Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
http://netflix-clone-site.vercel.app/
Detected Brand
Netflix
Country
International
Confidence
95%
HTTP Status
200
Report ID
9e162335-15c…
Analyzed
2026-03-12 20:26
Final URL (after redirects)
https://netflix-clone-site.vercel.app/
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1643285B311496537130391D1A32B1787B7E6C65CD5934B0063FE93382FE9CA9ED662A8 |
|
CONTENT
ssdeep
|
192:GM6GdXV7qbiJK5Prq8NzTuSJXQWl8o+dM3p4syBMUy3GorodHjGmd3dQHF:GS/78RlAGpR3UBIuX/i |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
85d80d7a2d7a8d5a |
|
VISUAL
aHash
|
187e7e7e7e7e003a |
|
VISUAL
dHash
|
b0f0e0c4c8c48cf2 |
|
VISUAL
wHash
|
187e7e3e3c7e0032 |
|
VISUAL
colorHash
|
180000001c0 |
|
VISUAL
cropResistant
|
26e64839d4c42900,98ddddd6c723a3a7,b040d0d051d1f0e8,b0f0e0c4c8c48cf2 |
Análisis de Código
Threat Level
ALTO
⚠️ Phishing Confirmed
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de Netflix
• Método: Suplantación de identidad a través de un sitio clonado
• Exfil: Se detectó el envío de un formulario JavaScript (no está claro a dónde van los datos)
• Indicadores: Alojamiento gratuito, marca Netflix, llamada a la acción de inicio de sesión
• Riesgo: Alto
🎯 Kit Endpoints
- https://www.netflix.com/in/login
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Free hosting with Brand Logo
The use of free hosting and the presence of the Netflix logo is a clear indicator of a phishing attempt.
Login Attempt
Presence of a login sign-in button pointing to credentials theft.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Netflix Phishing Landing Page
Objetivo
Netflix users (International)
Método de Ataque
Brand impersonation
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Netflix
Official Website
https://www.netflix.com/
Fake Service
Netflix
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker attempts to steal user credentials by creating a website that looks like Netflix. It is hosted on a free platform to avoid security detections.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
netflix-clone-site.vercel.app
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for netflix-clone-site.vercel.app
Found 3 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.