oss.anscxnyn.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Submitted URL: http://client.anscxnyn.com/
Effective URL: https://oss.anscxnyn.com/
Submission: On October 03 via manual from HK — Scanned from NO

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is oss.anscxnyn.com.
TLS certificate: Issued by E1 on October 2nd 2023. Valid for: 3 months.
This is the only time oss.anscxnyn.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
2 5 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 10 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 240e:908:8003... 137698 (CHINATELE...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
16 5
Apex Domain
Subdomains
Transfer
15 anscxnyn.com
client.anscxnyn.com
oss.anscxnyn.com
178 KB
1 anscxnyfrtg.com
18srv.anscxnyfrtg.com
2 KB
1 staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 48572
33 KB
0 whatsapp.com Failed
web.whatsapp.com Failed
16 4
Domain Requested by
10 oss.anscxnyn.com 1 redirects oss.anscxnyn.com
5 client.anscxnyn.com 2 redirects client.anscxnyn.com
1 18srv.anscxnyfrtg.com
1 cdn.staticfile.org oss.anscxnyn.com
0 web.whatsapp.com Failed oss.anscxnyn.com
16 5

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com
Subject Issuer Validity Valid
anscxnyn.com
E1
2023-10-02 -
2023-12-31
3 months crt.sh
*.staticfile.org
GeoTrust RSA CN CA G2
2023-09-08 -
2024-10-04
a year crt.sh
*.anscxnyfrtg.com
GTS CA 1P5
2023-10-02 -
2023-12-31
3 months crt.sh

This page contains 2 frames:

Primary Page: https://oss.anscxnyn.com/
Frame ID: 05C213483FD3093E5E409EBCC0A8E6D6
Requests: 14 HTTP requests in this frame

Frame: https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
Frame ID: 278C855F514C1654A03B1DBA39BB6D6B
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

WhatsApp

Page URL History Show full URLs

  1. http://client.anscxnyn.com/ Page URL
  2. http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-169631... HTTP 301
    http://client.anscxnyn.com/ HTTP 301
    https://oss.anscxnyn.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

63 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

212 kB
Transfer

713 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://client.anscxnyn.com/ Page URL
  2. http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-%2F HTTP 301
    http://client.anscxnyn.com/ HTTP 301
    https://oss.anscxnyn.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
client.anscxnyn.com/
4 KB
2 KB
Document
General
Full URL
http://client.anscxnyn.com/
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59d6b78431e7845e24ab5aff52355a29b5a02c1c173e9a0fef990f25dc07d710
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

CF-RAY
810312375833b4fa-OSL
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 03 Oct 2023 06:19:01 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2lyByMf51noosvbf%2FqYSdqbePFGcJUym2lg1maiogaFDRaFl0RH1drNIsMXfO%2F4M%2BtElz6Ub4k8lNWP6Z13JgfhjJL4TjufzhXLcj7IO%2FYZml3GPk64z2RdW%2B%2FhMnq0zOBZeHT418OS%2BdTGM2EDuVtP"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
cf.errors.css
client.anscxnyn.com/cdn-cgi/styles/
24 KB
5 KB
Stylesheet
General
Full URL
http://client.anscxnyn.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: client.anscxnyn.com
URL: http://client.anscxnyn.com/
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
no-NO,no;q=0.9
Referer
http://client.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Tue, 03 Oct 2023 06:19:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Sep 2023 11:52:30 GMT
Server
cloudflare
ETag
W/"6514177e-5e44"
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=7200, public
Connection
keep-alive
CF-RAY
81031237b886b4fa-OSL
Expires
Tue, 03 Oct 2023 08:19:01 GMT
icon-exclamation.png
client.anscxnyn.com/cdn-cgi/images/
452 B
889 B
Image
General
Full URL
http://client.anscxnyn.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: client.anscxnyn.com
URL: http://client.anscxnyn.com/cdn-cgi/styles/cf.errors.css
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
no-NO,no;q=0.9
Referer
http://client.anscxnyn.com/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Tue, 03 Oct 2023 06:19:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Sep 2023 11:52:30 GMT
Server
cloudflare
ETag
"6514177e-1c4"
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=7200, public
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
810312382907b4fa-OSL
Content-Length
452
Expires
Tue, 03 Oct 2023 08:19:01 GMT
Primary Request /
oss.anscxnyn.com/
Redirect Chain
  • http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-%2F
  • http://client.anscxnyn.com/
  • https://oss.anscxnyn.com/
18 KB
8 KB
Document
General
Full URL
https://oss.anscxnyn.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a684b03789a3325ef7891c8079dbdcece3d5c4d7c5334b8c8e2177fca67a85f

