0/100

critical Risk

anonflare.cc

https://anonflare.cc/en/google

172.67.169.89 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

200 · 32.4s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Unblocking websites in Google Safe Browsing"

Save

Domain Intelligence: anonflare.cc

Scanned 2 times since Mar 20, 2026, 02:04 AM UTC

✗ Critical (76)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Google

Vendors

29/30

Status

partial

✓ mcafee✓ google✓ threatyeti✓ fortiguard✓ yandex✓ kaspersky✓ sophos✓ bitdefender✓ avast✓ microsoft✓ eset✓ norton✓ brightcloud✓ polyswarm✓ avg✓ emsisoft✓ isitphish✓ openphish✓ urlscan✓ urlquery✓ apple✓ cisa✓ netcraft✓ spamhaus✓ apwg✓ phishreport✓ phishtank✗ drweb✓ urlabuse✓ virustotal

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Google

Credential Phishing

technology | finance | ecommerce | cryptocurrency · 4/5/2026

Summary

This page at anonflare.cc/en/google impersonates Google Safe Browsing content. The URL path and page title reference Google, while the domain is a new, unrelated domain. The SPA loads numerous third-party assets and posts to an off-brand endpoint, indicating credential collection under the guise of Google Safe Browsing.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://anonflare.cc/cdn-cgi/rum?.

▸Distinctive asset clues: bootstrap.bundle.min.js, jquery-3.3.1.min.js, font-awesome.min.css, perfect-scrollbar.css, logo.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 52

Hosts: 4

Domains: 4

Attack Techniques (7)

Brand in URL path: '/en/google' implies Google brandingBrand in page title: 'Unblocking websites in Google Safe Browsing'Impersonation of Google UI through SPA with Google-related contentExternal script/assets loaded that clone UI structure (bootstrap, font-awesome, etc.)POST to a non-brand endpoint (https://anonflare.cc/cdn-cgi/rum?) suggesting data exfiltrationNew, low-age domain (0 days) and Cloudflare hosting to evade detectionSSL issued by Let's Encrypt on a brand-agnostic domain

Indicators of Compromise (7)

▸DOMAIN: anonflare.cc (new, high abuse risk registrar NICENIC)

▸PATH: /en/google (brand in URL path)

▸TITLE: Unblocking websites in Google Safe Browsing

▸NETWORK: POST to https://anonflare.cc/cdn-cgi/rum?

▸RESOURCE: assets and scripts named generically (bootstrap.bundle.min.js, jquery-3.3.1.min.js, logo.png)

▸SSL: Let's Encrypt certificate issued today (0 days old)

▸WHOIS: domain created 2026-03-19

Risk AssessmentUsed in abuse reports

Abuse findings indicate a high-risk impersonation attempt: a freshly registered domain anonflare.cc presents Google branding in the URL path and page title, clearly impersonating Google Safe Browsing. The page appears to be a SPA loaded with common scripts and assets, with a suspicious POST endpoint likely used for exfiltration. The visual layout of the page, including a prominent Google-associated topic and a logo placeholder, reinforces credential collection risk. Coupled with a new domain age and the use of a public WAF/CDN in a way that obscures origin, this site should be treated as a credential phishing domain designed to harvest user data. Immediate takedown action is warranted. Evidence includes domain similarity signals, explicit brand references in URL/path and title, numerous external scripts, and an off-brand exfiltration POST endpoint.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence