netfimarketing.com
Open in
urlscan Pro
172.67.74.33
Malicious Activity!
Public Scan
Submission: On January 05 via api from US — Scanned from US
Summary
This is the only time netfimarketing.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 172.67.74.33 172.67.74.33 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 8 | 172.67.74.139 172.67.74.139 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 104.26.9.233 104.26.9.233 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.176.202 142.250.176.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.251.40.131 142.251.40.131 | 15169 (GOOGLE) (GOOGLE) | |
16 | 5 |
ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cybeready.net
8 redirects
lp.cybeready.net |
31 KB |
5 |
netfimarketing.com
1 redirects
netfimarketing.com |
9 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 395 |
31 KB |
1 |
gstatic.com
fonts.gstatic.com |
48 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 115 |
3 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
16 | lp.cybeready.net |
8 redirects
netfimarketing.com
|
5 | netfimarketing.com |
1 redirects
netfimarketing.com
cdnjs.cloudflare.com |
2 | cdnjs.cloudflare.com |
netfimarketing.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
lp.cybeready.net
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
accounts.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://netfimarketing.com/4f4640313u68d34fealb4ba574fl34a04001.html__;!!oepyz6q!7kfbw7nk5-rbl0-npjzamswnh9ov1y8wpnaqtixzc8eemwd3zlzznr9hsrrrvhd4yzkzduly7d9tqj2suxzo1bo
Frame ID: 71D4FD1AAA1FFE7734403BD63D9A134E
Requests: 14 HTTP requests in this frame
Frame:
http://netfimarketing.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 403CCB2563B89C4A18FC55BBCE9D020F
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Sign in - Google AccountsDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Sign in with a different account
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css
- http://lp.cybeready.net/Forms/Google/sanitize.css HTTP 301
- https://lp.cybeready.net/Forms/Google/sanitize.css
- http://lp.cybeready.net/Forms/Google/index.css HTTP 301
- https://lp.cybeready.net/Forms/Google/index.css
- http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
- http://lp.cybeready.net/Forms/Google/validator.js HTTP 301
- https://lp.cybeready.net/Forms/Google/validator.js
- http://lp.cybeready.net/common/landing-page.js HTTP 301
- https://lp.cybeready.net/common/landing-page.js
- http://lp.cybeready.net/Forms/Google/logo.png HTTP 301
- https://lp.cybeready.net/Forms/Google/logo.png
- http://lp.cybeready.net/Forms/Google/avatar.png HTTP 301
- https://lp.cybeready.net/Forms/Google/avatar.png
- http://lp.cybeready.net/Forms/Google/bottom-strip.png HTTP 301
- https://lp.cybeready.net/Forms/Google/bottom-strip.png
- http://lp.cybeready.net/Forms/Google/universal-language.png HTTP 301
- https://lp.cybeready.net/Forms/Google/universal-language.png
- http://netfimarketing.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- http://netfimarketing.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
4f4640313u68d34fealb4ba574fl34a04001.html__;!!oepyz6q!7kfbw7nk5-rbl0-npjzamswnh9ov1y8wpnaqtixzc8eemwd3zlzznr9hsrrrvhd4yzkzduly7d9tqj2suxzo1bo
netfimarketing.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ Redirect Chain
|
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sanitize.css
lp.cybeready.net/Forms/Google/ Redirect Chain
|
475 B 650 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
lp.cybeready.net/Forms/Google/ Redirect Chain
|
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ Redirect Chain
|
82 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validator.js
lp.cybeready.net/Forms/Google/ Redirect Chain
|
1 KB 916 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing-page.js
lp.cybeready.net/common/ Redirect Chain
|
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avatar.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-strip.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
universal-language.png
lp.cybeready.net/Forms/Google/ Redirect Chain
|
167 B 594 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
55 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
netfimarketing.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 403C Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
8407e6614f0a0cb7
netfimarketing.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 403C |
0 814 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
4f4640313u68d34fealb4ba574fl34a04001.html__;!!oepyz6q!7kfbw7nk5-rbl0-npjzamswnh9ov1y8wpnaqtixzc8eemwd3zlzznr9hsrrrvhd4yzkzduly7d9tqj2suxzo1bo
netfimarketing.com/ |
0 662 B |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| getcrrid function| $ function| jQuery object| validator1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
netfimarketing.com/ | Name: requestid Value: 373aa2df09483d80f055358f3f4e36ad |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
lp.cybeready.net
netfimarketing.com
104.17.24.14
104.26.9.233
142.250.176.202
142.251.40.131
172.67.74.139
172.67.74.33
047e827c0b0110a7d60acb8b92f17c61eccc10353a4266ac226952c121def3c1
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2f75b559a72868bf11e4bb75ea6834d7f158eca12bac649fd43474b97ad9908b
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
633d39e293d4a1e9f9c461323d6d3913f3ee51ab8cc901e4c45356cf022634ca
6a449b4722f14af5cb2a4bcc627a7c324c804147feab1e56230a9712131ce116
82c4448aa54b38018d193bb1b285454bf0c81be06d9caeb3dd1a9f0dbbf74b93
92cb7eec1d13f6b56958786a0f1008ae6a1d2057ae782622fdbbfa828dfce9d6
a17a79830703fbe694d9f6f11e3bec8915dde937f93aa5fe431e8d02611f87c8
a4692a7234b95c9908d1a9068f1bc9191815a6b1d9e3b3b84ad12ee10caaaaee
aeb7cb711f8559684e29273a8cb879df8b150fd7569b75daca0222889bf6dd5f
d835511585cfa040435e9a59ab0159b636ff717f7de7a20b03adb5c32362caab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855