EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of m.bets10vipgiris26.cam

Detection Info

https://m.bets10vipgiris26.cam/
Detected Brand
Bets10
Country
Unknown
Confidence
90%
HTTP Status
200
Report ID
6016742b-51a…
Analyzed
2026-06-13 19:09

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T107E111B19099F67B624782C00BB11B5FA3D7A358CE634B8A87F5D39D6F87C91DD02109
CONTENT ssdeep
96:P7Ebwu5KrNUmmx/RS8zqN6nv1kXPZ4jam325xzox3FDJ:jNuQ5UmmxgdK1YO2Vy3FDJ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b0cd3232cfd33493
VISUAL aHash
ffffffffc7878787
VISUAL dHash
8ab2bab32f0e0d2d
VISUAL wHash
c1c3dbdb83838387
VISUAL colorHash
06000000e00
VISUAL cropResistant
8ab2bab32f0e0d2d,f0323323232323d8,4949c9e9f878e8f8

Code Analysis

Risk Score 53/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 OTP Stealer

🔒 Obfuscation Detected

  • unescape

📡 API Calls Detected

  • POST

📊 Risk Score Breakdown

Total Risk Score
75/100

Contributing Factors

Active Phishing Kit
Detected kit types: OTP Stealer
Code Obfuscation
JavaScript code obfuscated using 2 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type
Two-Factor Authentication Stealer
Target
Bets10 users
Attack Method
obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: OTP Stealer
  • 2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Bets10
Official Website
N/A
Fake Service
Credential harvesting service

⚔️ Attack Methodology

Primary Method: Two-Factor Authentication Bypass

Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
m.bets10vipgiris26.cam
Registered
2026-06-08 14:02:33+00:00
Registrar
Dynadot Inc
Status
Recently registered (5 days old)

Hosting Information

Provider
Dynadot Inc
ASN

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Bets10
https://bets10vipgiris26.cam/m/
Jun 13, 2026
 Screenshot
Bets10
http://bets10-trguncelgiris.cam/m/
Jun 05, 2026
 Screenshot
Bets10
http://m.bets10-gunlukgiris.vip
May 30, 2026
 Screenshot
Bets10
http://m.bets10-goldgiris26.vip
May 29, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/3263ddfa0dea.png
May 27, 2026

Scan History for m.bets10vipgiris26.cam

Found 1 other scan for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.