https://temporary-maintenance176.online/superbahis.html
172.67.197.107 · Cloudflare, Inc.
Toronto, Canada
35 days
200 · 30.2s
Valid· E7, Let's Encrypt, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Temporary Maintenance Page impersonating Süperbahis/Elitbahis
Vendors
30/31
Status
partial
No KB/IOK detections were recorded for this scan.
ecommerce | technology | finance · 7/19/2026
The page at temporary-maintenance176.online presents a Süperbahis/Elitbahis themed interface and includes branding elements and imagery associated with Elitbahis. The static HTML shows a refresh/meta redirect to link24.site, and the page uses SPA-like behavior with dynamic credential capture risks indicated by the analyst-supplied context (no static login form). External script and resources hint at credential collection logic loaded via JavaScript. The domain is newly registered (35 days) with a Let's Encrypt certificate and Cloudflare hosting, and the screenshot reveals impersonation of the Elitbahis branding, suggesting a phishing attempt aimed at elicit user interaction and potential credential submission on a third-party domain. Analyst context noted: imitating our brand and hpshigin scamming our users.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 13
Hosts: 5
Domains: 5
The page presents strong impersonation indicators: Turkish-lang branding for Süperbahis/Elitbahis, a meta refresh redirect to a separate domain, and SPA-style credential capture risk. Although the scanned HTML shows no static login form, the combination of branding, suspicious redirection, and dynamic content loading is consistent with an attempt to harvest user credentials or funnel victims to a malicious intermediate site. The domain is newly registered (35 days) with a valid SSL certificate, which is common in phishing setups to appear legitimate. Recommend active action and monitoring for abuse reporting, given the explicit impersonation signals and potential credential harvesting workflow. Analyst context was provided and corroborated during this assessment (imitating our brand and hpshigin scamming our users.).
Suspend Domain