0/100

low Risk

zodiaccasino1.ca

https://zodiaccasino1.ca/en-ca/

104.21.66.180 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

966 days

HTTP

200 · 19.6s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "zodiaccasino1.ca"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

zodiaccasino1.ca

Vendors

27/31

Status

partial

✓ sophos✓ eset✗ avg✓ apple✓ yandex✓ chainpatrol✓ virustotal✓ polyswarm✓ microsoft✗ bitdefender✗ norton✓ brightcloud✓ fortiguard✗ threatyeti✓ spamhaus✓ urlquery✓ netcraft✓ urlscan✓ cisa✓ isitphish✓ emsisoft✓ openphish✓ phishreport✓ apwg✓ phishtank✓ drweb✓ urlabuse✓ avast✓ mcafee✓ kaspersky✓ google

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

zodiaccasino1.ca

Unknown

gaming | technology · 6/3/2026

Summary

The page at zodiaccasino1.ca/en-ca/ presents a casino-themed domain that appears to be proxied behind Cloudflare. The screenshot shows a generic “This site can’t be reached” error page, but scan data reveals SPA-like behavior with a dynamic POST to /cdn-cgi/rum? and a beacon script loaded from Cloudflare, plus an IPIP API call. There is no static login form in HTML, yet the SPA pattern suggests credential collection could be rendered client-side. The domain age is older than two years with a recent DV SSL certificate from Let’s Encrypt, but the SSL certificate is very new (valid for a short period). Given the visual evidence in the screenshot and the SPA indicators, there is potential impersonation risk if branding on the page mimics a legitimate casino site, but the captured evidence primarily shows a misconfigured or blocked page rather than definitive credential harvesting. The data does not conclusively prove phishing; therefore, the判断 remains inconclusive for credential theft, with a warning to monitor for impersonation indicators.

Evidence Summary

▸Observed 2 capture stage(s); canonical stage is settled_render.

▸POST targets observed during capture: https://zodiaccasino1.ca/cdn-cgi/rum?.

▸Distinctive asset clues: v833ccba57c9e4d2798f2e76cebdd09a11778172276447.

Capture

Stages: 2

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 4

Hosts: 2

Domains: 2

Observed Signals (1)

Single-Page Application (SPA) rendering of login/credential UIs via JavaScript

Observed Indicators (0)

No suspicious indicators identified

Risk AssessmentUsed in abuse reports

The site is hosted behind Cloudflare and uses a recently issued Let's Encrypt certificate. The visual evidence in the screenshot indicates a potential impersonation of a casino brand, given the domain name and URL structure, but the HTML static content shows no login form. The dynamic SPA behavior and the beacon script imply potential credential collection capabilities, but there is no explicit form or API endpoint observed in static HTML. The overall signals suggest possible phishing risk due to branding concerns and SPA-based credential capture risk; continue with monitoring and further verification of the page rendering and form activity. The presence of a POST to /cdn-cgi/rum? and the external beacon script strengthens suspicion of data collection behavior.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence