zyexx.com
Open in
urlscan Pro
2606:4700:20::ac43:49dd
Malicious Activity!
Public Scan
Submission: On July 13 via api from BY — Scanned from DE
Summary
TLS certificate: Issued by WE1 on July 13th 2024. Valid for: 3 months.
This is the only time zyexx.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 2606:4700:20:... 2606:4700:20::ac43:49dd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2606:4700:20:... 2606:4700:20::681a:8e9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
cybeready.net
lp.cybeready.net |
87 KB |
5 |
zyexx.com
1 redirects
zyexx.com |
7 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 240 |
32 KB |
1 |
gstatic.com
fonts.gstatic.com |
48 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 74 |
3 KB |
17 | 5 |
Domain | Requested by | |
---|---|---|
9 | lp.cybeready.net |
zyexx.com
|
5 | zyexx.com |
1 redirects
zyexx.com
cdnjs.cloudflare.com |
2 | cdnjs.cloudflare.com |
zyexx.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
lp.cybeready.net
|
17 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
accounts.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
zyexx.com WE1 |
2024-07-13 - 2024-10-11 |
3 months | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
cybeready.net E5 |
2024-06-14 - 2024-09-12 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://zyexx.com/81301d6b4s42174718ia49ee26fj1074463e.html
Frame ID: AE974C5E6629AD6CF72FF805B21BA2B1
Requests: 15 HTTP requests in this frame
Frame:
https://zyexx.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
Frame ID: 95A873E36998847E780CE93BF288A1F6
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Sign in - Google AccountsDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Sign in with a different account
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://zyexx.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://zyexx.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
81301d6b4s42174718ia49ee26fj1074463e.html
zyexx.com/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sanitize.css
lp.cybeready.net/Forms/Google/ |
475 B 782 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
lp.cybeready.net/Forms/Google/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ |
82 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validator.js
lp.cybeready.net/Forms/Google/ |
1 KB 803 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing-page.js
lp.cybeready.net/common/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
lp.cybeready.net/Forms/Google/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avatar.png
lp.cybeready.net/Forms/Google/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-strip.png
lp.cybeready.net/Forms/Google/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
universal-language.png
lp.cybeready.net/Forms/Google/ |
160 B 588 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
55 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
zyexx.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/ Frame 95A8 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
8a27cd3a4ea65d8a
zyexx.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 95A8 |
0 571 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
81301d6b4s42174718ia49ee26fj1074463e.html
zyexx.com/ |
0 339 B |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
lp.cybeready.net/Forms/Google/ |
361 KB 61 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| getcrrid function| $ function| jQuery object| validator2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.zyexx.com/ | Name: cf_clearance Value: o7_lZJc3DJ4fn_0jrNrbryQ7.dKfJhBVtjuly3evkaw-1720858280-1.0.1.1-ALCKmTFvksaNPvQehx9vVyD96GyDmN0.TbJyfVkaLNwWO5z.w7OVQ1ITL6KQLB86_wGAtCErT29aOfP9PsMBjg |
|
zyexx.com/ | Name: requestid Value: 67ebd77d9dbb361db5cd1c96f10e2000 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
lp.cybeready.net
zyexx.com
104.17.25.14
2606:4700:20::681a:8e9
2606:4700:20::ac43:49dd
2a00:1450:4001:81c::200a
2a00:1450:4001:829::2003
12481dc4ca9cbeec872bf3c82d33640c8caac92d4ce9f394907287cdcfb316a3
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
208fb771d3dafbd219456ad23ef9a81b7c0b2c66d415558eaad37aa8e73051e8
2f75b559a72868bf11e4bb75ea6834d7f158eca12bac649fd43474b97ad9908b
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5c548bf6a753980c9c37fc84319afec33c3178830a61bffb7daf58ba065c5043
633d39e293d4a1e9f9c461323d6d3913f3ee51ab8cc901e4c45356cf022634ca
6a449b4722f14af5cb2a4bcc627a7c324c804147feab1e56230a9712131ce116
82c4448aa54b38018d193bb1b285454bf0c81be06d9caeb3dd1a9f0dbbf74b93
9cccf3bd2448b6878f62512d0d08f2397477871ff91ad581c1193ee862ec4e1b
aeb7cb711f8559684e29273a8cb879df8b150fd7569b75daca0222889bf6dd5f
b17609553b24140fc01409b78fa834fe878de6410fe9e8996b0a5f6a984ddd6d
b6aa7fe0584c975a9d8140a65fc55363d1b68f9230f61f95c616456b1c4c2d66
d3b659e4ebeb57a47ab77ac49b6f305faf3c14d5a31f4a2ed2f992e8673dbd6d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855