0/100

medium Risk

tr.betboo-giris.live

https://tr.betboo-giris.live/

172.67.195.170 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

200 · 31.9s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Redirect Chain (2 hops)

302https://tr.betboo-giris.live/

301https://up724.com/CjCiy

Visual Evidence

Zoom

Title: "BETBOO | Elitbahis Güvenli Geçiş & Kampanyalar"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

BETBOO / elitbahis

Vendors

29/31

Status

partial

✓ brightcloud✓ avg✓ drweb✗ norton✗ threatyeti✓ yandex✓ microsoft✓ polyswarm✓ eset✓ chainpatrol✓ urlquery✓ apple✓ bitdefender✓ avast✓ spamhaus✓ emsisoft✓ netcraft✓ phishreport✓ isitphish✓ urlabuse✓ google✓ urlscan✓ openphish✓ cisa✓ apwg✓ sophos✓ phishtank✓ virustotal✓ mcafee✓ kaspersky✓ fortiguard

Registered-domain escalation

Submit venusmedya.net as the primary IOC, enriched with evidence from hostile subdomains like tr.betboo-giris.live.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

BETBOO / elitbahis

Unknown

gambling | technology | finance · 4/29/2026

Summary

The page presents Betboo/Elitbahis branding with a deceptive URL path, a rapid redirect to an off-domain host, and a SPA-like structure that may render credential fields via JavaScript. Static HTML contains zero login fields, but the SPA could capture credentials dynamically. The final URL and assets indicate off-brand hosting and potential credential collection infrastructure. This constitutes strong impersonation signals (brand look-alike) with potential credential capture, though direct form submission is not observable in static HTML.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://venusmedya.net/cdn-cgi/rum?.

▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, all.min.css, css2, 468x60_2.gif, 728x90.gif.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 15

Hosts: 7

Domains: 7

Attack Techniques (2)

Brand impersonation with impersonated Betboo/Elitbahis branding on a domain not associated with the official serviceSPA-like deployment where credential forms may render dynamically via JavaScript

Indicators of Compromise (2)

▸POST target observed: https://venusmedya.net/cdn-cgi/rum? (204) suggesting data exfiltration callback

▸OAuth/credential capture indicators are not explicit in static HTML but inferred from SPA behavior

Risk AssessmentUsed in abuse reports

The domain tr.betboo-giris.live is extremely new and appears to be part of an impersonation attempt of a Betboo/Elitbahis branding. The final redirected destination venusmedya.net serves betboo.html content under a different host, with SPA-style rendering that could capture credentials without visible forms in static HTML. The POST to venusmedya.net/cdn-cgi/rum? and the presence of external advertising banners suggest data exfiltration or user tracking. While there is no explicit static login form observed, the combination of branding, rapid redirects, and dynamic credential-capable UI strongly indicate credential harvesting potential via impersonation. Recommend urgent monitoring and containment actions until brand-accurate attribution is confirmed.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence