0/100

medium Risk

tr.betboogir1.live

https://tr.betboogir1.live/

172.67.177.78 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

4 days ⚠

HTTP

200 · 26.6s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Betboo Giriş ve Aktif Link 2026"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Betboo

Vendors

28/31

Status

partial

✓ apple✓ isitphish✓ apwg✓ phishtank✓ chainpatrol✓ bitdefender✗ drweb✗ avast✓ avg✓ brightcloud✓ microsoft✓ polyswarm✓ sophos✓ eset✓ virustotal✗ norton✓ yandex✓ spamhaus✓ openphish✓ urlscan✓ urlquery✓ cisa✓ phishreport✓ emsisoft✓ urlabuse✓ netcraft✓ mcafee✓ threatyeti✓ google✓ fortiguard✓ kaspersky

Registered-domain escalation

Submit betboogir1.live as the primary IOC, enriched with evidence from hostile subdomains like tr.betboogir1.live.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Betboo

Unknown

gaming | technology · 6/3/2026

Summary

The page presents Betboo branding and appears to mimic Betboo's site layout, but the domain tr.betboogir1.live is a newly registered, non-official domain and not a known Betboo public domain. Visuals show Betboo branding and Turkish language content, with SPA-like behavior indicated by lack of static login form and dynamic credential capture potential evidenced by external script and POST to /cdn-cgi/rum?. The combination of a very new domain, Cloudflare-hosted infrastructure, and evidence of dynamic credential collection via JavaScript suggests impersonation/credential harvesting potential rather than a confirmed first-party platform abuse.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://tr.betboogir1.live/cdn-cgi/rum?.

▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, all.min.css, css2, logo.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 13

Hosts: 5

Domains: 5

Observed Signals (3)

Brand impersonation signals (Betboo branding on a non-official domain).SPA-like behavior with credentials potentially collected via dynamically rendered forms (static HTML shows 0 forms, 17 scripts).External analytics/script loading (cloudflare beacon) and suspicious POST to /cdn-cgi/rum? suggesting data exfiltration attempt.

Observed Indicators (0)

No suspicious indicators identified

Risk AssessmentUsed in abuse reports

The domain is very new and not an official Betboo domain, yet the page uses Betboo branding and targeted Turkish content. The presence of SPA-rendered UI, dynamic credential capture signals (despite no static login form), and a suspicious POST endpoint to a CDN subpath indicate potential credential harvesting or data exfiltration behavior. Coupled with a high-risk registrar and new SSL issuance, this strongly suggests impersonation/credential-phishing activity rather than a legitimate first-party page. Recommend monitoring and further investigation; consider blocking or taking down if more evidence confirms credential theft or brand impersonation.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence