0/100

high Risk

tr.superbahis2.live

https://tr.superbahis2.live

104.21.81.3 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

1 day ⚠

HTTP

200 · 31.7s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Redirect Chain (2 hops)

302https://tr.superbahis2.live/

301https://up724.com/zIhwh

Visual Evidence

Zoom

Title: "Süperbahis | Elitbahis Güvenli Geçiş & Kampanyalar"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Elitbahis

Vendors

29/31

Status

partial

✓ sophos✓ chainpatrol✗ norton✗ threatyeti✓ avast✓ polyswarm✓ eset✓ cisa✓ spamhaus✓ apple✓ isitphish✓ urlscan✓ netcraft✓ openphish✓ apwg✓ phishreport✓ emsisoft✓ virustotal✓ yandex✓ avg✓ drweb✓ urlabuse✓ bitdefender✓ phishtank✓ microsoft✓ brightcloud✓ mcafee✓ kaspersky✓ google✓ urlquery✓ fortiguard

Registered-domain escalation

Submit superbahis2.live as the primary IOC, enriched with evidence from hostile subdomains like tr.superbahis2.live.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Elitbahis

Credential Phishing

gambling | technology · 4/29/2026

Summary

The page shows Süperbahis/Elitbahis branding and presents a suspicious redirect chain to an unrelated top-level domain getverified5.top. The static HTML contains no login form, but SPA behavior is indicated with dynamic credential capture risks. The final URL differs from the original scanned URL, and the domain age is extremely young (1 day). Visual impersonation is evident, with Elitbahis/Superbahis-themed UI and banners, suggesting an attempt to harvest credentials on a decoupled domain via a redirected landing page.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://getverified5.top/cdn-cgi/rum?.

▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, all.min.css, css2, 468x60_2.gif, 728x90.gif.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 15

Hosts: 7

Domains: 7

Attack Techniques (4)

Brand impersonation with Süperbahis/Elitbahis visualsSPA-based credential capture risk (no static forms; forms may be rendered client-side)Redirection to a different domain (final URL) after initial accessUse of third-party assets and trackers (Cloudflare beacon, CDN calls) to blend in

Indicators of Compromise (9)

▸Page title: 'Süperbahis | Elitbahis Güvenli Geçiş & Kampanyalar'

▸Visual branding matching Turkish betting brands (Elitbahis, Süperbahis) on a new domain

▸Final URL: https://getverified5.top/superbahis.html (off-domain landing)

▸New domain age: 1 day

▸SSL cert issued 1 day ago by Google Trust Services (WE1) for tr.superbahis2.live

▸POST 204 to /cdn-cgi/rum? indicators: attempts to contact rum endpoints

▸SPA indicators: static HTML contains 0 forms; credential UI may be loaded via JS

▸Redirect notes: meta refresh to url24.link/elitgoo and multiple redirects

▸Resource patterns: external scripts from Cloudflare beacon, font assets, banner GIFs

Risk AssessmentUsed in abuse reports

The page demonstrates clear impersonation signals of known betting brands (Süperbahis/Elitbahis) with a modern SPA structure and a final URL that is not under the legitimate brand's domain. The extremely new domain age and redirect chain to getverified5.top suggest an attempt to capture user credentials or redirect victims to further phishing scaffolds. The scan shows no static login form, but the SPA risk remains high due to potential runtime credential capture in JavaScript bundles. Recommend heightened caution and containment actions; monitor and consider domain suspension if abuse is confirmed.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence