0/100

high Risk

tr.betboo2.live

https://tr.betboo2.live/

104.21.78.199 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

200 · 31.9s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Redirect Chain (2 hops)

302https://tr.betboo2.live/

301https://up724.com/CjCiy

Visual Evidence

Zoom

Title: "BETBOO | Elitbahis Güvenli Geçiş & Kampanyalar"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

BETBOO

Vendors

28/31

Status

partial

✓ yandex✓ netcraft✓ urlquery✓ urlscan✓ polyswarm✓ chainpatrol✓ sophos✓ microsoft✗ brightcloud✓ fortiguard✗ norton✓ isitphish✓ eset✓ avast✓ apwg✗ avg✓ apple✓ phishreport✓ spamhaus✓ bitdefender✓ phishtank✓ openphish✓ emsisoft✓ urlabuse✓ cisa✓ threatyeti✓ google✓ virustotal✓ drweb✓ mcafee✓ kaspersky

Registered-domain escalation

Submit betboo2.live as the primary IOC, enriched with evidence from hostile subdomains like tr.betboo2.live.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

BETBOO

Credential Phishing

gaming | gambling · 6/3/2026

Summary

The page presents BETBOO branding and is hosted on a new domain tr.betboo2.live with a final redirect to getverify39.top/betboo.html. Visuals in the screenshot mimic a betting site UI, including a conspicuous BETBOO-like banner and login/CTA styling, suggesting impersonation of a recognizable betting brand. However, the final landing appears to be on an unrelated top-level domain and the static HTML shows a SPA-like structure with dynamic credential capture risk indicators; network requests and the SPA behavior imply potential credential collection rather than legitimate BETBOO authentication.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://getverify39.top/cdn-cgi/rum?.

▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, all.min.css, css2, 728x90.gif, 468x60_2.gif.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 15

Hosts: 7

Domains: 7

Attack Techniques (4)

Brand impersonation via UI/branding cues (BETBOO-like visuals, offline/online status panels, orange/black color scheme).SPA/JavaScript-driven credential capture risk (static HTML shows no form; dynamic forms likely rendered by JS).Redirect chain to a suspicious domain (getverify39.top) and POST to /cdn-cgi/rum? suggesting data exfiltration paths.Use of a new, short-lived SSL cert on a newly registered domain; mixed-domain hosting and cloaked resource loading.

Indicators of Compromise (6)

▸Final URL differs from submitted URL (https://getverify39.top/betboo.html).

▸Domain age: 0 days (very new).

▸SSL certificate issued recently (Apr 30 2026) to tr.betboo2.live; hosting via Cloudflare IP 104.21.78.199.

▸POST request to https://getverify39.top/cdn-cgi/rum? (204).

▸External script loading from Cloudflare Insights beacon (possible fingerprinting).

▸HTML shows no static login form; SPA-rendered forms inferred from page source and network behavior.

Risk AssessmentUsed in abuse reports

The domain and page present strong impersonation signals for the BETBOO brand, with a redirect to a separate domain where credential collection could occur. The combination of brand-visuals, a new domain, and exfiltration-like POST to a suspicious endpoint supports action as potential credential phishing. The page also shows SPA characteristics where credential fields may be rendered at runtime, increasing risk of stealth credential capture. Recommend treating as phishing risk and proceeding with domain/hosting action, pending fuller payload capture from ongoing monitoring.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence