0/100

low Risk

nrirentals.in

https://nrirentals.in/

82.25.120.121 · Hostinger

Location

Mumbai, India

Domain Age

1311 days

HTTP

200 · 23.1s

SSL

Valid· R12, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Süperbahis Erişim Yenilenen Link ve Portal — 2026"

Save

Domain Intelligence: nrirentals.in

Scanned 2 times since Apr 29, 2026, 08:53 AM UTC

ℹ Low (15)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Süperbahis

Vendors

28/31

Status

partial

✓ sophos✓ yandex✗ norton✓ polyswarm✓ microsoft✓ bitdefender✗ avast✗ avg✓ brightcloud✓ drweb✓ chainpatrol✓ eset✓ apple✓ apwg✓ cisa✓ openphish✓ isitphish✓ spamhaus✓ urlscan✓ urlquery✓ emsisoft✓ phishreport✓ netcraft✓ virustotal✓ phishtank✓ urlabuse✓ mcafee✓ google✓ kaspersky✓ threatyeti✓ fortiguard

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Süperbahis

Unknown

gambling | technology · 4/29/2026

Summary

The page presents Turkish branding for Süperbahis but is hosted at nrirentals.in, an unrelated domain. Visual assets and meta describe a betting portal (Süperbahis) with live casino content, while the domain suggests a rental-related site. The HTML indicates SPA-like behavior with dynamic credential capture potential, and the screenshot shows branding that imitates Süperbahis UI. There is no definitive credential harvesting form in static HTML, but dynamic rendering via scripts could load a login/credential flow, raising impersonation concerns rather than confirmed phishing at this static analysis stage. Analyst flagged likely cloaking/evasion behavior for this target. Analyst context noted: tr.superbahisim-giris.live, alternate link cloaking Analyst note: this target may cloak content or block scanners.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸Distinctive asset clues: 3.4.17, all.min.css, css2, logo.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 14

Hosts: 6

Domains: 6

Attack Techniques (1)

Brand impersonation signals: page title and metaDescription referencing Süperbahis; favicon/logo assets pointing to tr.superbahisim-giris.live URL in Open Graph and icons, suggesting cloning of Süperbahis branding on a different domain.

Indicators of Compromise (0)

No specific IOCs identified in source

Risk AssessmentUsed in abuse reports

The evidence indicates impersonation risk: the page brands Süperbahis but is served from nrirentals.in, an unrelated domain, with assets and metadata pulled from a separate domain (tr.superbahisim-giris.live). The presence of cloaking notes and live-UI assets on a non-brand domain strongly suggests an attempt to deceive visitors into believing they are accessing Süperbahis content. While a static HTML shows no login form, the SPA structure means credential capture could occur via dynamically loaded UI. Recommend monitoring and pursuing takedown if further evidence confirms credential harvesting or deceptive branding. The site is hosted on a low-reputation domain with cloaking intent signals; this constitutes impersonation risk and potential abuse infrastructure. Analyst-reported cloaking/evasion suspicion increases confidence that the operator is actively attempting to evade automated security analysis. Analyst context was provided and corroborated during this assessment (tr.superbahisim-giris.live, alternate link cloaking Analyst note: this target may cloak content or block scanners.).

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence