0/100

low Risk

tr.superbahisofficial.co

https://tr.superbahisofficial.co/

104.21.11.117 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

—

HTTP

200 · 19.6s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Süperbahis Giriş - Süperbahis Güncel Adres Burada - Süperbahis Platforma Hemen Bağlan"

Save

Domain Intelligence: superbahisofficial.co

Scanned 2 times since May 18, 2026, 08:24 AM UTC

ℹ Low (20)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Süperbahis

Vendors

30/31

Status

partial

✓ brightcloud✓ chainpatrol✓ microsoft✓ sophos✗ norton✓ yandex✓ bitdefender✓ avg✓ apple✓ openphish✓ spamhaus✓ apwg✓ urlquery✓ cisa✓ urlscan✓ netcraft✓ isitphish✓ emsisoft✓ phishreport✓ phishtank✓ drweb✓ eset✓ polyswarm✓ virustotal✓ avast✓ urlabuse✓ mcafee✓ google✓ threatyeti✓ kaspersky✓ fortiguard

Registered-domain escalation

Submit superbahisofficial.co as the primary IOC, enriched with evidence from hostile subdomains like tr.superbahisofficial.co.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Süperbahis

Unknown

gambling · 6/3/2026

Summary

The page presents Süperbahis branding and uses a Turkish language interface, suggesting a potential first-party or impersonation. Visuals and assets strongly resemble a betting site, and the page appears to be a SPA that renders credential capture UI via JavaScript. However, the domain tr.superbahisofficial.co does not obviously correspond to the official Süperbahis domain, and the page appears to be a rapid-address-change style landing which is commonly used for phishing and brand impersonation. Given the combination of branding, dynamic form rendering signals, and suspect domain, the evidence supports potential credential collection via a cloned interface, but the data is not definitive proof of phishing without observed form submission to an exfil endpoint from the client side beyond the beacon to Cloudflare’s script and a POST to a rum endpoint.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://tr.superbahisofficial.co/cdn-cgi/rum?.

▸Distinctive asset clues: v833ccba57c9e4d2798f2e76cebdd09a11778172276447, S%C3%BCperbahis-bahis-casino.jpg.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 6

Hosts: 2

Domains: 2

Attack Techniques (4)

SPA-like rendering with credential collection potential (dynamic forms via JavaScript).Use of a CDN/rum endpoint post to tr.superbahisofficial.co, indicative of data exfil or tracking activity.Brand impersonation signals via Süperbahis branding and Turkish language content on a non-official domain.External script beacon from CloudflareInsights suggesting analytics/UX monitoring, not direct phishing tooling by itself but commonly seen on many sites.

Indicators of Compromise (2)

▸POST to https://tr.superbahisofficial.co/cdn-cgi/rum? (204 No Content) – potential exfil or tracking endpoint.

▸SPA indicators: 0 static forms in HTML, 5 scripts loaded, forms rendered via JS (common in credential phishing pages).

Risk AssessmentUsed in abuse reports

The page uses Süperbahis branding on a domain that is not obviously official, with dynamic content likely rendering credential capture UI. An exfiltration-like POST to a rum endpoint and the presence of branding cues strongly suggest a potential impersonation/phishing setup. The recent Let’s Encrypt certificate and Cloudflare-provided hosting/edge services indicate typical hosting for a scam site. Given these signals, this site should be treated as suspicious for credential phishing potential and monitored, with consideration for takedown actions if corroborated by abuse reports or registrars.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence