
https://www.youtube.com/results?search_query=Stranger%20Things%20trailer

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Free Hosting + Brand Logo

Combination of free hosting and the Netflix logo is a strong indicator of phishing.

Obfuscation

Presence of obfuscation suggests a more sophisticated attempt and increases risk.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Two-Factor Authentication Stealer

Objetivo

Netflix users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: OTP Stealer, Personal Info
2 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Netflix

Official Website

https://www.netflix.com

Fake Service

Netflix

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker likely intends to steal Netflix login credentials. They use a familiar visual element (the loading screen) to entice users and then redirect them to a fake login form or execute malicious script.