SafeMode - Analysis: kfz-service-lenz.com

Captura Visual

Información de Detección

http://kfz-service-lenz.com/spec/core

Detected Brand

Netflix

Country

International

Confianza

100%

HTTP Status

200

Report ID

e6fd5cc3-542…

Analyzed

2026-02-18 02:21

Final URL (after redirects)

http://kfz-service-lenz.com/spec/core/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1E5E2E836A11C693F931709C8B0A16F6BF157571FEA5268806BAC7BF01FD6CB1D90A10B
CONTENT ssdeep	768:uEpISgGK2u+8y/RsMSwKMnaRARn8+n8gA:uEp3KTS9B8+nLA

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	e8bf17a4e189a05b
VISUAL aHash	d383f9f9e1f30000
VISUAL dHash	266e119387a7f3c0
VISUAL wHash	f7a3fde1f1e30000
VISUAL colorHash	39600010000
VISUAL cropResistant	266e119387a7f3c0

Análisis de Código

Risk Score 100/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Netflix
• Método: Suplantación de identidad a través de una página de inicio de sesión falsa
• Exfil: Credenciales
• Indicadores: Discordancia de dominio, ofuscación, formularios.
• Riesgo: ALTO

🔒 Obfuscation Detected

fromCharCode
base64_strings

🎯 Kit Endpoints

https://www.netflix.com/login#

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain doesn't match the brand.

Obfuscation Detected

The website's javascript is obfuscated.

Forms Present

Forms are present to collect login information.

Impersonation

The website mimics the brand.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Two-Factor Authentication Stealer

Objetivo

Netflix users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Personal Info
5 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Netflix

Official Website

https://www.netflix.com

Fake Service

Netflix account login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker is attempting to steal Netflix login credentials by presenting a fake login form on a domain unrelated to Netflix (kfz-service-lenz.com). The form captures the user's email and password, which are then likely transmitted to the attacker.

Secondary Method: Social Engineering

The attacker uses the recognizable Netflix login page to trick users into believing they are on the real Netflix website. The use of familiar branding and design elements is a common social engineering tactic to build trust and deceive users.