Request headers

Referer
http://client.anscxnyn.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
81031258dc3c1c0a-OSL
content-encoding
br
content-type
text/html
date
Tue, 03 Oct 2023 06:19:07 GMT
last-modified
Sat, 26 Aug 2023 18:05:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zmb5vJzfUXnhbTSW95IPVm1HG7VS8OZILUTTz3NDpN6E%2BeMyMj80qhk5jcShpJ%2BMmsrjj0NgNDjnOZr2Gwq%2FrICZWUkLMfswPuXXqK9sOgiI9awGOEvgkG%2Br%2Fpk7z3qQzaWUV2VpPMa0wvW7C4NE"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
81031257cc1fb4fa-OSL
Cache-Control
max-age=3600
Connection
keep-alive
Date
Tue, 03 Oct 2023 06:19:06 GMT
Expires
Tue, 03 Oct 2023 07:19:06 GMT
Location
https://oss.anscxnyn.com
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2oUThAcsa9WuO%2BAI3e0lFgwCAUPNWoiPytcrYDQDfxJYRIZik6A2bEOR0k%2Fu6Z9di07prw5b4sUEf9yfuB08c1nbt8GstHltOG8S8K2k6jQkof9t0e9yflbDl81UPvkCCJhPc9RCdSAofpJuVVT0uCWH"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/
91 KB
33 KB
Script
General
Full URL
https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
240e:908:8003:1:3::3fe , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN),
Reverse DNS
Software
Tengine /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

