SafeMode - Analysis: e.3656007.com:8989

Visual Capture

Detection Info

https://e.3656007.com:8989/register.html?c=ME9X5

Detected Brand

Unknown

Country

China

Confidence

100%

HTTP Status

200

Report ID

8c69ef08-4e5…

Analyzed

2026-01-02 07:46

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1CD63E9207848EA3703E364C68E69A75D7396E741CF110F94A9F45A7DABD3FA0D8431E8
CONTENT ssdeep	1536:tC7f+aOTUGDf2bEzvnZvF+ee+uOuyd6yvVFODFeQ9Aatd:tC7f+fzvnlF+ee+uOuyd6yvi9Aaj

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	80a06cef6945575f
VISUAL aHash	007f7fffffff3c00
VISUAL dHash	0696f8d0d04c6031
VISUAL wHash	00437e7fffff0000
VISUAL colorHash	06000000c00
VISUAL cropResistant	9696f8d0d8544c68,c344c4444d4c7170,008830303028c000,0810306a1b617170

Code Analysis

Risk Score 95/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing attack.
• Target: Bet365 users in China.
• Method: Fake registration form to steal account credentials.
• Exfil: Likely exfiltrating to a remote server controlled by the attacker.
• Indicators: Domain does not match official Bet365 website, registration form for credentials, Chinese language.
• Risk: HIGH - Immediate credential theft.

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
document.write
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://docs.google.com/drawings/d/1qSsDx0EecJ0Wpgj_rll_hENHiDwJo-fIC9ly9UjKr_M/edit&followup=https://docs.google.com/drawings/d/1qSsDx0EecJ0Wpgj_rll_hENHiDwJo-fIC9ly9UjKr_M/edit&ltmpl=drawings&ec=GAZAGQ