# tr.galabet-2026turkeygiris.vip — MALICIOUS

> tr.galabet-2026turkeygiris.vip is linked to low-risk phishing activity. Stay alert and avoid sharing personal info on this active domain.

## Summary
PhishDestroy identifies tr.galabet-2026turkeygiris.vip as a domain associated with generic phishing threats. Although its risk level is categorized as low, users should remain cautious due to its intent to deceive and potentially harvest sensitive information. The domain’s setup suggests it could be used in attempts to mimic legitimate services.

This domain was registered recently on March 7, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to the IP address 172.67.154.87. VirusTotal analysis shows minimal detection, with only a single security vendor flagging it out of 95, which indicates limited but notable suspicion. The domain name and infrastructure imply targeting of specific user groups possibly related to Turkey.

Currently, tr.galabet-2026turkeygiris.vip remains active and should be monitored closely. PhishDestroy recommends avoiding interaction with this domain and advises organizations to update their security filters accordingly. Users are urged not to enter any personal or financial information on this site to prevent potential phishing risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Galabet | Galabet Giriş — Güncel Adres ve Güvenli Erişim

## Domain Intelligence
- Registered: 2026-03-07 22:27:37
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.154.87
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: jim.ns.cloudflare.com laila.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "Cluster25", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "SOCRadar", "Sophos", "VIPRE", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/5g0CGQty/27e935ef260b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/51d308f4-7588-4809-bb51-02a69d8c5aa2
- Wayback Machine: https://web.archive.org/web/https://tr.galabet-2026turkeygiris.vip
- PhishDestroy: https://phishdestroy.io/domain/tr.galabet-2026turkeygiris.vip/
- LLM endpoint: https://phishdestroy.io/domain/tr.galabet-2026turkeygiris.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tr.galabet-2026turkeygiris.vip/
Last updated: 2026-03-19