EN ES PT
Back to Stats

Visual Capture

No screenshot available

Detection Info

https://norocas.com
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
967bda03-5dd…
Analyzed
2026-01-21 13:17
Final URL (after redirects)
https://norocas.com/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1D4E229B4A230D335B1C247E8DA6429687A5FE1DCD7C695B4E388AF11B0D6CECD5260CB
CONTENT ssdeep
384:4r/aJcui8m8RhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3AsEARWEMd:4r/aJcuS6hhPhleMeDGCSPxeeWmHLW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
c3393ffc6815384c
VISUAL aHash
00242070f0f47670
VISUAL dHash
4ccccac1c1c4ccc1
VISUAL wHash
806620f0f0f6fff0
VISUAL colorHash
30600018000
VISUAL cropResistant
f8da8cccfb79f1ac,69e8f0b9f8686868,88304c4d4c300882,4ccccac1c1c4ccc1

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info
WebSocket C2

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing kit
• Target: Unknown brand, possibly sports betting users
• Method: Fake registration form stealing email and password
• Exfil: Data sent to WebSocket API (wss://gambler-work.com/api/ws)
• Indicators: Recent domain, obfuscated JavaScript, suspicious WebSocket URL
• Risk: HIGH - Immediate credential theft

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • base64_strings

📡 API Calls Detected

  • GET
  • POST
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.