https://m.superbahisturkiye.icu/
104.21.64.222 · Cloudflare, Inc.
Toronto, Canada
2 days ⚠
200 · 15.5s
Valid· WE1, Google Trust Services, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Unknown
Vendors
30/31
Status
partial
Registered-domain escalation
Submit superbahisturkiye.icu as the primary IOC, enriched with evidence from hostile subdomains like m.superbahisturkiye.icu.
No KB/IOK detections were recorded for this scan.
finance | technology | ecommerce | cryptocurrency | education | other · 7/19/2026
The page at m.superbahisturkiye.icu presents Turkish text and branding elements that imply a 'Türkiye'de Yasadışı Bahis Suçtur' message, with evidence of SPA-like behavior and dynamic credential capture risk. However, there is no clear indication of a specific legitimate brand being impersonated in the static HTML; the domain appears newly registered and uses a .icu TLD. Visual cues in the attached screenshot suggest a generic, dark-themed banner rather than an exact replica of a well-known brand’s login. The scan notes a POST to a rum endpoint and an external Cloudflare beacon script, but concrete impersonation of a known brand is uncertain from the available signals.
Capture
Stages: 2
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 9
Hosts: 4
Domains: 4
The page is on a newly registered domain with a suspicious TLD (.icu) and uses Cloudflare infrastructure. The HTML indicates a potential SPA that could render credential capture UI via JavaScript, and a POST to /cdn-cgi/rum? may be used for telemetry or data exfiltration. Although the screenshot shows a dark banner that does not clearly match a well-known brand, the combination of new domain, impersonation-like messaging in Turkish about illegal betting, and dynamic credential capture risk warrants caution. The site should be treated as suspicious and monitored for credential harvesting behavior; block or suspend only if corroborated abuse is confirmed.
Monitor