Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11B21C02580584C778AD395FC67A1AF1B32DAC241CB871A0847F4C7AE5FF6E85CE462D4 |
|
CONTENT
ssdeep
|
24:n9CCqy1MD+2occVkstErAN9uZtSG0/7HMGTumak9TxPIYgIt/uOMJ8Dm:n9VMjquAH5sGTuSPOl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc48333799dc6666 |
|
VISUAL
aHash
|
000050d8dbe7e7ff |
|
VISUAL
dHash
|
028c94b296848c1c |
|
VISUAL
wHash
|
00005058fee7e7ff |
|
VISUAL
colorHash
|
38000000007 |
|
VISUAL
cropResistant
|
028c94b296848c1c |
• Amenaza: Ataque de phishing
• Objetivo: Usuarios de Netflix
• Método: Imitación de la página de inicio de sesión de Netflix
• Exfil: Potencialmente cosechando credenciales.
• Indicadores: Dominio reciente, discrepancia de dominio, envío de formulario, detección de fromCharCode, suplantación.
• Riesgo: Alto
The attacker is attempting to steal user's Netflix login credentials (email and password) via a fake login form that is visually similar to the legitimate Netflix login page.
The attacker is using JavaScript code to potentially obfuscate malicious behavior, such as credential harvesting, from detection. This may involve form submission and/or data exfiltration.
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain