SafeMode - Analysis: s101h.xyz

Visual Capture

Detection Info

http://s101h.xyz/

Detected Brand

Unknown

Country

International

Confidence

100%

HTTP Status

200

Report ID

627d7d80-0e2…

Analyzed

2026-01-26 11:44

Final URL (after redirects)

http://s101h.xyz/home

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T155441AF4536853F496874BE4F9711A06336910FEFB914688C3A48AD0FAF2ED9D439CA1
CONTENT ssdeep	3072:opDnTa7jDw/4Q1pSBn1pSBy1pSB61pSBo1pSBafoi2cluAkYc1DI:027jDw/47g7/to

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cee131ce8e29cf30
VISUAL aHash	00003c3c3c3c0000
VISUAL dHash	a8d4e96969697904
VISUAL wHash	007e7e7f7fbc0400
VISUAL colorHash	39001000c00
VISUAL cropResistant	8e8999e686a68799,a8d4e96969697904

Code Analysis

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

WebSocket C2

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing kit
• Target: bet365 users internationally
• Method: Fake login form stealing user credentials
• Exfil: Data sent via WebSocket URLs
• Indicators: Recent domain, domain mismatch, obfuscated JavaScript
• Risk: HIGH - Immediate credential theft

🔒 Obfuscation Detected

atob
eval
unescape
document.write
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEEAAABBCAYAAACO98lFAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA4RpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQ1IDc5LjE2MzQ5OSwgMjAxOC8wOC8xMy0xNjo0MDoyMiAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo3OGVlNTliYS1kMzJkLWYxNDMtOTFmMi1lOTM2NmNiZTMyMDYiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6RDAzNUEyREU3OEIxMTFFREJGNDQ4MjUzM0M5OUU4NUUiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6RDAzNUEyREQ3OEIxMTFFREJGNDQ4MjUzM0M5OUU4NUUiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTkgKFdpbmRvd3MpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6YWUxMTVlZjEtNDg5Zi0wYzRiLTlmODgtNzg1ZmVjNDA2OWQxIiBzdFJlZjpkb2N1bWVudElEPSJhZG9iZTpkb2NpZDpwaG90b3Nob3A6NDNkZjZiZTEtNDAxNi04YjQyLWIyZGMtYzFjOTMxZWYzYzhiIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+yTUE0QAAC2tJREFUeNrkXAtsHMUZHl8wklMn2AgoBJrCmVcg5dE7mqYBAe1FIggIAc5N8ygPgd3QQh4tsVtoKUkRNglNeYjI1woIlAA+CmlKeMiXFiQSIPFBSxseabgCpSSFKOdg81AemP+Xv6l/j2f29nb3EFJ/6ZNvd2dn5//nf82/s67q7+9X/++0T9gODl420U+zQwnccBzhWMLRfCthP8IotOkl7CRsI2wmvEZ4lfAc4T+VEsC2+c+FF4IHJQgzCGeD8VI0CjiMkDSusUAeJ6wk5L9wmmBhpJlwKeG4CPs9FlhAeIVwN6ED2vOFEUIdYS7hasL+lut7CC9AtV8H3oL670Sb/QA2nSMJ4wmTCBOMcbJwlxB+SriNcCuhJ8zgq8I4RvIHVfTnYgzqAOMyM/cHwiOEZwh9AR9TSzidcAHhQghK0nbCNYQVhP4gPiGwEEgAPFv3YLYk8SwvJTxA+DBicxsJP7MATlbSOkzIG+UKIRZQAGk4KCmAfxNmQ11/VwEBMH2EvtlUZhHeFtd4LC8S0uV2GitX/Qk8y52E0Ti9m3AzmP894dPPIbTzM+4nHI9n78b50Rgbj7Eqcp9AzO8LrzxDnP4XYTphg48uDiKcSfgmPP0RhAMJX8J11pz30SeHxOcJfyG856PvUwgPoU9NKxGldkXiEyCAPxLOEqf/RPh+Cc98AExkBvKGqjJnvB9mxwzdByfoFaHuJZwrzj1JmOolCF8+ARHgLkMAGcI06sAlgDGEWwhvEn6N5OcTwlrCL+Dlx0M7aoCDcO5CtFmLe5Log0Pq7ejbRjyWaRibprMw9qqwecJNhJnieAkxv9DRtpowD0zU4txamNGjcGwu+gTmsAlhdTGiwTSo9XcIPyJcgmvLhC/QtBfJ2geEn+DcTKTdLYEcI2nBRcbNyz0EcBQSopshgMcwiyk4sY8CRoP70UcSfXLf7YSNHlkp5w3LxfFCr6gR8xBAHOFIEw/gKkdztrtuwskwgXNgm1Hm+Xn0eQ6ecSKEfr6j/VUYs6bfEuK+hQA/sEJkZ/zQ2aQFey3Nm5AZjobKsyDWVDA8rsEzHoFWPIwIpSymMRvRRqflK2z+waUJnHmdKvKARpsTJGHNwUJmBGERUtseVXnqgQPl551BeNCj3XeF7zgVPsVbCMRYHexa0zISwEZLu/PgrRWc4fUBGYpDm4IQa96zJdpshBPV1I5w6qkJc5HE6FR4sUUA4+CwWANuxEquXMbb4EfegDbVV1BzFosU+0DwaBcCMVeL5bCma0kL+ow21Vgc1SJFvS7AoNKIOglxrts4jpL6jHFeLSpawzThB6IeUACzJs2DZ+bk5YoIBxqHIDpcXjwkPQCeFHhsHiYERATJVDtpwR5DC8YgEWL6IV3/IATDLmqCiXRCW1IRCWEP/IGmZh0ppCZMQAFUL2ZsWvAzmMFqEoAtDNZj0C0llrSmEDIOk2G/0YU1hEZLSG3QS3yuh0w0hdAovS4x2WtoAS+GLsPhIssDmPkdGHRbiRlMGElQM55f9MFIMYQQehFRhvAshTBF/LbF3VlY6HSRgGyZYMHjuN7QAnmchQm0+IwQxZBm8aCxwBoQAs3yoWqwLL4bNUGbEBSyLuVDCFqlO6EhCXFOUhucoakdrYRcmf7EDz0jkqdjiPevaE2Qb1A2WMIiL3O/TviYsKpEfi+Z6xRMpx1CkDOcwUIpCSc22fAXuQjWI31GEWiiXkqfJE6ut9z4bXjS9SSgDx2zky4xS9ppmrlADiaRcfiOguF3GiOIFOtFffQErQnyDdHfLDdNwN+nPUJam8WmC1DrBjg/07MnMdtZXOtGH2n87rbMfDoCIUgex2lNONyoG5qkhbTJci3neFAODMrBp4wcXq8bmox2caExcfSVEkLPhBSC1K6vak04RJy0vfzkmLpVDdT2bR3m8TfrcGApOD9TgzotiyeTyZTRbyKC9HqbrINqIYwqEYLmkC8YQ3BVfhuh8hlDCC0wlS7MZtERNouWHCIvNMO8169JfMsifIXym6baYUKwpcJ0LudTvUz7bREakYegWo02rcjlsx7akLZcL0UxaG6TI2nSNCqmoiVTi7IGI0X4gqxFI/IGk1nRnymU+jJqELv8SGuIZCgnGB2hUExb7oAfyBkMdyO6SCbl7OssM2/4Ci+qs8y6sph/b8zSsK6C2tFksfF6h6NLWTQpa4kiLjrYw8fJie7TQtgqTh4WgmGTmS7HeiBlqHcBzjVpMFkQ/qbJEEIpB6lXxP/0EBDTdi2EN8XJI0IIwc/avxUCMMNpXkAymfEQnpdfGI+/r5dYf7ylhfCaOHlCCCHkLOpn5vsJI78w1xoJi4OUQshZ0nUbne6IWAqVMU2vaiG8bMTWoJQXuX0BGeNko6KThoPstoTBtGXG4tCeyeg760P7RmJtwEWYPzvyB00vxyyLpgkouIbRhiRygpyIEqaDjDtqEM0Wk2hHX2n4mVJL62moffCmjXeNa7wV4Bvi+PkYkqF3hElUC1UKoxF+HFjCslTOWOy+3liJlirNXYy/Kx1mUo3fm4n3t2Wy9IT4PT2i8JjCzHVaokSrJXHSDOccQsyIjLPoMI8ETIdrH/daxjTd5FkK4WGpTiFNQofHLo+IERezXzAYbvGw+3aYTINFAEy6Gn6PGr6pg5OkC8xkTgqB9xhuEXYzI+IUuuiYdWVR/1Zxf9FwrLq9LQni3bPnoXp0o+X699Tg9qAt2hfGxCKp31hxLSRtCLPZUzKiI0WzYzVoptc6IuiCjJ+SGs/yHfi92FISYF7k3ooORI9hb6A6xCAbILkwhQtt80kwUnSsBnUtQhdYC5jtduW/upxBovdXNfQFrPQFDUK7/jfhwzZu0ezz2+Vf4pBfYh5vKbyy8HgLzZVqYOP1z8tMrbuNElsephG0nL4IY+hFf5uN67Woio3F8Q2aR9fGLX7D/D5+j7UxSDd+ijacefGLzrllhs8CHKLMCYIKYC7GyJsyZlkEoDBGLQAe9222pbRksMfwzvNp5k+xtFutBrfv/AbS9UsNang5PQjdgGcrjGW1pQ1rxgKj0LPDUwgivDwrkqeHsHnDFMRyzOZehKZsBZbirlpBJ56pd6wt92ink6N14E2VFAIiBWddO8XK8j4SxAiHQ7oIdTv++xJCVaXobDwjjVCYdmjUCCRLelW8Ezz1+xICBMF2K1/V866x2x3NV0HteHCHq4HNVatCrkhN+hr6XINn8LsDfh/yqKM9j1Xubr1COXbAe9YYSRCs3kvEqTmkDW2O5ly84H3L1yJlnYpw9RTS25oAjNfg3qfA9FT0fR0WQa847uPQOkccL3Vkl/YQOawEM7B5g/cVzzRM4Ere0uf4EIxf8P4YeYDO0D6GTT6NwXOx4z01+DEIh7EvoyLEmzTPwJJ3JK7zxs67UXd4xzFcNoE7jWIL762arRwfhHyeG7xZgPxCN8gG7xfBSMU2eEex1b/RSH5cxLN8Jux4nBrc6q8Xan1qcKs/fwrIu1V5q/9/ffSdRBSo3FZ/wzSWQNU17UKa+isV/DunoFQL/zCfsK84zzvsr1E+vokK/A0UPv/hfc+ydM0pNn+hxjtBKv31SwxrgZtEJqgQpi/3coI2IQR6A4WokVBDX9COhe3+AwOpqQDzNej773iWFMA6+J1sEImqgILg9fhpamAzl3RYbO+8o3wrtGWKsPugKj8FfW1F33KL/3aM4TRV5pdwvkOkD9PQnnke8nfbx6G8R2gDihj6O+h3EVl6RT2gDg40jkRrEvKBakufO1A/WKZCbCqP8lvpHixNb0Eef5ka+t1iNRiaFMGzOHLcpSL8TDjqt9K9yM6OQ9i6VZTswtAW9JVE30ujEoAuOVWK9Cu1eWrwXwfwd4zHqMF/HVCPjHA3wmsR2IyMcpOq8L8OYPpMgAEA3PlX6qvO67AAAAAASUVORK5CYII=
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEEAAABBCAYAAACO98lFAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA4RpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQ1IDc5LjE2MzQ5OSwgMjAxOC8wOC8xMy0xNjo0MDoyMiAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo3OGVlNTliYS1kMzJkLWYxNDMtOTFmMi1lOTM2NmNiZTMyMDYiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QzU0QzMxRUI3OEIxMTFFREIxMjk4QzAxNzczNjc5MTUiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