X-Log
X-Log
Date
Mon, 02 Oct 2023 16:14:42 GMT
Via
cache52.l2cn3102[88,89,304-0,M], cache39.l2cn3102[90,0], vcache10.cn3465[0,0,200-0,H], vcache11.cn3465[1,0]
Content-Encoding
gzip
X-Svr
IO
X-Reqid
7ssAAACf9e13VooX
Age
50667
X-Swift-CacheTime
86400
X-Cache
HIT TCP_MEM_HIT dirn:9:44890140
Content-Transfer-Encoding
binary
Content-Disposition
inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Connection
keep-alive
X-Swift-SaveTime
Mon, 02 Oct 2023 16:14:42 GMT
Content-Length
32989
Last-Modified
Tue, 16 Feb 2016 04:22:54 GMT
Server
Tengine
Etag
"FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz"
Access-Control-Max-Age
2592000
Ali-Swift-Global-Savetime
1696263282
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-Log, X-Reqid
Cache-Control
public, max-age=31536000
Vary
Accept-Encoding
Accept-Ranges
bytes
X-Qiniu-Zone
0
Timing-Allow-Origin
*
EagleId
2a65001f16963139498101784e
stylex-ce269a9819ee8f292840728689a22cc5.css
oss.anscxnyn.com/WhatsApp_files/
175 KB
43 KB
Stylesheet
General
Full URL
https://oss.anscxnyn.com/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 24 Aug 2023 08:02:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64e70e86-2bb72"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yX0kxFhLqL7Lax65uEsIPOFuo5MMSkw1FGj94DHc7dHCmz8wuAtQHKEp7Xp5PCtWsNK3BQLt2kqsdRuFnNmlkoTn7%2FucpB72rhWIDXylWNK%2Bwsl%2BdPdP6jmt6Nuv%2F0x%2Fm9850cR2CTmfyWwBPIg3"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
8103125b6d201c0a-OSL
alt-svc
h3=":443"; ma=86400
expires
Tue, 03 Oct 2023 18:19:07 GMT
app-6d34864fd47903428794.css
oss.anscxnyn.com/WhatsApp_files/
187 KB
56 KB
Stylesheet
General
Full URL
https://oss.anscxnyn.com/WhatsApp_files/app-6d34864fd47903428794.css
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 24 Aug 2023 08:01:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64e70e58-2eab4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U4pRK8gTQ%2B5WXJMd0TNbKlESoxfUxj%2BBJr7z0b4iJqGegls8HTbSngKBnInoyNA9PzEPiJPQou9kqdaiR7WtkxmH74yX4dFZir7UZ71Qguxs82qQ%2BFC7lKZAk95sLRbrJIU2%2FVOXN77bq%2F7493O3"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
8103125b6d211c0a-OSL
alt-svc
h3=":443"; ma=86400
expires
Tue, 03 Oct 2023 18:19:07 GMT
main~.b66100b3486cd1857cd3.css
oss.anscxnyn.com/WhatsApp_files/
21 KB
5 KB
Stylesheet
General
Full URL
https://oss.anscxnyn.com/WhatsApp_files/main~.b66100b3486cd1857cd3.css
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:07 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 24 Aug 2023 08:02:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64e70e83-55b9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZFLmpx%2FEi5kWMKwV2GQN9ceR9FAyxN%2FdWw3QjMivtVQD4q11aS0fXaIRkFSBodrYzjaYR%2BC4pKWtRWMbUP42A9dZOGqKqVMwNn3WxqTE3bMiDeUxoadZ8azaPbHJ%2FNoB8hM%2BQl7JB4MEBOM%2FbvK"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
8103125b6d221c0a-OSL
alt-svc
h3=":443"; ma=86400
expires
Tue, 03 Oct 2023 18:19:07 GMT
main.fdf0caa2786c3269572d.css
oss.anscxnyn.com/WhatsApp_files/
150 KB
30 KB
Stylesheet
General
Full URL
https://oss.anscxnyn.com/WhatsApp_files/main.fdf0caa2786c3269572d.css
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:07 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 24 Aug 2023 08:02:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64e70e82-257df"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9kokoADxb%2FovQmvrHo7naNz%2Fo3nfnj7aPQAiBMVxwVqnCS%2B0dKS7LEP5T%2FRQBc34f5%2BZM%2Fx%2FyeDMkQUaFX0yuOtYy9gs2JJ7xAKUTU%2FLshLh3q7YVghP7WZ60A6El47xLfgd8m2SJr2FXV5J288"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
8103125b6d231c0a-OSL
alt-svc
h3=":443"; ma=86400
expires
Tue, 03 Oct 2023 18:19:07 GMT
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
oss.anscxnyn.com/WhatsApp_files/
16 KB
16 KB
Image
General
Full URL
https://oss.anscxnyn.com/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

Request headers

Referer
https://oss.anscxnyn.com/
Origin
https://oss.anscxnyn.com
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:09 GMT
cf-cache-status
MISS
last-modified
Thu, 24 Aug 2023 08:02:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"64e70e83-3f83"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3FTrHtV3Kw7DnDESWx%2FuuJoJI%2FuZojPJJkf55JY%2BS9gX%2FQ274LRIESfOQ34sGJVNVtJXBXiFImkN7xuqZiCRgLI2m8IrmIvUB%2FKFgxSGH7%2B2qiYXh%2B0HNx08VPuW0NcBg8RhrwZKAxVTiV5pCoE"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
810312634f31568e-OSL
alt-svc
h3=":443"; ma=86400
content-length
16259
expires
Thu, 02 Nov 2023 06:19:08 GMT
binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/
0
0

main.js
oss.anscxnyn.com/
18 KB
6 KB
Script
General
Full URL
https://oss.anscxnyn.com/main.js?ver=1.11
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a449af42da1b5140cdfac11b04bcbd081af2b6c65eecac9005526ab3f6b13193

