Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://www-57365.cc/index_m.html
Detected Brand
bet365
Country
International
Confidence
95%
HTTP Status
200
Report ID
c7306f2c-075…
Analyzed
2026-01-30 11:54
Final URL (after redirects)
https://www-57365.cc/index_m.html
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D94100F1D286E43A26B2C6C5FB75BB36A1C6049CED421342C5F062BD16C9D74E40361E |
|
CONTENT
ssdeep
|
24:kq/JsAX/LDiNP1la5pJDkSg1t2HYS86MQiqkTA5uAOhxCBbMQCGbMBCBbt:VpPLD4P1loOv1tlQeTA5mm3Xt |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
85ff911b3a906ee0 |
|
VISUAL
aHash
|
0cfff3000000ff00 |
|
VISUAL
dHash
|
384a8aaa23f69c8c |
|
VISUAL
wHash
|
ffffff000000ff00 |
|
VISUAL
colorHash
|
00000000c00 |
|
VISUAL
cropResistant
|
333332b299b9afaf,e369cce4e2d2eae0,7636686c8d893557,cbce8ace4e0a9a67,61eec4b0f0cfcbea,d8d69cd8d6925acc,d8d0b6b4aba69899,2d292929296b2a39,d3c5b5c9c5cdc306,acabaeabaaabab32,d293939393939336,384a8aaa23f69c8c |
Code Analysis
Risk Score
50/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🔬 Threat Analysis Report
• Threat: Phishing
• Target: bet365 users
• Method: Domain impersonation
• Exfil: Unknown
• Indicators: Suspicious domain, Chinese language, expiry warning
• Risk: High
📊 Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain www-57365.cc is unrelated to the official bet365 website.
Suspicious Content
Chinese warning message indicates potentially malicious activity.
🔬 Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
bet365 users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester
🏢 Brand Impersonation Analysis
Impersonated Brand
bet365
Official Website
https://www.bet365.com/
Fake Service
bet365
Fraudulent Claims
⚔️ Attack Methodology
Primary Method: Brand impersonation
The website utilizes the bet365 logo and branding to deceive users into believing it is the legitimate site, but uses a different domain and warning messages to trick users into action.
Secondary Method: Domain expiry tactic
The site displays messages claiming the domain is expiring to create urgency.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
www-57365.cc
Registered
2019-04-04
Registrar
Unknown
Status
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://cdn.gosafemode.com/screenshots/2629714e019b.png
Apr 07, 2026
Unknown
https://cdn.gosafemode.com/screenshots/e6e5ca405ba7.png
Apr 06, 2026
bet365
http://zxd365756.com/index_m.html
Feb 23, 2026
Unknown
https://www57365.cc/index_m.html
Jan 20, 2026
bet365
https://365756yh.com/index_m.html
Jan 19, 2026
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.