QzU0QzMxRUE3OEIxMTFFREIxMjk4QzAxNzczNjc5MTUiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTkgKFdpbmRvd3MpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6YWUxMTVlZjEtNDg5Zi0wYzRiLTlmODgtNzg1ZmVjNDA2OWQxIiBzdFJlZjpkb2N1bWVudElEPSJhZG9iZTpkb2NpZDpwaG90b3Nob3A6NDNkZjZiZTEtNDAxNi04YjQyLWIyZGMtYzFjOTMxZWYzYzhiIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+aVtJOwAAC1pJREFUeNrkXA+QlVUVv7tAM9iK+3bCyBrTXcwo02DXNqQGrd0ZyxI1F5FAzfIRWAFavM2oSdRcxDLNanjTqEhg8SyIonJ8ldVERjxLZ/APwTOV1MTxLe4WE6Cvc2Z/t/1xuN/b9/Z9b8HpzPxmv/d93/ved3733HPOPfferSsWi+7/XUZX+4Dn6+rKue3NgqmCSYK3C94mmCA4RnA07ukT7NFHCrYLHhc8Jvij4B+1ImCCGEFdtZZQgoRWwWzBh6F4NaKE/FywVpA70knQVp0n+ITgHTVqvEcFdwpWwnqOGBIaBQsFnxM0BW47IPgTTPsJ4CmY/x7ccwygXWei4BTBNEF7RLd9SXCb4FZB72EjQQhQBi4VrBC8wVxW5X4k+LHgt4L+Yf5Mg2C64ALBx0AUy4uCLwhWCYojSoIQoK11F1qLRVv5ZsE9gn/F3BWOgp+5Ck6W5Q9okJ0jQoIQ0CV/vicYR6efEVwD5/VqjaNaveBiwdcEx9P5lwWfEmQqIaG+UvMXaCuvIwL2C26CI/z+CBDg8BtrBO/Eb+/H+XF4N33HunIfVrYliPKvg1eeTaefFMwSbCnjEccKzhK8FyHzRMF4wetxXbvObjxTQ+KDgt8IXijj2acLfohnelmLKLUvlu4AAn4iOJtO/1RwyRCeWZ3lXBDXWknrQIrIC1Sh1XCCUaIR6m7BR+ncLwUzShFRFgmIAPoCH6fTacECecArEcnScYKrkTP4lt4r2IxIsQ0O9AWK9UfDWk6GmWtEOEMwFtf/LbhDcKPg2YjXHSX4jiBJ59agIYrVkNAjf1J0aoV8cUlEsjRGsEjwFYQ2lV+hG62HIpVGg/Nh1h/EOQ211wluIV9gRUP25+nzTUaH8kkQBS80nva78qUFERnjSeiXk/H5Z4KvxpjmtuJ5H8Hnh9HNHo24Xy1iPn2eGYoaJUkQ5Zrlz0OUnKhS52kXCJAwA/1RvfPfBZ8RbKpRZDhHcLvgBFiFmvqGiK6xgUjT5G2KIF9WiIQfWEUEqGJzLQGQJDLDcTD5yTUkwOHZk5GJape7FxHKyisg6ElKy1eFnHNUnqCZ1/soD5gpBPQGyJqPgYyyvgypbW+MCqs1dgXO9yKF1t87U/CDiO/rfReR71CdLhsyTxDFGjGeH++dihCQChBwLlpjFJzhrTEq30VQabFmXKEsF3hnvhv1jN5S3WEhEfAMPLElYBJCjxJwQ0wEaKv3YHS4jgjI41o1ojo8jePx0DFsCaJcA4a4fjh8iTC12hCgYfDPgtPwshdVqGgKEUNzjQSUTcL7O5OLZCsZBwwhc+G8/TBcHWufWoIdp3+aCMhjJGhlEQhQsq6oILwlTRLTASToXA5KKwEFc61auQchthk6zsMYY7A7ICKwUsuFpQPGCo5DIqRypVx/ucwX6DEE+H6fgLKqdBuQwb078b245AB8g5d5PlKwT2iHw/CDmZAVXIOwtFEI2FSBkwtJFi/iW0Wt5X5SvjkGXxCyBl/jmIji70HdYSYdrxcl+4wV6GDocnxcVkbfT4IAViSPVs/guBUhtotMv0BdwjvFfEwk9CGXmUM6b2ZL+BAdh+LuHAxm7heCQqlwAor71kwRARn8YAuUU1+wFUjiu2wZaeoSqZitgXU7+3/RQVpZi5u7KDlqEkX7jSVsRcvNkWtr6Hwrtbp1ZN3k5DooEoQso0DO03aDJlyPQxoQHcbg8/HeEqbSTVsCBByLvHsv5+lyPmlaM8o6dsJCkgHLyFN+0BPhB7