Key Data

It happened again: A fancy new AI tool has been used maliciously. This time, it’s a tool that can clone and deploy a copy of your website, including some backend behavior. It can also change where the credentials of the login page are sent without the user ever touching a single line of code. 

The use (and misuse) of AI by threat actors is nothing new. What Same does differently is full automation of website development from creation to deployment, all through a helpful chatbot and from a starting point of imitation. Unsurprisingly, Netcraft has observed threat actors using this service to create new phishing sites in a matter of minutes. What those threat actors didn’t consider was that we could see their entire conversation with Same. 

Same.new 

Same is a Y Combinator start-up that provides users with an online conversational chatbot for website cloning and customisation, automating UI and some backend development. The result? An instant creation put online using a subdomain of Netlify.  

Figure 1. Example of a same.new output summary where the given prompt was a screenshot of the Chinese DHL tracking page and the word “copy.” 

Same’s platform automatically explores a user-submitted URL and then clones both the website’s appearance and behaviour. Created websites are automatically deployed to Netlify, making the new site publicly available for free. Site files are also made available to the user and anyone who can view the chat history, making it trivial to modify minor aspects of a cloned website. 

The Netlify deployment is assigned a subdomain derived from the unique ID of the chatbot conversation that created it.  This makes it possible to predict the staging URL from a conversation, even if the deployment part of the conversation has been made private. Additionally, this makes it possible to find the Same conversation that created a given staging URL. 

Currently, new projects are public by default, and consequently, the chat results will be shown briefly on the Same homepage. It’s worth noting that, with a free account, anyone can view the chatlog by default. This public visibility has allowed the identification of several questionable or malicious projects, a couple of which have been highlighted below.

Credential Theft Infrastructure 

Netcraft observed a conversation that took place on 11 April 2025, in which a user going by NsShrixx used Same’s platform to clone Roblox’s login page, a commonly impersonated service for phishing. At time of reporting, the user has not set this chat session to private, making the project visible on their user profile and briefly on the homepage of Same.   

Figure 2. The user’s initial prompt specifically requested the login page for Roblox for cloning. 

Once Same’s platform had successfully created a Roblox login page and deployed it to Netlify, NsShrixx requested that the login functionality be replaced with a provided webhook that would send credentials to a Discord server. 

Figure 3. The user attempts to connect the page to their discord webhook. While this is recognised as a phishing attempt, the user is not removed and the chat continues. 

While the model did refuse to replace login functionality, indicating some safety controls in place, it still automatically cloned and deployed the site. Even after the purpose of phishing had become clear, there appeared to be no restrictions on further use of the created website.  

Figure 4. The user requests the page’s source in easily modified formats. 

This approach would make it considerably easier for the user to replace login functionality with credential harvesting. Following this, the user has used Same’s platform to create clones of multiple websites which provide cheat software for Roblox. In each instance, they requested that the website clone be comprised of only HTML and CSS files.  

Figure 5. Xeno is a free tool for using cheat scripts in Roblox. 

Though these sites don’t include login functionality, they offer software for download, meaning their clones could be used for malware distribution. A GitHub account with the same username, profile picture, and interest in Roblox exploits as NsShrixx is involved in malicious remote access trojan development. It is highly likely that the threat actor behind this GitHub account is the same as the user behind the Same clones.  

Figure 6. NsShrixx’s comment on another malware developer’s project. 

Targeted BambooHR Login Cloning 

A user going by Николай (Nicoli) used Same’s platform to clone the login page of BambooHR, a human resources and payroll management company. This clone specifically targeted the subdomain used by Wildix, an IT and communication systems provider. 

Figure 7. Same will take screenshots of cloning targets to confirm with the user that this is the desired page. It will then create a proposed list of requirements. 

BambooHR have noted that phishing sites impersonating them can be used for payroll diversion or payroll fraud through the theft of administrator credentials. This is a high value form of phishing due to the access to company and financial information.  

In this case, the accuracy of the fake login page was hindered by Same’s use of an AI-generated logo rather than the official Wildix logo since multiple options were found. However, this can be easily replaced by the user and was still published to Netlify. 

Figure 8. For now, Same still struggles with some less common logos. 

The Future of Malicious Site Cloning with AI 

Same plans to implement features that, if not suitably restricted, could enable further abuse. As seen in the roadmap shown below, the possibilities for more complex and private cloned website deployment are going to increase. It is worth noting that the safety features of this service are currently easily avoided through code export and trivial modification.  There is currently no mention of increased safety or security controls on generated material in Same’s roadmap. 

Figure 9. The current Same roadmap. 

Malicious use of public and commercial AI tools is likely to continue without much legal and regulatory oversight, increasing short to medium term risk. The difficulty of regulating AI has created an environment in which these services are abusable, widely available, and often unaccountable for the material generated by their own platforms.  

Figure 10. A post on X (12 March 2025) by the co-founder of Same, Aiden Bai, acknowledging the tool’s potential for phishing following public reaction to a demo video. 

It is almost certain that Same’s platform will see continued experimental malicious use. However, the surface visibility of these attacks’ development is likely to decrease with more sophisticated threat actors as they become more consistent in making their conversations private.  

In response to these findings, Netcraft has improved our classification systems to find new staging URLs from Same. Additionally, the Netcraft Takedown system can now track these malicious sites and their path to removal. This is part of Netcraft’s larger and ongoing efforts toward effectively classifying and disrupting novel attack methods.