[Phishing Kit] Dissecting Netflix Phishing Kit

This Netflix phishing kit is not like other phishing kits but can hide the hosted phishing URLs with proper evasion detection methods from most of the detection engines on the Internet.

Phishing Kit Capabilities

Phishing URLs

http[://]update-flix-net[.]com/auth/dV9oBz/login[.]php?id=29357775
http[://]update-flix-net[.]com/auth/dV9oBz/login[.]php?id=71257383
newton-am[.]com/wp/wp-includes/logo/images/auth/dV9oBz/login[.]php?id=18443680
https[://]cultureshockbots[.]com/ch/auth/dV9oBz/login[.]php?id=26006961
https[://]vineaustralia[.]com[.]au/old/auth/dV9oBz/login[.]php?id=29642149

Note: The actors behind this phishing campaign hosted phishing kits on typosquatting domains, exploited vulnerable WordPress sites, and hosted phishing kits on them.

Phishing Kit: netflix.zip (864.4 KB)
Hash: 9bcd92447b38dc07483230107a349c50d7958a50

1 Like