pitIR+UwSa6kl4N53cHPjiB+BJNwtBXDzNGCfXbb6XIsXyuN6Ev60ghxMjtYpOPMuOT+IU1vFU7xh5hujhwJfa8fcBMwIriDWwqSageJST64LSHSY3SBOhyUDLFyicxiGs4yRPwgmmbmjFk7QtcK1gjjNo+QwdJwMRwCuew7WeEv4iT11ueQwkcLR5qyfhTXQyNPmpMfU5N1DbH0rmmUjRarpPFso1k2U0R6TLnGlyYlWtRTzPddDRVN8LtayX+WL62TJ/IAEnZ6MEt+g6Y/K+1dPkCLcGxhN+rJEu813OQFnA+hjOdBt8iCxSP6+oIhxRaLVKdpN1hPxFjkJoNxym7Top8iFtZbxaPQorLlBI0er5f3C8b7SrjWQNCT3mmvcXiUCXyNH4wXevLHWf1gqzyH3lsOWo7K0tOy4GEmy/zcOhtSAEFpAu7wzkBtbce3BfocKQ2Wh1I+Hu31cfuLExJmtIm6Qoh5ZfGSiadFOO0QGFczQOSRjLKoeECSV8HDd0vyfhOTr5lphI8Io1U1KUgmnzPW0UOQqkZCbgFK2DLCV+RPy3EgSpvFhP1WQvJ8ZAQDIwLPamnjX9uQfoIsW7DAmZiFRaf6cI2EhyCv4+ETHK9fKUJ+FxTiNjICFFWSGbticoPcRxM5TKUcunI4oyXKlimU6O1sppdPyYJ+ERE1vj8Adcp+g0JGRMf8+b6OCVLNB93XCu6Yiow6LTd9NgIb+OyB+8PFIfGFC0o+BajbD5+ijgjOKZQDSwXYJJKBARboj0/XzUPnQGzU7e6gTxe+jzg/VIkHZRlxhDplRNbp41/S9rrCFLx3mjuK85JiKenTYDsJnm3KX4uzbw/elUS9guuj/NlaVf0PGsGLpExkSBTqNsxow+PWErQczKCAJ9AtVmirNc2e5E7ePuwHvNsjozCfeyOcXQJThhSpmskMcAVsEcKdNcItbnIpyer4bf5Q5d1KFJ0gW2oZgEXWO4g/rN7BitITSn2EUWkjDjghajeLnT+7p69lxUj24IXL/YDS4a2eF9YT0NnIowQS9LxBpGx+Ab2DKaqOU7qKyeMqTlQU4dUE4NQVv5dhxfFygJqC5LjMMuWkvwF3wLtIC5aiRnCCkExgBcicoMo/WZZE30/uoGVrGEfEELda+VdgDlrUHHEDy5en3IN8i5esEnBTkXmLAtIXaI3ewGy+ydbvjzC8ugpL4/T8VzhZm7x208XgrNSisJu305WvDlQxLvYvFV3KOZ11JnZnmHqDoVqKWXU8tkh0nAQryj1g50bmR74J6lbnDR526Q4CJJwGIMnvBYLC1+euC+jfLns/j4TcG1ZbxwAUT4EFfteqZr8dsO77IxcI/+zlUmpT+o8hVcs4TJ2d+5wdUqWnydErFaRfu1LpIahTCrk7q9FAr9ZEraxbeIqxHP64IFLIgouTUia/SDQq2Rvt/Rcr44F26d5wbWA/mFW1e6gU0atRANg992gwu3dEHp+sB9o3DeL+7c4wbnOtiio9c2y8W8O3iqXleBfSvi9g0wu7/g5Tbh3KkxKv8uPHMTfkPnDtojCHB4V17deoWLWAFfcoG3EKEhawVXnbG4MyRavNB1y19CyjoD4eo+5PZjh6H4WHz3Pig9A89eikFQ1BpGdbi8hvFmV2LFS62W9eoE79XwB7ysV/vkA3h5v6y3n8LYG1ER0hXzZ2LIexSu62rYOzF83hXxurVZ1gsiql3grQROccNb4P0QFDl8C7wNEaGl/mquW8t4hLbyWejHk9zgUn+fjPW7waX+uhVQ90zpUv9/lvHsNiRitVvqb7rGCpi6l31IU693w9/nNFxpgH9Y7AYmVLx83Q3sixpSubi3/+g6wS+6gZUgI7H9R9PkG10M239qsRFMTfkb6Md7Y1Z+LPzLYnfovsuR3QhmusdlbmA/QWhLoGaQuvj79666LYGa5ela5gtdeEvgEjTIyG4JNBmjeuZFyN9Dm0N1VLcFRQy/D/pZRBbe+dIIB9qMRGsa8oExgWe+hPrBLe5wbg4lEriwoYOjy92h+xbjEu1ud7gjcJtwSFqRI+gmjYlVvusOpMur3Wtgw3iU+H8doBu8TnaD/zoggYxwP3yGrzxtR0a5zY3Avw74rwADAFhj5lRHrjHJAAAAAElFTkSuQmCC

