vavada-srb.com

https://vavada-srb.com

172.67.218.212 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

640 days

HTTP

200 · 35.3s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "⭐ VAVADA KAZINO ⭐: BONUS OD 100 SPINOVA & 100% NA DEPOSIT"

Save

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

vavada-srb.com

Unknown

gambling · 6/3/2026

Summary

The page presents branding for VAVADA KAZINO, including a Serbian-language casino theme and multiple vavada assets. However, the domain vavada-srb.com is not the official Vavada brand domain, and the page appears to be a cloned/localized casino site with heavy SPA characteristics and dynamic credential collection via JS. There is no static login form in the HTML, but the SPA likely renders credential fields via JavaScript, and a POST target exists to /cdn-cgi/rum? which may be used for data exfiltration. The combination of impersonation cues (brand visuals) on a non-official domain and suspicious exfil endpoints suggests potential credential harvesting impersonation rather than confirmed legitimate first-party content.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://vavada-srb.com/cdn-cgi/rum?.

▸Distinctive asset clues: email-decode.min.js, autoptimize_594745bced6291c3617c36828530c827.js, autoptimize_4302ab49e417c7ac69e127638ba7bdf3.css, all.min.css, vavada-logo.svg, 01-vavada-online-casino-srbija-100bs-za-pocetnike.webp.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 47

Hosts: 2

Domains: 2

Observed Signals (3)

Brand impersonation on a non-official domain (VAVADA branding on vavada-srb.com).Single-Page Application (SPA) rendering credentials via dynamic JavaScript despite 0 static login forms.POST request observed to /cdn-cgi/rum? indicating potential data exfiltration or anti-bot interaction.

Observed Indicators (2)

▸Assets include vavada-logo.svg and Serbian localized imagery suggesting impersonation.

▸POST request to /cdn-cgi/rum? (204) observed, potential data exfiltration or analytics interaction.

Risk AssessmentUsed in abuse reports

The evidence indicates impersonation: the page displays VAVADA branding on a domain that is not the official Vavada site. The static HTML lacks a login form, but SPA assets suggest credential capture could occur via JavaScript. The POST to a Cloudflare/rum endpoint and the presence of credential-collection style assets imply potential credential harvesting. Because this is hosting cloned branding on a non-official domain with suspicious network activity, this should be treated as a high-risk impersonation/phishing candidate and monitored or reported to hosting/registrar entities for takedown if corroborated by additional signals.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence