www.cangi.site Open in urlscan Pro
156.253.51.217 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cangi.site/
Effective URL:
http://www.cangi.site/
Submission: On March 01 via api (March 1st 2020, 7:21:10 pm UTC) from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 20 HTTP transactions. The main IP is 156.253.51.217, located in Johannesburg, South Africa and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is www.cangi.site.

This is the only time www.cangi.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 17	156.253.51.217 156.253.51.217	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1	2606:4700:303... 2606:4700:3033::681b:846c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	61.135.185.248 61.135.185.248	4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network)
1	2606:4700:303... 2606:4700:3032::681b:8682	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	5

17 156.253.51.217 (Johannesburg, South Africa) 1 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)

cangi.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.cangi.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::681b:846c (United States)

ASN13335 (CLOUDFLARENET, US)

www.456api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 61.135.185.248 (Beijing, China)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)

push.zhanzhang.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.share.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::681b:8682 (United States)

ASN13335 (CLOUDFLARENET, US)

ganganxxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	cangi.site 1 redirects cangi.site www.cangi.site	2 MB
2	baidu.com push.zhanzhang.baidu.com api.share.baidu.com	868 B
1	ganganxxs.com ganganxxs.com
1	456api.com www.456api.com	547 B
20	4

	Domain	Requested by
16	www.cangi.site	www.cangi.site
1	api.share.baidu.com	www.cangi.site
1	ganganxxs.com	www.cangi.site
1	push.zhanzhang.baidu.com	www.cangi.site
1	www.456api.com	www.cangi.site
1	cangi.site	1 redirects
20	6

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-26` - `2020-10-09`	7 months	crt.sh

This page contains 2 frames:

Primary Page: http://www.cangi.site/
Frame ID: 1D11BEC812A1C4B3E0C80BBF9B6ED8CB
Requests: 23 HTTP requests in this frame

Frame: https://ganganxxs.com/index.html
Frame ID: E605EDBBE4A355CDDC4B64D612811968
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://cangi.site/ HTTP 301
http://www.cangi.site/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

20
Requests

5 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

1868 kB
Transfer

2100 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cangi.site/ HTTP 301
http://www.cangi.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.cangi.site/ Redirect Chain http://cangi.site/ http://www.cangi.site/	27 KB 11 KB	5132ms 335ms	Document text/html	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `aba6da11d79af36ac9543c585dfe3af6932835878dbe957352acc2e59d32f1e4` Request headers Host www.cangi.site Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx Date Sun, 01 Mar 2020 19:20:42 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Content-Encoding gzip Redirect headers Server nginx Date Sun, 01 Mar 2020 19:20:37 GMT Content-Type text/html Content-Length 0 Connection keep-alive Location http://www.cangi.site/
GET H/1.1	200 OK	6c577db3e047.css www.cangi.site/static/bundles/metro/ConsumerUICommons.css/	108 KB 17 KB	166ms 163ms	Stylesheet text/css	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/ConsumerUICommons.css/6c577db3e047.css Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `238957115abbfcaf9c74a7a711be1cedc1d2a9bb40efb8d8f5b0946e8c85caf4` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Content-Encoding gzip Last-Modified Fri, 21 Feb 2020 21:45:59 GMT Server nginx ETag W/"5e504f97-1b07d" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=432000 Transfer-Encoding chunked Connection keep-alive Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	48113b1edd51.css www.cangi.site/static/bundles/metro/ConsumerAsyncCommons.css/	18 KB 4 KB	311ms 298ms	Stylesheet text/css	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/ConsumerAsyncCommons.css/48113b1edd51.css Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `bbf71805d162d0a7e4d3537dbc05a8ce2bd54eb0aea82e44e59a97832a3f9c2d` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Content-Encoding gzip Last-Modified Fri, 21 Feb 2020 21:45:59 GMT Server nginx ETag W/"5e504f97-46fd" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=432000 Transfer-Encoding chunked Connection keep-alive Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	7f23ac17b28d.css www.cangi.site/static/bundles/metro/Consumer.css/	21 KB 5 KB	320ms 307ms	Stylesheet text/css	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/Consumer.css/7f23ac17b28d.css Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `f85944e18013e47c4c75c54ec2416f4d1eebfe2ed235d731c7e1655d08a6efa3` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Content-Encoding gzip Last-Modified Sat, 22 Feb 2020 14:56:17 GMT Server nginx ETag W/"5e514111-5450" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=432000 Transfer-Encoding chunked Connection keep-alive Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	55ca00d1afee.css www.cangi.site/static/bundles/metro/LandingPage.css/	20 KB 5 KB	400ms 386ms	Stylesheet text/css	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/LandingPage.css/55ca00d1afee.css Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `23fb0ff461df45796d8cfeb4073baa00da2d0b8450378766ddeaf90db3eebeef` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Content-Encoding gzip Last-Modified Fri, 21 Feb 2020 21:45:59 GMT Server nginx ETag W/"5e504f97-4feb" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=432000 Transfer-Encoding chunked Connection keep-alive Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	5a56d51ae30f.js Show response www.cangi.site/static/bundles/metro/Vendor.js/	254 KB 254 KB	321ms 307ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/Vendor.js/5a56d51ae30f.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `aa1a47459e68d1b2517f5e00513a7b371d9d6e41fd1c7bbb362037120bc98bff` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Last-Modified Fri, 21 Feb 2020 21:46:00 GMT Server nginx ETag "5e504f98-3f748" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 259912 Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	3250615247ef.js Show response www.cangi.site/static/bundles/metro/zh_CN.js/	164 KB 165 KB	315ms 302ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/zh_CN.js/3250615247ef.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `42a0354c988aa3f1722d817de57b2dba56ad3197a0ada36e99e9679aaa3d5f10` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Last-Modified Fri, 21 Feb 2020 21:46:00 GMT Server nginx ETag "5e504f98-29143" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 168259 Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	b1136237d99c.js Show response www.cangi.site/static/bundles/metro/ConsumerLibCommons.js/	609 KB 609 KB	401ms 231ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/ConsumerLibCommons.js/b1136237d99c.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `bc0c2967572a0565f21f6cda659d121fbc5a08d8edc9f205997521c3d9a00086` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Last-Modified Fri, 21 Feb 2020 21:46:00 GMT Server nginx ETag "5e504f98-983d3" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 623571 Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	7dbba70e0d07.js Show response www.cangi.site/static/bundles/metro/ConsumerUICommons.js/	193 KB 193 KB	469ms 158ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/ConsumerUICommons.js/7dbba70e0d07.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `13e1c42af99faf522852f167cca7565c7cb8e2511bab4296a69a034f14c2a741` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:42 GMT Last-Modified Fri, 21 Feb 2020 21:46:00 GMT Server nginx ETag "5e504f98-30320" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 197408 Expires Fri, 06 Mar 2020 19:20:42 GMT
GET H/1.1	200 OK	9a5d77a6330f.js Show response www.cangi.site/static/bundles/metro/ConsumerAsyncCommons.js/	105 KB 105 KB	483ms 162ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/ConsumerAsyncCommons.js/9a5d77a6330f.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `a6b7336c3af6177a26e145db3090ba2dce1c441fbf94842373c47c32419abaf5` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Last-Modified Fri, 21 Feb 2020 21:46:01 GMT Server nginx ETag "5e504f99-1a2c4" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 107204 Expires Fri, 06 Mar 2020 19:20:43 GMT
GET H/1.1	200 OK	8caa8d1d1b46.js www.cangi.site/static/bundles/metro/Consumer.js/	445 KB 0	565ms 161ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/Consumer.js/8caa8d1d1b46.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Last-Modified Fri, 21 Feb 2020 21:46:01 GMT Server nginx ETag "5e504f99-94d27" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 609575 Expires Fri, 06 Mar 2020 19:20:43 GMT
GET H/1.1	200 OK	1b1f5d68432a.js Show response www.cangi.site/static/bundles/metro/LandingPage.js/	123 KB 124 KB	777ms 161ms	Script application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/LandingPage.js/1b1f5d68432a.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `f9191158ea47db505d86067359e11f963d6a78dcb43d72934569987ed6817d76` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Last-Modified Sat, 22 Feb 2020 14:56:18 GMT Server nginx ETag "5e514112-1ed2a" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 126250 Expires Fri, 06 Mar 2020 19:20:43 GMT
GET H/1.1	200 OK	tj.js Show response www.cangi.site/	0 154 B	929ms 160ms	Script application/x-javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/tj.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Server nginx Connection keep-alive Content-Length 0 Content-Type application/x-javascript
GET H/1.1	200 OK	common.js Show response www.cangi.site/	4 KB 2 KB	939ms 160ms	Script application/x-javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/common.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `93cb50adfcb4eeecf03f996d9810c4cdd866f1bb49de6455f94f35055ec1c209` Request headers Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type application/x-javascript
GET H/1.1	200 OK	7c81e624329c.js www.cangi.site/static/bundles/metro/FeedPageContainer.js/	0 348 KB	156ms 156ms	Other application/javascript	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/FeedPageContainer.js/7c81e624329c.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Last-Modified Sat, 22 Feb 2020 14:56:18 GMT Server nginx ETag "5e514112-57089" Content-Type application/javascript Cache-Control max-age=432000 Connection keep-alive Accept-Ranges bytes Content-Length 356489 Expires Fri, 06 Mar 2020 19:20:43 GMT
GET H/1.1	200 OK	8d1dcdf44ec5.css www.cangi.site/static/bundles/metro/FeedPageContainer.css/	0 25 KB	174ms 173ms	Other text/css	156.253.51.217 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL http://www.cangi.site/static/bundles/metro/FeedPageContainer.css/8d1dcdf44ec5.css Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 156.253.51.217 Johannesburg, South Africa, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:43 GMT Content-Encoding gzip Last-Modified Fri, 21 Feb 2020 21:46:02 GMT Server nginx ETag W/"5e504f9a-11737" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=432000 Transfer-Encoding chunked Connection keep-alive Expires Fri, 06 Mar 2020 19:20:43 GMT
GET H/1.1	200 OK	eddata Show response www.456api.com/index.php/Article/	69 B 547 B	189ms 164ms	XHR application/json	2606:4700:3033::681b:846c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.456api.com/index.php/Article/eddata?zq=zq_kf&val=smplink&t=0.29940780130404354?v=08466254449703494 Requested by Host: www.cangi.site URL: http://www.cangi.site/common.js Protocol HTTP/1.1 Server 2606:4700:3033::681b:846c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a0f69a6ba7fc0f1e01a7dc1d88d084e9c1a053cec325dd9e688f3ae473e29eed` Request headers Origin http://www.cangi.site Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:45 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC Server cloudflare Transfer-Encoding chunked Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Connection keep-alive CF-RAY 56d53cb33ce22fa5-FRA
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e0bd957ccfef739d618b4e1a8ac1c2b19f90037065cee1641427e705ef1debad` Request headers Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `735f7ebf6e827db314649423976c7d3d2f8c19e286e95106a19cf6ff69389ff1` Request headers Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	715 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	push.js Show response push.zhanzhang.baidu.com/	281 B 752 B	774ms 755ms	Script text/javascript	61.135.185.248 CHINA169-BJ China...
General Check archive.org Show headers Download Go to Full URL http://push.zhanzhang.baidu.com/push.js Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 61.135.185.248 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN), Reverse DNS Software apache / Resource Hash `674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2` Request headers Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:45 GMT Content-Encoding gzip Last-Modified Wed, 25 Nov 2015 07:47:55 GMT Server apache Etag "4078521116" Vary Accept-Encoding P3p CP=" OTI DSP COR IVA OUR IND COM " Cache-Control max-age=31536000 Accept-Ranges bytes Content-Type text/javascript Content-Length 227 Expires Mon, 01 Mar 2021 19:20:45 GMT
GET H2	200	index.html ganganxxs.com/ Frame E605	0 0	207ms 168ms	Document text/html	2606:4700:3032::681b:8682 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ganganxxs.com/index.html Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::681b:8682 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers :method GET :authority ganganxxs.com :scheme https :path /index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest iframe accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate referer http://www.cangi.site/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Referer http://www.cangi.site/ Response headers status 200 date Sun, 01 Mar 2020 19:20:45 GMT content-type text/html set-cookie __cfduid=d7ac105f1191bbb78fa726127db7578261583090445; expires=Tue, 31-Mar-20 19:20:45 GMT; path=/; domain=.ganganxxs.com; HttpOnly; SameSite=Lax; Secure last-modified Fri, 07 Feb 2020 15:26:43 GMT vary Accept-Encoding cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 56d53cb488af145a-FRA content-encoding br
GET H/1.1	200 OK	s.gif api.share.baidu.com/	0 116 B	1690ms 1674ms	Image text/plain	61.135.185.248 CHINA169-BJ China...
General Check archive.org Show headers Download Go to Show image Full URL http://api.share.baidu.com/s.gif?l=http://www.cangi.site/ Requested by Host: www.cangi.site URL: http://www.cangi.site/ Protocol HTTP/1.1 Server 61.135.185.248 Beijing, China, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.cangi.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 19:20:47 GMT Content-Length 0 Content-Type text/plain; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://www.cangi.site/common.js(Line 12) Message: 1
console-api	log	URL: http://www.cangi.site/common.js(Line 42) Message: 2
console-api	log	URL: http://www.cangi.site/common.js(Line 47) Message: 0*DIVshowcloneshengxiaon
console-api	log	URL: http://www.cangi.site/common.js(Line 47) Message: 1*STYLE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.share.baidu.com
cangi.site
ganganxxs.com
push.zhanzhang.baidu.com
www.456api.com
www.cangi.site
156.253.51.217
2606:4700:3032::681b:8682
2606:4700:3033::681b:846c
61.135.185.248
13e1c42af99faf522852f167cca7565c7cb8e2511bab4296a69a034f14c2a741
238957115abbfcaf9c74a7a711be1cedc1d2a9bb40efb8d8f5b0946e8c85caf4
23fb0ff461df45796d8cfeb4073baa00da2d0b8450378766ddeaf90db3eebeef
42a0354c988aa3f1722d817de57b2dba56ad3197a0ada36e99e9679aaa3d5f10
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
735f7ebf6e827db314649423976c7d3d2f8c19e286e95106a19cf6ff69389ff1
93cb50adfcb4eeecf03f996d9810c4cdd866f1bb49de6455f94f35055ec1c209
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
a0f69a6ba7fc0f1e01a7dc1d88d084e9c1a053cec325dd9e688f3ae473e29eed
a6b7336c3af6177a26e145db3090ba2dce1c441fbf94842373c47c32419abaf5
aa1a47459e68d1b2517f5e00513a7b371d9d6e41fd1c7bbb362037120bc98bff
aba6da11d79af36ac9543c585dfe3af6932835878dbe957352acc2e59d32f1e4
bbf71805d162d0a7e4d3537dbc05a8ce2bd54eb0aea82e44e59a97832a3f9c2d
bc0c2967572a0565f21f6cda659d121fbc5a08d8edc9f205997521c3d9a00086
e0bd957ccfef739d618b4e1a8ac1c2b19f90037065cee1641427e705ef1debad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f85944e18013e47c4c75c54ec2416f4d1eebfe2ed235d731c7e1655d08a6efa3
f9191158ea47db505d86067359e11f963d6a78dcb43d72934569987ed6817d76

www.cangi.site Open in urlscan Pro 156.253.51.217 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

5 %HTTPS

50 %IPv6

4 Domains

6 Subdomains

5 IPs

3 Countries

1868 kBTransfer

2100 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

www.cangi.site Open in urlscan Pro
156.253.51.217 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

5 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

1868 kB
Transfer

2100 kB
Size

0
Cookies

20 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!