Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11B21C02580584C778AD395FC67A1AF1B32DAC241CB871A0847F4C7AE5FF6E85CE462D4 |
|
CONTENT
ssdeep
|
24:n9CCqy1MD+2occVkstErAN9uZtSG0/7HMGTumak9TxPIYgIt/uOMJ8Dm:n9VMjquAH5sGTuSPOl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc48333799dc6666 |
|
VISUAL
aHash
|
000050d8dbe7e7ff |
|
VISUAL
dHash
|
028c94b296848c1c |
|
VISUAL
wHash
|
00005058fee7e7ff |
|
VISUAL
colorHash
|
38000000007 |
|
VISUAL
cropResistant
|
028c94b296848c1c |
• Ameaça: Ataque de phishing
• Alvo: Usuários da Netflix
• Método: Imitação da página de login da Netflix
• Exfil: Potencialmente coletando credenciais.
• Indicadores: Domínio recente, incompatibilidade de domínio, envio de formulário, fromCharCode detectado, personificação.
• Risco: Alto
The attacker is attempting to steal user's Netflix login credentials (email and password) via a fake login form that is visually similar to the legitimate Netflix login page.
The attacker is using JavaScript code to potentially obfuscate malicious behavior, such as credential harvesting, from detection. This may involve form submission and/or data exfiltration.
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain