Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://0140.ee/
Detected Brand
bet365
Country
International
Confidence
100%
HTTP Status
200
Report ID
ab58433d-10aโฆ
Analyzed
2026-02-10 00:33
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18B417BB28045DB639283A1E0DB76271BB3C1C645CE5B0B0166F893EE5FDBD94CD1B012 |
|
CONTENT
ssdeep
|
24:2OSNEKUcDPiQ+NB8EYCQp26BS9Fp26BS0d/p26BNLu5h9y6Tt/11Zixm:dSVhDKNrFQLBuFLBTRLBdu/86T/1Um |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e3ce1893639964ce |
|
VISUAL
aHash
|
e7e7e7e7e3c3c7c3 |
|
VISUAL
dHash
|
0e0e0c0e0e9e9e96 |
|
VISUAL
wHash
|
c3c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
07018000200 |
|
VISUAL
cropResistant
|
0e0e0c0e0e9e9e96,2d242034bececfcf |
Code Analysis
Risk Score
74/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฌ Threat Analysis Report
โข Threat: Phishing
โข Target: bet365 customers
โข Method: Domain spoofing and potentially malicious javascript
โข Exfil: Potentially collects credentials or other sensitive information.
โข Indicators: Domain mismatch, obfuscated javascript, promotional offers
โข Risk: HIGH
๐ Obfuscation Detected
- eval
- fromCharCode
- base64_strings
๐ฏ Kit Endpoints
- https://0140.ee/js/tj.js
- http://www.idangero.us/swiper/
- https://0140.ee/js/index.js
- https://0140.ee/js/swiper-4.2.0.min.js
- https://0140.ee/js/rem.js
- https://fpjs.dev/pro
๐ Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain 0140.ee does not belong to bet365.
Obfuscated Javascript
Javascript obfuscation techniques (eval, fromCharCode, base64_strings) detected, indicating potential malicious intent.
Brand Impersonation
The site's visual design attempts to mimic bet365.
๐ฌ Comprehensive Threat Analysis
Threat Type
Two-Factor Authentication Stealer
Target
bet365 users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer
- 54 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
bet365
Fake Service
bet365
Fraudulent Claims
โ๏ธ Attack Methodology
Primary Method: Brand Impersonation
The attacker attempts to impersonate bet365 to trick users into providing their credentials or downloading malware. The site uses a similar visual design to the legitimate bet365 website, while using a different, suspicious domain. The presence of Javascript obfuscation strongly suggests that the site may be more malicious.
Secondary Method: Malware distribution
Users are enticed to download a mobile app by scanning a QR code or clicking a download button
๐ Infrastructure Indicators of Compromise
๐ฆ Malicious Files
Main File
rem.js
File Size
๐ฌ JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
183.2ย KB
๐ API Endpoints Detected
Other
2
๐ Obfuscation Detected
- : None
- : Moderate
- : Moderate
- : None
๐ค AI-Extracted Threat Intelligence
๐ฏ Malicious Files Identified
Main Drainer
rem.jsFile Size
183KB
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.