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester, OTP Stealer, Card Stealer, and Banking kits with real-time interception capabilities.

High Obfuscation

784 obfuscation techniques detected, indicating deliberate evasion of static analysis.

Brand Impersonation

Impersonates bet365, a high-value target for credential and financial theft.

WebSocket Communication

Detected 1 WebSocket URL, suggesting real-time data exfiltration or command-and-control.

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

bet365 users (International)

Attack Method

Brand impersonation + real-time WebSocket exfiltration + obfuscated JavaScript

Exfiltration Channel

WebSocket (1 endpoints)

Risk Assessment

CRITICAL - Automated credential harvesting with WebSocket (1 endpoints)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
784 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

bet365

Official Website

https://www.bet365.com

Fake Service

Official bet365 website access

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Credential Harvesting with OTP Interception

The phishing kit captures bet365 login credentials in real-time via a fake login form. It then intercepts one-time passwords (OTPs) sent to the victim's device, bypassing two-factor authentication by forwarding the OTP to the attacker's server via WebSocket.

Secondary Method: Payment Card and Personal Information Theft

After credential capture, the kit prompts victims to enter payment card details and personal information under the guise of account verification or security updates. Data is exfiltrated via WebSocket to the attacker's infrastructure.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

s101h.xyz

Registered

2026-01-16 08:44:37+00:00

Registrar

Gname.com Pte. Ltd.

Status

Recently registered (10 days old)

🦠 Malicious Files

Main File

File Size

Contains credential harvesting and OTP interception logic with high obfuscation.

📊 Attack Flow Diagram

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL COMPROMISE                                     │
│    - Victim lured to fake bet365 site                    │
│    - Fake login page displayed                           │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. CREDENTIAL COLLECTION                                 │
│    - Victim enters Banking credentials                   │
│    - Form captures input data                            │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. OTP INTERCEPTION                                      │
│    - Attacker triggers real OTP request                  │
│    - Victim enters OTP on fake page                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION                                     │
│    - Stolen credentials and OTP sent                     │
│    - Single WebSocket connection used                    │
└──────────────────────────────────────────────────────────┘
```

🔬 JavaScript Deep Analysis

Operator Language

English (1%)

Total Code Size

2.3 MB

🔗 API Endpoints Detected

Other

57

Telegram API

2

WebSocket (Real-time)

1

🔐 Obfuscation Detected

: None
: Light
: Light
: Moderate
: Heavy
: Heavy
: Heavy
: Heavy
: Heavy
: Heavy
: Moderate
: Heavy
: Light

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL COMPROMISE                                     │
│    - Victim lured to fake bet365 site                    │
│    - Fake login page displayed                           │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. CREDENTIAL COLLECTION                                 │
│    - Victim enters Banking credentials                   │
│    - Form captures input data                            │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. OTP INTERCEPTION                                      │
│    - Attacker triggers real OTP request                  │
│    - Victim enters OTP on fake page                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION                                     │
│    - Stolen credentials and OTP sent                     │
│    - Single WebSocket connection used                    │
└──────────────────────────────────────────────────────────┘
```