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 26 Aug 2023 18:05:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64ea3ed8-48ea"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32NeCAGUGzPdNJt%2Fum8zW9ogkpGsbFDKMG6u7Ka4xhJ0OOA7hd6zLN5q3eLEc%2BuHtJIk7JSfjVT78ksbxZ3mCr%2FdCk4Ev0RjVrUePv6Am98M5NT7NJT2nsPapmTi30p6%2BdaUUZEnHjeNVLXY%2FyRE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
81031260ada6568e-OSL
alt-svc
h3=":443"; ma=86400
expires
Tue, 03 Oct 2023 18:19:08 GMT
main.js
oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/ Frame 278C
Redirect Chain
  • https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
7 KB
4 KB
Script
General
Full URL
https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
Protocol
H3
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1eea3a63d50fc518be1eb9b92cb780f5530749d2693a45a190f458c90caa7aa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:10 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2iRV1YwXMMjm7wP9i55RKA0mANpNTkHP%2BTGxE5qlmLLpOYhX5CCcRryOCuQbD0xGkw3e%2FcwOMNhTjVOUs7TQ5Tm%2BVhCNseHS9u%2FK3OvOk8vkHpdrcGQQ4hf2ofoPz%2B%2F2%2BVRXegLPlf4LHq1e1mAh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
8103126fb974568e-OSL
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Tue, 03 Oct 2023 06:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C7%2F5tKZsnOAekEz0H9n1hyILV5fRhsMpZcbbl6vX2MYJBEd6rr2atR%2FXjTw4BDzyoIkK3ssOU2nkfGEKjONGum36ywhKvn7CQ91o2ppGHXAcM6tGNF%2Fr%2F717GepSge5w08WsSkaIlRvNQJHnxRGW"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
8103126f6911568e-OSL
alt-svc
h3=":443"; ma=86400
81031258dc3c1c0a
oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 278C
0
566 B
XHR
General
Full URL
https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/jsd/r/81031258dc3c1c0a
Requested by
Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 03 Oct 2023 06:19:12 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAqYzUC0SNCAQ%2FP%2BaS6DLSioi3G%2BhEyR0xFV7%2BslBzGIx0Vo3ZlXEXGd5tBuYrqYvvLjyvEs%2BICFGHtMEo5RtMkkeJ%2FnhReipSFWZ%2F%2BkEvD1OlDRwW7DCf8wBYzR6w%2F6bboIsp57QiMuu7kFllc%2B"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
810312714ae7568e-OSL
alt-svc
h3=":443"; ma=86400
89440125-44d8-4d7b-b076-eb7642a81f7d.png
18srv.anscxnyfrtg.com/qrcodes/
2 KB
2 KB
Image
General
Full URL
https://18srv.anscxnyfrtg.com/qrcodes/89440125-44d8-4d7b-b076-eb7642a81f7d.png?1696313951541
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:c0b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
eeacf1eb1c4037558556d95eeb866c4cb1a9081b7d155da47c6f36d1daf397dd

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://oss.anscxnyn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Tue, 03 Oct 2023 06:19:12 GMT
cf-cache-status
MISS
last-modified
Tue, 03 Oct 2023 06:19:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"6b0-18af430a8bc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IK8iDuo5FMJPBevqW54h4DhGs4XWUuh3I5E4saGUbopXZmhWYb%2BIkjnKcQNIeGwp0rGpP4C3RW5W%2Fqt1SpIjKw%2FXPOXEfrnOy8DwwT4BiqMDPyLWoVGDaRvXJkMsEDkrbupueRUvnrhM0j7RJ5R8ONDHxXg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
81031275dfe9b521-OSL
alt-svc
h3=":443"; ma=86400
content-length
1712
89440125-44d8-4d7b-b076-eb7642a81f7d.png
18srv.anscxnyfrtg.com/qrcodes/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
web.whatsapp.com
URL
https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
Domain
18srv.anscxnyfrtg.com
URL
https://18srv.anscxnyfrtg.com/qrcodes/89440125-44d8-4d7b-b076-eb7642a81f7d.png?1696313954542

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| $ function| jQuery function| guid function| getUUID string| uuid boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme string| version_ function| _0x1348 function| _0x453797 function| _0x4d44 string| srv number| i_referer number| isEnable function| xorEncryptDecrypt object| ws function| status_callback function| refershQrCode object| json number| code string| qrcode_text

2 Cookies

Domain/Path Name / Value
.client.anscxnyn.com/ Name: __cf_mw_byp
Value: qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-/
.anscxnyn.com/ Name: cf_clearance
Value: HkuBVYiuB00.lk0jvQK.ybbjcrPxxACX9JkOrRezjHs-1696313952-0-1-75a197d0.9da8bc48.65696221-0.2.1696313952

2 Console Messages

Source Level URL
Text
javascript error URL: https://oss.anscxnyn.com/
Message:
Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://oss.anscxnyn.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN