SafeMode - Analysis: goldenjackpotpro.rest

Visual Capture

Detection Info

https://goldenjackpotpro.rest

Detected Brand

Elon Musk / Casino

Country

International

Confidence

100%

HTTP Status

200

Report ID

7c044e90-b9c…

Analyzed

2026-01-29 21:29

Final URL (after redirects)

https://goldenjackpotpro.rest/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1B8E229B4A230E335B2C247E8DA6429287A5FE1DCD7C695B4E388AF1170D6CE8D5160CF
CONTENT ssdeep	768:4r/aJcuv7QCRenHhhPhleMeDGCSPxeeWmHDW:PNGpxFWSW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c3073cf2781c786b
VISUAL aHash	0066303860e67610
VISUAL dHash	4c4c4ac14bc8acb1
VISUAL wHash	a0263e38e8f67f50
VISUAL colorHash	30000600018
VISUAL cropResistant	f01ede9bf2cce972,4c4c4ac14bc8acb1

Code Analysis

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

WebSocket C2

🔬 Threat Analysis Report

• Threat: Credential Phishing
• Target: Unsuspecting users
• Method: Deceptive website impersonating a casino
• Exfil: wss://gambler-work.com/api/ws
• Indicators: Unrelated domain, Elon Musk's image, password input, recent domain age, JavaScript form submission
• Risk: HIGH

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
base64_strings

📡 API Calls Detected

POST
GET

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Recent Domain Age

Domain is less than 60 days old, a common tactic in phishing.

Impersonation

Uses Elon Musk's image to build fake trust.

Form Submission

Presence of a form requesting sensitive information (email and password).

Obfuscated Javascript

Javascript is obfuscated with atob, eval, and fromCharCode potentially hiding malicious code

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

General public

Attack Method

Brand impersonation + real-time WebSocket exfiltration + obfuscated JavaScript

Exfiltration Channel

WebSocket (1 endpoints)

Risk Assessment

CRITICAL - Automated credential harvesting with WebSocket (1 endpoints)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
151 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Casino (Unspecified)

Fake Service

Casino Signup/Registration

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Credential Phishing

The website mimics a casino signup page. It uses an unrelated domain and the image of Elon Musk to appear legitimate and lure users to enter their credentials. Submitted data is captured to steal user account information.

🌐 Infrastructure Indicators of Compromise

🦠 Malicious Files

Main File

_next/static/chunks/main-app-fef4a8898ec7782a.js

File Size

Functions: submitForm(), sendData()

🔌 External APIs Abused

Facebook

account: null
purpose: tracking user interactions and events

📊 Attack Flow Diagram

User fills <input name='email'> → submitForm() → fetch('https://goldenjackpotpro.rest/api/submit') → exfiltrate data

🔬 JavaScript Deep Analysis

Operator Language

English (1%)

Sophistication Level

Basic

Total Code Size

1000.5 KB

🔗 API Endpoints Detected

Other

55

Backend API

1

WebSocket (Real-time)

1

🔐 Obfuscation Detected

: Moderate
: Moderate
: Moderate
: None
: Light
: Light
: Light
: Light
: Light
: Light
: None
: Light
: Light
: Light
: Light
: Light
: Light
: Light
: Light

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

User fills <input name='email'> → submitForm() → fetch('https://goldenjackpotpro.rest/api/submit') → exfiltrate data

🎯 Malicious Files Identified

Main Drainer

_next/static/chunks/main-app-fef4a8898ec7782a.js

File Size

45KB

Malicious Functions

submitForm()
sendData()

🌐 External APIs Abused

Facebook
Purpose: tracking user interactions and events

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

X (formerly Twitter) / Elon Musk