mass.report
Scan Intelligence Report0/100
high Risk
getverify39.top
https://getverify39.top/betboo.html
IP
104.21.93.85 · Cloudflare, Inc.
Location
Toronto, Canada
Domain Age
5 days ⚠
HTTP
200 · 35.9s
SSL
Valid· E7, Let's Encrypt, US
Status
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
BETBOO (Elitbahis) – impersonation clone of BETBOO/Elitbahis branding
Vendors
30/31
Status
partial
✓ microsoft✓ yandex✓ avg✓ avast✓ apple✓ isitphish✓ urlscan✓ emsisoft✓ cisa✓ urlquery✓ netcraft✓ spamhaus✓ sophos✓ openphish✓ apwg✓ phishtank✓ chainpatrol✓ phishreport✓ eset✓ virustotal✓ brightcloud✓ drweb✓ polyswarm✓ bitdefender✗ norton✓ urlabuse✓ threatyeti✓ mcafee✓ kaspersky✓ google✓ fortiguard
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
BETBOO (Elitbahis) – impersonation clone of BETBOO/Elitbahis branding
Credential Phishingfinance | technology | ecommerce | cryptocurrency | telecommunications | gaming · 6/3/2026
Summary
The page presents BETBOO/Elitbahis branding with a visually rich impersonation layout. The domain getverify39.top is very new (5 days) and uses a Cloudflare IP, but the static HTML shows impersonation-style UI resembling BETBOO/Elitbahis, including a prominent login/cta area rendered via SPA with credential collection risk. There is no static login form in the HTML, but SPA rendering could capture credentials via dynamically loaded scripts evidenced by external script and a POST to a rum endpoint, suggesting credential harvest behavior. A meta refresh redirects to an unrelated domain, and the page includes banners and off-brand domains, reinforcing suspicion of phishing intent.
Evidence Summary
▸Observed 3 capture stage(s); canonical stage is late_render_3s.
▸POST targets observed during capture: https://getverify39.top/cdn-cgi/rum?.
▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, all.min.css, css2, 468x60_2.gif, 728x90.gif.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 13
Hosts: 5
Domains: 5
Attack Techniques (4)
Impersonation of a known betting brand (BETBOO/Elitbahis) with similar color scheme and UISPA-based credential capture risk (dynamic forms via JavaScript, 0 static forms but single-page app)POST request to a CDN/rum endpoint (possible data exfiltration or anti-scraping logic)Redirect/redirect chain via meta refresh to an external domain
Indicators of Compromise (7)
▸Domain age: 5 days (new domain)
▸Top-level domain .top (suspicious for brand impersonation)
▸SSL certificate from Let's Encrypt, issued 5 days ago
▸Network POST to https://getverify39.top/cdn-cgi/rum? (204), potential data beacon
▸External script loaded from https://static.cloudflareinsights.com/beacon.min.js (analytics script used by SPA)
▸Page title and visual branding imitate BETBOO/Elitbahis; static HTML shows BETBOO-like cards and banners
▸Meta refresh tag directing to https://sshortly5.com/00d0cf6 (redirect to third-party site)
Risk AssessmentUsed in abuse reports
The page presents BETBOO/Elitbahis branding in a way that strongly suggests impersonation. The domain is new (5 days), the TLD is .top, and the HTML relies on SPA rendering with credential collection potential, including a POST to a rum endpoint. Although there is no static login form, the visual impersonation combined with dynamic UI and a redirect chain indicates credential harvesting risk. Recommend treating as high-risk phishing impersonation and suspending domain or blocking URL, while gathering further evidence on traffic and registrant details.
Recommended Action
Suspend Domain
Cross-Reference9
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API