0/100

medium Risk

tr.superbahis1gir.live

https://tr.superbahis1gir.live/

104.21.0.108 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

1 day ⚠

HTTP

403 · 29.2s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Redirect Chain (2 hops)

302https://tr.superbahis1gir.live/

301https://up724.com/zIhwh

Visual Evidence

Zoom

Title: "Attention Required! | Cloudflare"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

ATO

Vendors

30/31

Status

partial

✓ avast✓ bitdefender✓ avg✓ chainpatrol✓ microsoft✓ eset✓ polyswarm✓ fortiguard✓ sophos✗ norton✓ yandex✓ brightcloud✓ urlquery✓ apple✓ spamhaus✓ netcraft✓ emsisoft✓ urlscan✓ cisa✓ phishreport✓ apwg✓ openphish✓ isitphish✓ phishtank✓ virustotal✓ drweb✓ urlabuse✓ kaspersky✓ google✓ mcafee✓ threatyeti

Registered-domain escalation

Submit superbahis1gir.live as the primary IOC, enriched with evidence from hostile subdomains like tr.superbahis1gir.live.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Scanner blocked by cloudflare

This scan likely captured a block/challenge page, so the AI analysis may not reflect the real site victims see.

ATO

Unknown

technology | finance | ecommerce | other · 6/3/2026

Summary

The scan shows a Cloudflare block page (Attention Required) preventing access to the domain tr.superbahis1gir.live, with final redirect to ATO. Although the displayed page is a WAF challenge, the domain signals indicate a new, suspicious hosting setup (new domain age 1 day, Cloudflare on front, 403 status). The evidence suggests potential abuse hosting or impersonation signals via redirect chain and unusual domain ownership signals, but there is no direct credential-phishing form observed in the static content. Treat as risk-significant due to WAF evasion and unusual domain behavior; monitor and investigate ownership and related infrastructure further.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://temporary-maintenance127.online/cdn-cgi/rum?.

▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, cf.errors.css, browser-bar.png, cf-no-screenshot-error.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 9

Hosts: 4

Domains: 4

Observed Signals (1)

Redirect chain to an alternate domain

Observed Indicators (1)

▸Cloudflare block page UI (not the phishing content)

Risk AssessmentUsed in abuse reports

The domain demonstrates suspicious infrastructure: a new domain behind Cloudflare with a 403 block page and a redirect chain to a maintenance-like URL. The scan could not retrieve the underlying content due to the WAF block, which is a common tactic used by operators hosting malicious content to evade automated scanners. The presence of a Cloudflare block page, a post to a CNAME-like endpoint, and a redirected final URL suggests potential abuse or stealth hosting rather than benign operation. Recommend continued monitoring and further domain ownership verification; escalate for registrar/hoster review if additional indicators of abuse are observed.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence