This Netflix phishing kit is not like other phishing kits but can hide the hosted phishing URLs with proper evasion detection methods from most of the detection engines on the Internet.
Phishing Kit Capabilities
-
This contains a customized allowlisting to target country-specific users
-
The phishing kit takes visitors’ IP information, including system and user agent, and based on that, it blocks unwanted visitors along with various bots and proxies. Interestingly, it doesn’t allow users with IPv6 addresses to visit the phishing site.
-
As per this version, this phishing is available in 6 languages
-
Victim’s data can be stolen in three ways: Telegram Bot, Selfowned SMTP server, or Emails
-
Besides manual bot checks, this phishing kit can utilize the antibot.pw and killbot.org services to block unwanted visitors
-
Capable of stealing PIIs, Credit card information, and OTPs; validates Card numbers against regex and Luhn algorithms.
Phishing URLs
http[://]update-flix-net[.]com/auth/dV9oBz/login[.]php?id=29357775
http[://]update-flix-net[.]com/auth/dV9oBz/login[.]php?id=71257383
newton-am[.]com/wp/wp-includes/logo/images/auth/dV9oBz/login[.]php?id=18443680
https[://]cultureshockbots[.]com/ch/auth/dV9oBz/login[.]php?id=26006961
https[://]vineaustralia[.]com[.]au/old/auth/dV9oBz/login[.]php?id=29642149
Note: The actors behind this phishing campaign hosted phishing kits on typosquatting domains, exploited vulnerable WordPress sites, and hosted phishing kits on them.
Phishing Kit: netflix.zip (864.4 KB)
Hash: 9bcd92447b38dc07483230107a349c50d7958a50