0/100

low Risk

salla-kazan724.top

https://salla-kazan724.top/superbahis.html

104.21.53.252 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

32 days

HTTP

200 · 24.2s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Attention Required! | Cloudflare"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

elitbahis934.com

Vendors

29/31

Status

partial

✓ polyswarm✓ avast✓ sophos✓ avg✓ apple✓ openphish✓ spamhaus✓ microsoft✓ yandex✓ urlabuse✓ emsisoft✓ eset✓ chainpatrol✗ drweb✓ bitdefender✓ brightcloud✗ norton✓ cisa✓ urlscan✓ isitphish✓ apwg✓ netcraft✓ urlquery✓ phishreport✓ virustotal✓ kaspersky✓ phishtank✓ mcafee✓ google✓ threatyeti✓ fortiguard

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Scanner blocked by cloudflare

This scan likely captured a block/challenge page, so the AI analysis may not reflect the real site victims see.

elitbahis934.com

Unknown

gambling | technology | finance | other · 6/3/2026

Summary

The scan shows a Cloudflare 403/Block page for elitbahis934.com, not the actual target page content. The final URL attempted redirects to elitbahis934.com with a path that implies an affiliates link. The page content in the visible screenshot is a Cloudflare block page, not an impersonation page, but the domain and redirect chain suggest the operator is cloaking/redirection to an affiliated betting site. Since the block page is served by Cloudflare, there is evidence of WAF-based blocking during scanning rather than definitive phishing content on the live page. Analyst flagged likely cloaking/evasion behavior for this target. Analyst context noted: Fake brand imitating, phishing users with fake information. Elibahid and Superbahis brand imitating. Analyst note: this target may cloak content or block scanners.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸Content changed across stages: URL changed between stages; page title changed between stages.

▸POST targets observed during capture: https://salla-kazan724.top/cdn-cgi/rum?, https://salla-kazan724.top/cdn-cgi/challenge-platform/h/b/jsd/oneshot/883a1f27d85f/0.3843826665543202:1778584259:NqezUb-hvIMUnv6NDaanT2ju4CXPxEPeUa-d-vc55x4/9fa94a8d8d82f981, https://www.elitbahis934.com/cdn-cgi/rum?.

▸Distinctive asset clues: v8c78df7c7c0f484497ecbca7046644da1771523124516, main.js, all.min.css, css2, 728x90x.gif, 728x90.gif.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: Yes

URL changed between stagespage title changed between stages

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 23

Hosts: 8

Domains: 8

Attack Techniques (0)

Indicators of Compromise (0)

No specific IOCs identified in source

Risk AssessmentUsed in abuse reports

The domain salla-kazan724.top is a newly registered, suspicious top-level domain name that redirects to elitbahis934.com and triggers a Cloudflare block page. The block page itself confirms Cloudflare protection and an anti-bot challenge, which is commonly used by attackers to evade scanning. The observed redirect chain to an affiliated betting domain and multiple dynamic resources loaded from external hosts indicate potential abuse via cloaked redirects or affiliate schemes. While there is no direct evidence of credential harvesting in the static HTML, the combination of cloaked behavior, new domain, and redirection to a gaming/betting affiliate site constitutes suspicious activity demanding caution and monitoring. Recommend blocking or suspension actions until further verification is possible. Analyst-reported cloaking/evasion suspicion increases confidence that the operator is actively attempting to evade automated security analysis. Analyst context was provided and corroborated during this assessment (Fake brand imitating, phishing users with fake information. Elibahid and Superbahis brand imitating. Analyst note: this target may cloak content or block scanners.).

Recommended Action

Monitor

Cross-Reference9

URL Intelligence