EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of totalbestpromo.com

Detection Info

https://totalbestpromo.com/landingpages/1xbt?refCode=sk_w238255c300299l23986p2169_d1xbet220&sub_id=d1xbet220
Detected Brand
1xBet
Country
International
Confidence
100%
HTTP Status
200
Report ID
9243a2f7-ef9โ€ฆ
Analyzed
2026-01-31 11:42
Final URL (after redirects)
https://totalbestpromo.com/1xbt/?refCode=sk_w238255c300299l23986p2169_d1xbet220&sub_id=d1xbet220

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1647184709040DD3B5583C5E8F3FAEB5F37DAC1A4CA46050262F983EE5BE9D42EE51618
CONTENT ssdeep
96:nusuXwCZwoZ7ocEATNL6UM6BGIDRdZYR+:qXwCZNk6zDDrZYs

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
94d67a700fc6e06d
VISUAL aHash
246e7e3e3e4e0400
VISUAL dHash
eccce4ece29ccc32
VISUAL wHash
647e7e7e3e4e2400
VISUAL colorHash
190020000c0
VISUAL cropResistant
f0f8f2f09e9c94e8,39e0e0f0e2c0f8f8,6e6c7c53b6fce8e8,f9f9e1e1e0a68ecc,8280a2c2d2a280a2,a280a4e070e080a2,eccce4ece29ccc32

Code Analysis

Risk Score 68/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ Personal Info

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Credential Phishing
โ€ข Target: 1xBet users
โ€ข Method: Impersonation
โ€ข Exfil: /register/landing_signup.php
โ€ข Indicators: Suspicious domain, Login form
โ€ข Risk: HIGH

๐Ÿ” Credential Harvesting Forms

๐Ÿ”’ Obfuscation Detected

  • fromCharCode

๐Ÿ“ก API Calls Detected

  • GET

๐Ÿ“ค Form Action Targets

  • /register/landing_signup.php

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
92/100

Contributing Factors

Domain Impersonation
The domain attempts to impersonate 1xBet's website.
Form for Credentials
The form is collecting login information (email and password), which is characteristic of phishing attacks.
JavaScript Obfuscation
Obfuscated JavaScript code indicates an attempt to hide malicious behavior.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
1xBet users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
HIGH - Automated credential harvesting with HTTP POST to backend

โš ๏ธ Indicators of Compromise

  • Kit types: Credential Harvester, Personal Info
  • 2 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
1xBet
Official Website
https://1xbet.com/
Fake Service
Login

Fraudulent Claims

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The website is designed to trick users into entering their 1xBet login credentials.

Secondary Method: Social Engineering

The site uses 1xBet branding and a login form to make users believe they are on the real website.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
totalbestpromo.com
Registered
2023-05-13
Registrar
Namecheap
Status
ACTIVE

๐Ÿค– AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
1xBet
https://7000partpromo.com/l/687a7dbc10e46e6ab1083af9
Apr 03, 2026
 Screenshot
1xBet
http://7000-landing.com/l/687a7dbc10e46e6ab1083af9
Mar 31, 2026
 Screenshot
1xBet
https://sevenkpartners.com/l/687a7dbc10e46e6ab1083af9
Mar 30, 2026
 Screenshot
1xBet
https://fastthemegaplay.com/1xbt/?refCode=sk_w238255c300299l...
Mar 25, 2026
 Screenshot
1xBet
https://7kpartnerspromo-faststream.com/1xbt/?refCode=sk_w238...
Feb 07, 2026

Scan History for totalbestpromo.com

Found 2 other scans for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.