0/100

low Risk

casinoclassicontario.ca

https://casinoclassicontario.ca/en-ca/

172.67.193.69 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

82 days

HTTP

200 · 40.2s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Casino Classic – Online Gambling with Built-in Safety Measures"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Casino Classic (casinoclassicontario.ca)

Vendors

25/31

Status

partial

✓ brightcloud✗ avast✗ bitdefender✗ avg✓ isitphish✓ apwg✓ emsisoft✓ yandex✓ sophos✓ polyswarm✗ norton✓ mcafee✓ eset✓ microsoft✓ chainpatrol✗ threatyeti✗ drweb✓ spamhaus✓ netcraft✓ urlquery✓ urlscan✓ apple✓ cisa✓ openphish✓ virustotal✓ kaspersky✓ google✓ fortiguard✓ phishreport✓ phishtank✓ urlabuse

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Casino Classic (casinoclassicontario.ca)

Unknown

gambling | technology | finance · 6/3/2026

Summary

The page presents Casino Classic branding and uses a legitimate-looking layout with a login/register navigation, assets, and Matomo tracking. However, the domain casinoclassicontario.ca is a new, Canadian-angled domain that mimics a gambling site and includes impersonation signals in branding and UI, with a SPA where forms are rendered via JavaScript. There is no static login form in the HTML, but dynamic credential capture could be occurring via JavaScript assets; POST data to analytics beacons and a rum endpoint are observed, which warrants further abuse monitoring. Overall, evidence is ambiguous for credential harvesting from static HTML, but the visual impersonation and SPA behavior raise phishing concerns.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://casinoclassicontario.ca/cdn-cgi/rum?, https://casinoclassicontario.ca/matomo.php?action_name=Casino%20Classic%20%E2%80%93%20Online%20Gambling%20with%20Built-in%20Safety%20Measures&idsite=2536&rec=1&r=194636&h=20&m=52&s=36&url=https%3A%2F%2Fcasinoclassicontario.ca%2Fen-ca%2F&_id=8b0d80e852ba06a6&_idn=1&send_image=0&_refts=0&pv_id=2axRTa&pf_net=140&pf_srv=402&pf_tfr=3&pf_dm1=154&uadata=%7B%22formFactors%22%3A%5B%22Desktop%22%5D%2C%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%2299.0.0.0%22%7D%2C%7B%22brand%22%3A%22HeadlessChrome%22%2C%22version%22%3A%22145.0.7632.6%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22145.0.7632.6%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0%22%7D&cookie=1&res=1280x720.

▸Distinctive asset clues: main.js, v833ccba57c9e4d2798f2e76cebdd09a11778172276447, style.css, cfe29d32.css, b7410-192.webp, 588b6-385.webp.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 39

Hosts: 2

Domains: 2

Observed Signals (3)

Brand impersonation via visual similarity to Casino ClassicSingle-Page Application (SPA) behavior with credential capture potentially executed by JavaScript bundlesUse of analytics/tracking (Matomo) and a post to /cdn-cgi/rum and matomo.php for data exfiltration

Observed Indicators (0)

No suspicious indicators identified

Risk AssessmentUsed in abuse reports

The site displays strong visual impersonation of a known casino brand (Casino Classic) and operates as a SPA, which can be used to harvest credentials if forms are rendered via JavaScript. The presence of analytics endpoints and the deliberate absence of a static login form suggest potential credential collection through runtime UI. The domain age is very young (82 days) and uses a free SSL certificate, both factors contributing to risk. Given the visual branding, SPA behavior, and data exfiltration indicators, this warrants cautious abuse monitoring and potential takedown consideration if credential harvesting is confirmed.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence