EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of stakeus.space

Detection Info

https://stakeus.space/
Detected Brand
Stake.us or Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
6a003867-476โ€ฆ
Analyzed
2026-02-08 18:40

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T166E229B4A2309335B1C24BE8DA642568765FE1DCD7C695B4F388AF11B0D6CE8D9260CF
CONTENT ssdeep
384:4rAneu0TPRhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3AsQKRWCMd:4rAneuWhhPhleMeDGCSPxeeWmH7W

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
c31e3cb163f34b48
VISUAL aHash
801670e060766e00
VISUAL dHash
0c34e6cbc3ccccc1
VISUAL wHash
8016f2e070feff60
VISUAL colorHash
38200448000
VISUAL cropResistant
1230929aa6e2eaea,8e9ab365666a4c74,2d1cdcc7e3f8fdf9,80100c4c4c081000,0c34e6cbc3ccccc1

Code Analysis

Risk Score 100/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Card Stealer ๐ŸŽฃ Banking ๐ŸŽฃ Personal Info
WebSocket C2

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Phishing
โ€ข Target: Stake.us users or general gambling users
โ€ข Method: Impersonation through a registration form.
โ€ข Exfil: Via form submission, targeting email and password.
โ€ข Indicators: Deceptive graphics, new domain, form submission
โ€ข Risk: High

๐Ÿ”’ Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • unicode_escape
  • base64_strings

๐ŸŽฏ Kit Endpoints

  • http://developers.facebook.com/policy/].
  • https://stakeus.space/_next/static/chunks/49080-aa8410705e183b35.js
  • https://stakeus.space/_next/static/chunks/58211-d9d578b8de9e3293.js
  • https://stakeus.space/_next/static/chunks/63712-08d55a4030f898f7.js
  • https://qa.meldcrypto.com/
  • https://stakeus.space/_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js
  • https://stakeus.space/_next/static/chunks/53090-a64743b05c92b22e.js
  • https://connect.facebook.net/en_US/fbevents.js
  • https://stakeus.space/_next/static/chunks/58733-c5eff74fea05461f.js
  • http://localhost:3001
  • https://stakeus.space/_next/static/chunks/58172-2e2ad5efca352ade.js
  • https://gambler-work.com/api
  • https://gambler-work.com/payser
  • https://react.dev/errors/
  • https://guarda.com/buy/
  • https://www.facebook.com/privacy_sandbox/topics/registration/
  • https://www.facebook.com/tr/
  • https://ramp.network/buy
  • https://exchange.mercuryo.io/
  • https://changelly.com/buy-crypto
  • https://openocean.banxa.com/
  • https://www.moonpay.com/buy/btc
  • https://nextjs.org/docs/messages/react-hydration-error
  • https://stakeus.space/_next/static/chunks/53331-ed5951db58e70abe.js
  • https://stakeus.space/_next/static/chunks/main-app-fef4a8898ec7782a.js
  • https://stakeus.space/_next/static/chunks/34230-e87c8d35c9fa1ab6.js
  • https://changenow.io/buy/bitcoin
  • https://global.transak.com/
  • https://stakeus.space/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js
  • https://stakeus.space/_next/static/chunks/31684-5738d0dfaad74be8.js

๐Ÿ“ก API Calls Detected

  • GET
  • POST

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Suspicious Domain
The domain does not match the expected brand domain.
Register Form
Requesting sensitive information like email and password.
Obfuscated Javascript
Potential for malicious code or redirection.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Stake.us or Unknown users (International)
Attack Method
Brand impersonation + real-time WebSocket exfiltration + obfuscated JavaScript
Exfiltration Channel
WebSocket (1 endpoints)
Risk Assessment
CRITICAL - Automated credential harvesting with WebSocket (1 endpoints)

โš ๏ธ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 151 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
Stake.us or Gaming/Gambling Site
Official Website
null
Fake Service
Registration/Login

Fraudulent Claims

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The site uses a registration form to collect user credentials (email and password). The form likely submits data to a server controlled by the attacker.

Secondary Method: Malware Injection (potential)

Obfuscated Javascript on the page suggests the possibility of additional malicious activity like redirecting to a phishing site or injecting malware.

๐ŸŒ Infrastructure Indicators of Compromise

๐Ÿฆ  Malicious Files

Main File
fbevents.js
File Size

๐Ÿ”ฌ JavaScript Deep Analysis

Operator Language
English (1%)
Sophistication Level
Basic
Total Code Size
1017.1ย KB

๐Ÿ”— API Endpoints Detected

Other
25
Backend API
1
WebSocket (Real-time)
1

๐Ÿ” Obfuscation Detected

  • : Moderate
  • : Moderate
  • : Moderate
  • : None
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light
  • : None
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light

๐Ÿค– AI-Extracted Threat Intelligence

๐ŸŽฏ Malicious Files Identified

Main Drainer
fbevents.js
File Size
1018KB

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://wildsatz.com/
Apr 07, 2026
 Screenshot
Unknown
https://belix.cc/
Apr 07, 2026
No screenshot
Unknown
https://betza-game.com/
Feb 16, 2026
No screenshot
Sugar Rush
https://crashoracle.world
Jan 11, 2026
 Screenshot
Unknown
https://chanced.bet
Jan 02, 2026
๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.