0/100

medium Risk

anonflare.com

https://anonflare.com/ru/google

172.67.169.126 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

301 days

HTTP

200 · 26.9s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Разблокировка сайтов в Google Safe Browsing"

Save

Domain Intelligence: anonflare.com

Scanned 3 times since Mar 17, 2026, 10:46 AM UTC

⚠ Medium (46)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Google

Vendors

28/30

Status

partial

✓ avast✓ sophos✓ openphish✓ urlquery✓ cisa✓ microsoft✓ apwg✓ spamhaus✓ norton✓ bitdefender✓ brightcloud✓ yandex✗ avg✓ threatyeti✓ apple✓ emsisoft✓ urlscan✓ urlabuse✓ phishtank✓ virustotal✓ polyswarm✓ isitphish✓ netcraft✓ phishreport✓ google✓ kaspersky✓ fortiguard✗ eset✓ drweb✓ mcafee

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Google

Credential Phishing

technology | finance | ecommerce | government | other · 4/5/2026

Summary

This site at anonflare.com impersonates Google Safe Browsing content, presenting a Google-themed interface and Russian text about Google Safe Browsing. The URL path contains /google/ and the page title references Google Safe Browsing, while the hostname is not google.com. The SPA likely renders credential capture elements via JavaScript bundles, and the page includes numerous external scripts and a redirect-friendly post endpoint, indicating an attempt to harvest credentials under the guise of Google safety features.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://anonflare.com/cdn-cgi/rum?.

▸Distinctive asset clues: bootstrap.bundle.min.js, jquery-3.3.1.min.js, css, perfect-scrollbar.css, logo.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 53

Hosts: 4

Domains: 4

Attack Techniques (5)

Brand impersonation via URL path containing '/google/' and page title referencing Google Safe BrowsingCloned SPA-style UI that mimics Google’s content to harvest credentialsLoading multiple external JS assets and fonts to render a dynamic form post-processing flowSuspicious domain registration with a short remaining SSL cert validity and abusable registrarPOST to a hidden endpoint (cdn-cgi/rum) suggesting tracking/credential exfiltration setup

Indicators of Compromise (7)

▸DOMAIN: anonflare.com (impersonation target revealed in BRAND INTELLIGENCE)

▸URL path: /ru/google contains brand in path

▸Page title: Разблокировка сайтов в Google Safe Browsing (Google reference)

▸External script URLs under anonflare.com (JS bundles likely rendering credential form)

▸POST request: POST https://anonflare.com/cdn-cgi/rum? (potential exfiltration/tracking)

▸SSL cert recently issued (Mar 11 2026) and valid to Jun 9 2026

▸Domain age ~301 days, registrar with higher abuse prevalence (NICENIC)

Risk AssessmentUsed in abuse reports

The page is a high-risk credential-phishing surface. It deliberately impersonates Google via path and title, hosted on anonflare.com with a recent SSL cert and multiple external scripts, indicating a dynamic SPA likely designed to collect user credentials. The presence of a Google Safe Browsing related UI on a non-Google domain, plus a suspicious POST endpoint, constitutes strong abuse signals. This should be escalated for immediate takedown and registrar/hosting abuse follow-up, with the domain suspended and the site blocked to prevent victims from being hijacked.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence