netfimarketing.com
Open in
urlscan Pro
104.26.5.107
Malicious Activity!
Public Scan
Submission: On January 07 via api from US — Scanned from US
Summary
This is the only time netfimarketing.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 104.26.5.107 104.26.5.107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 16 | 104.26.8.233 104.26.8.233 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.251.40.106 142.251.40.106 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.251.40.131 142.251.40.131 | 15169 (GOOGLE) (GOOGLE) | |
16 | 5 |
ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cybeready.net
8 redirects
lp.cybeready.net |
31 KB |
5 |
netfimarketing.com
1 redirects
netfimarketing.com |
9 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 395 |
31 KB |
1 |
gstatic.com
fonts.gstatic.com |
48 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 115 |
3 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
16 | lp.cybeready.net |
8 redirects
netfimarketing.com
|
5 | netfimarketing.com |
1 redirects
netfimarketing.com
cdnjs.cloudflare.com |
2 | cdnjs.cloudflare.com |
netfimarketing.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
lp.cybeready.net
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
accounts.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://netfimarketing.com/43f007092u9ac94a7cl8dc6572bl100ff61e.html__;!!oepyz6q!9uxhspyfpv-ky1juxdeffwo5_7aetrakw3dsqpc61h-vjij_ngc6exafv_qdxg2zcrhfrdjzvxlor9tefzcge8kxq-gd$
Frame ID: 8C9732F7B9BACCD5C16B3AD4E500B7E6
Requests: 14 HTTP requests in this frame
Frame:
http://netfimarketing.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 1BCC001EC4DF19BAD8E837DBF6463484
Requests: 2 HTTP requests in this frame
Screenshot
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Sign in with a different account
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css
- http://lp.cybeready.net/Forms/Google/sanitize.css HTTP 301
- https://lp.cybeready.net/Forms/Google/sanitize.css
- http://lp.cybeready.net/Forms/Google/index.css HTTP 301
- https://lp.cybeready.net/Forms/Google/index.css
- http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
- http://lp.cybeready.net/Forms/Google/validator.js HTTP 301
- https://lp.cybeready.net/Forms/Google/validator.js
- http://lp.cybeready.net/common/landing-page.js HTTP 301
- https://lp.cybeready.net/common/landing-page.js
- http://lp.cybeready.net/Forms/Google/logo.png HTTP 301
- https://lp.cybeready.net/Forms/Google/logo.png
- http://lp.cybeready.net/Forms/Google/avatar.png HTTP 301
- https://lp.cybeready.net/Forms/Google/avatar.png
- http://lp.cybeready.net/Forms/Google/bottom-strip.png HTTP 301
- https://lp.cybeready.net/Forms/Google/bottom-strip.png
- http://lp.cybeready.net/Forms/Google/universal-language.png HTTP 301
- https://lp.cybeready.net/Forms/Google/universal-language.png
- http://netfimarketing.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- http://netfimarketing.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
43f007092u9ac94a7cl8dc6572bl100ff61e.html__;!!oepyz6q!9uxhspyfpv-ky1juxdeffwo5_7aetrakw3dsqpc61h-vjij_ngc6exafv_qdxg2zcrhfrdjzvxlor9tefzcge8kxq-gd$
netfimarketing.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ Redirect Chain
|
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sanitize.css
lp.cybeready.net/Forms/Google/ Redirect Chain
|
475 B 644 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
lp.cybeready.net/Forms/Google/ Redirect Chain
|
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ Redirect Chain
|
82 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validator.js
lp.cybeready.net/Forms/Google/ Redirect Chain
|
1 KB 788 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing-page.js
lp.cybeready.net/common/ Redirect Chain
|
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avatar.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-strip.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
universal-language.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
167 B 563 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
55 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
netfimarketing.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 1BCC Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
84186b1caeaf53e5
netfimarketing.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 1BCC |
0 812 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
43f007092u9ac94a7cl8dc6572bl100ff61e.html__;!!oepyz6q!9uxhspyfpv-ky1juxdeffwo5_7aetrakw3dsqpc61h-vjij_ngc6exafv_qdxg2zcrhfrdjzvxlor9tefzcge8kxq-gd$
netfimarketing.com/ |
0 666 B |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| getcrrid function| $ function| jQuery object| validator1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
netfimarketing.com/ | Name: requestid Value: 339f70f1b551aaebc0311c665f1c7592 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
lp.cybeready.net
netfimarketing.com
104.17.25.14
104.26.5.107
104.26.8.233
142.251.40.106
142.251.40.131
047e827c0b0110a7d60acb8b92f17c61eccc10353a4266ac226952c121def3c1
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2f75b559a72868bf11e4bb75ea6834d7f158eca12bac649fd43474b97ad9908b
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
633d39e293d4a1e9f9c461323d6d3913f3ee51ab8cc901e4c45356cf022634ca
6a449b4722f14af5cb2a4bcc627a7c324c804147feab1e56230a9712131ce116
82c4448aa54b38018d193bb1b285454bf0c81be06d9caeb3dd1a9f0dbbf74b93
92cb7eec1d13f6b56958786a0f1008ae6a1d2057ae782622fdbbfa828dfce9d6
99d091198fb9f2bdf9381e38631c1d45d2f1310e401c0ac9eb4c776585d71f4b
a4692a7234b95c9908d1a9068f1bc9191815a6b1d9e3b3b84ad12ee10caaaaee
aeb7cb711f8559684e29273a8cb879df8b150fd7569b75daca0222889bf6dd5f
e2303f36ac057e169439cbef6d41099ee1b6f327fddb126c4695e83f34741bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855