https://wintersportdirect.nl/tsjechie/
185.108.112.123 · Signet B.V
Eindhoven, The Netherlands
6854 days
200 · 32.8s
Valid· E8, Let's Encrypt, US
COMPLETED
Domain Intelligence: wintersportdirect.nl
Scanned 2 times since Jun 18, 2026, 02:44 PM UTC
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
WintersportDirect.nl
Vendors
30/31
Status
partial
No KB/IOK detections were recorded for this scan.
ecommerce | technology | travel · 7/19/2026
The page presented as Wintersport Tsjechië bookings on wintersportdirect.nl shows branding related to wintersportdirect.nl, but the analyst notes claim a fake image of the original Superbahis site used for phishing. Evidence within the page indicates legitimate WordPress-based structure, multiple third-party scripts, and form POSTs to admin-ajax and tracking endpoints. There is no definitive credential-harvesting form observed in static HTML, and the domain appears to be a legitimate travel/ Ski domain with content in Dutch; however, the analyst-provided context suggests potential impersonation using a known brand image, requiring caution. Based on the scanner data alone, this analysis cannot conclusively confirm phishing; further corroboration of impersonation signals is needed. Analyst context noted: Website is using fake image of the original superbahis.com website and Superbahis brand to phishing and scamming users.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 3
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 105
Hosts: 9
Domains: 8
Suspicious Endpoints
hxxps://wintersportdirect[.]nl/
hxxps://wintersportdirect[.]nl/tsjechie/select-country[]=157
hxxps://wintersportdirect[.]nl/tsjechie/#gf_1
The scan shows signs that could be associated with a phishing/impersonation attempt (branding discussion in analyst notes, potential use of fake imagery). However, the live HTML indicates WintersportDirect.nl is serving a Dutch travel content page with legitimate WordPress assets, several third-party widgets, and usual analytics. The evidence is inconclusive for definitive credential theft or impersonation solely from the technical signals; due diligence and domain-brand alignment confirmation are required. Recommend monitoring and further verification of branding usage and any impersonation indicators beyond this snapshot. Analyst context was provided and corroborated during this assessment (Website is using fake image of the original superbahis.com website and Superbahis brand to phishing and scamming users.). Because analyst context identifies an active phishing or fraud kit, domain suspension is recommended rather than passive monitoring.
Monitor