Phishing Analysis: Unknown

Visual Capture

No screenshot available

Detection Info

https://royalbet.royalgiris.cam/#giris

Detected Brand

Unknown

Country

Turkey

Confidence

90%

HTTP Status

200

Report ID

329ad878-4b0…

Analyzed

2026-04-07 19:52

Final URL (after redirects)

https://royalbet.royalgiris.cam/tib.php#giris

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T117616563C589AD7FA302C0D1FBA03698A156A097DD8D503DDD7099758238F9F983B2BC
CONTENT ssdeep	48:j6yK9nlxwd4JaimtQNqUO/XUqLoeOsmFLzyttNbELoeOsmFn09cA3vkmLoeOsmzX:j63Gd4J+QcweOsM3yfeOsM0Tf2eOsaX

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	8e1c3036cf677133
VISUAL aHash	0f1e1c3c3c3c2078
VISUAL dHash	fcb0f071e1e0c2e0
VISUAL wHash	0f1f1e3e3c3c3078
VISUAL colorHash	08000e00000
VISUAL cropResistant	a2d22c968a86b082,fcb0f071e1e0c2e0

Code Analysis

Risk Score 3/100

Threat Level MEDIO

⚠️ Phishing Confirmed

🔬 Threat Analysis Report

• Threat: Affiliate Fraud / Traffic Hijacking
• Target: Turkish betting users
• Method: Redirecting traffic to legal sites via suspicious domain
• Exfil: None (Traffic redirection)
• Indicators: New domain, non-official branding
• Risk: Moderate (Deception)

🔒 Obfuscation Detected

unescape

📡 API Calls Detected

POST

📊 Risk Score Breakdown

Total Risk Score

65/100

Contributing Factors

Domain Age

Domain is less than 24 hours old.

Content Authenticity

Suspicious traffic redirection pattern.

🔬 Comprehensive Threat Analysis

Threat Type

Unknown Threat

Target

General public

Attack Method

Brand impersonation + obfuscated JavaScript

Exfiltration Channel

Unknown

Risk Assessment

LOW - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Various Turkish Betting Sites

Official Website

Multiple

Fake Service

Official Gambling Gateway

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Affiliate Redirection / Traffic Hijacking

The site uses deceptive domain names to capture users searching for specific betting sites and redirects them through an aggregator, likely to generate affiliate revenue.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

royalbet.royalgiris.cam

Registered

2026-04-07

Registrar

Unknown

Status

Newly Registered

Visual Capture

Detection Info

Content Hashes (HTML Similarity)

Visual Hashes (Screenshot Similarity)

Code Analysis

🔬 Threat Analysis Report

🔒 Obfuscation Detected

📡 API Calls Detected

📊 Risk Score Breakdown

Contributing Factors

🔬 Comprehensive Threat Analysis

⚠️ Indicators of Compromise

🏢 Brand Impersonation Analysis

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Affiliate Redirection / Traffic Hijacking

🌐 Infrastructure Indicators of Compromise

Domain Information

🤖 AI-Extracted Threat Intelligence