Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://052585.cc
Detected Brand
K8 (Gambling Website)
Country
International
Confidence
100%
HTTP Status
200
Report ID
2d463f3e-860โฆ
Analyzed
2026-02-17 06:52
Final URL (after redirects)
https://052585.cc/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10831CE31C0C4CDFF0653C3E88B367B1BB2C68718D7136E0585EA47AE6A4AE66CD47885 |
|
CONTENT
ssdeep
|
24:tCcH4/u9tNG0lC9HXHJbqWHXHJaVN62MoxBZFUR/2/92DQAz6dT:lH6u9XG0lIbZaVN6eB0U6QAmdT |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c96636dde09c9c62 |
|
VISUAL
aHash
|
1000187e78181800 |
|
VISUAL
dHash
|
b4c4b2b2b23232cc |
|
VISUAL
wHash
|
5c6278fff8ba9800 |
|
VISUAL
colorHash
|
39c00010000 |
|
VISUAL
cropResistant
|
8cb6868e8ea626a6,b4c4b2b2b23232cc |
Code Analysis
Risk Score
77/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ Personal Info
๐ฌ Threat Analysis Report
โข Threat: Phishing
โข Target: Gambling website users
โข Method: Redirecting users to a malicious site
โข Exfil: Potentially obtaining user login, sensitive information.
โข Indicators: Domain age, obfuscation, multiple entry points
โข Risk: High
๐ Obfuscation Detected
- eval
- unescape
- hex_escape
- unicode_escape
๐ฏ Kit Endpoints
- https://052585.cc/js/config.js?t=1771314684120
๐ก API Calls Detected
- POST
๐ Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain Age
Relatively new domain is suspicious. Phishers use new domains to avoid detection.
Obfuscation
Obfuscated code makes the website harder to analyze, indicating malicious intent.
Phishing Tactics
Offers promotions and urgency.
๐ฌ Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
K8 (Gambling Website) users (International)
Attack Method
obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 51 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
K8ๅฏๅ
Fake Service
Gambling and Betting
Fraudulent Claims
โ๏ธ Attack Methodology
Primary Method: Credential Harvesting
The site likely aims to steal user credentials through a convincing login form, disguised to look like the real K8 website or a related service. Users are lured into inputting their details which are then stolen.
Secondary Method: Redirect to malicious site
The site redirects users to a malicious site that looks similar.
๐ Infrastructure Indicators of Compromise
๐ฆ Malicious Files
Main File
config.js
File Size
๐ Attack Flow Diagram
User fills <input name='password'> โ te() โ fetch('https://052585.cc/js/config.js?t=1771314684120') โ credentials sent
๐ฌ JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
117.1ย KB
๐ API Endpoints Detected
Other
9
๐ Obfuscation Detected
- : Light
- : None
- : None
- : Heavy
๐ค AI-Extracted Threat Intelligence
๐ Attack Flow
User fills <input name='password'> โ te() โ fetch('https://052585.cc/js/config.js?t=1771314684120') โ credentials sent
๐ฏ Malicious Files Identified
Main Drainer
config.jsFile Size
estimated 45KB
Malicious Functions
tege
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.