oss.anscxnyn.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://client.anscxnyn.com/
Effective URL:
https://oss.anscxnyn.com/
Submission: On October 03 via manual (October 3rd 2023, 6:19:15 am UTC) from HK — Scanned from NO

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is oss.anscxnyn.com.
TLS certificate: Issued by E1 on October 2nd 2023. Valid for: 3 months.

This is the only time oss.anscxnyn.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
2 5	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 10	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	240e:908:8003... 240e:908:8003:1:3::3fe	137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province)
1	2606:4700:303... 2606:4700:3033::ac43:c0b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	5

5 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

client.anscxnyn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

oss.anscxnyn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:908:8003:1:3::3fe (China)

ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:c0b0 (United States)

ASN13335 (CLOUDFLARENET, US)

18srv.anscxnyfrtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	anscxnyn.com 3 redirects client.anscxnyn.com oss.anscxnyn.com	178 KB
1	anscxnyfrtg.com 18srv.anscxnyfrtg.com	2 KB
1	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 48572	33 KB
0	whatsapp.com Failed web.whatsapp.com Failed
16	4

	Domain	Requested by
10	oss.anscxnyn.com	1 redirects oss.anscxnyn.com
5	client.anscxnyn.com	2 redirects client.anscxnyn.com
1	18srv.anscxnyfrtg.com
1	cdn.staticfile.org	oss.anscxnyn.com
0	web.whatsapp.com Failed	oss.anscxnyn.com
16	5

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com

Subject Issuer	Validity	Valid
anscxnyn.com E1	`2023-10-02` - `2023-12-31`	3 months	crt.sh
*.staticfile.org GeoTrust RSA CN CA G2	`2023-09-08` - `2024-10-04`	a year	crt.sh
*.anscxnyfrtg.com GTS CA 1P5	`2023-10-02` - `2023-12-31`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://oss.anscxnyn.com/
Frame ID: 05C213483FD3093E5E409EBCC0A8E6D6
Requests: 14 HTTP requests in this frame

Frame: https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
Frame ID: 278C855F514C1654A03B1DBA39BB6D6B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page URL History Show full URLs

http://client.anscxnyn.com/ Page URL
http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-169631... HTTP 301
http://client.anscxnyn.com/ HTTP 301
https://oss.anscxnyn.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

63 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

212 kB
Transfer

713 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.whatsapp.com/1317564962315842?lang=en
Title: Need help to get started?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://client.anscxnyn.com/ Page URL
http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-%2F HTTP 301
http://client.anscxnyn.com/ HTTP 301
https://oss.anscxnyn.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
client.anscxnyn.com/ 4 KB
2 KB 107ms
55ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://client.anscxnyn.com/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59d6b78431e7845e24ab5aff52355a29b5a02c1c173e9a0fef990f25dc07d710

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

CF-RAY: 810312375833b4fa-OSL
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 03 Oct 2023 06:19:01 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2lyByMf51noosvbf%2FqYSdqbePFGcJUym2lg1maiogaFDRaFl0RH1drNIsMXfO%2F4M%2BtElz6Ub4k8lNWP6Z13JgfhjJL4TjufzhXLcj7IO%2FYZml3GPk64z2RdW%2B%2FhMnq0zOBZeHT418OS%2BdTGM2EDuVtP"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
client.anscxnyn.com/cdn-cgi/styles/ 24 KB
5 KB 44ms
43ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://client.anscxnyn.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: client.anscxnyn.com
URL: http://client.anscxnyn.com/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: no-NO,no;q=0.9
Referer: http://client.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Tue, 03 Oct 2023 06:19:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT
Server: cloudflare
ETag: W/"6514177e-5e44"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 81031237b886b4fa-OSL
Expires: Tue, 03 Oct 2023 08:19:01 GMT

GET
H/1.1 200
OK icon-exclamation.png
client.anscxnyn.com/cdn-cgi/images/ 452 B
889 B 43ms
43ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://client.anscxnyn.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: client.anscxnyn.com
URL: http://client.anscxnyn.com/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: no-NO,no;q=0.9
Referer: http://client.anscxnyn.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Tue, 03 Oct 2023 06:19:01 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT
Server: cloudflare
ETag: "6514177e-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 810312382907b4fa-OSL
Content-Length: 452
Expires: Tue, 03 Oct 2023 08:19:01 GMT

GET
H2

200

Primary Request / Show response
oss.anscxnyn.com/
Redirect Chain

http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-%2F
http://client.anscxnyn.com/
https://oss.anscxnyn.com/

18 KB
8 KB

524ms
405ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a684b03789a3325ef7891c8079dbdcece3d5c4d7c5334b8c8e2177fca67a85f

Request headers

Referer: http://client.anscxnyn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81031258dc3c1c0a-OSL
content-encoding: br
content-type: text/html
date: Tue, 03 Oct 2023 06:19:07 GMT
last-modified: Sat, 26 Aug 2023 18:05:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zmb5vJzfUXnhbTSW95IPVm1HG7VS8OZILUTTz3NDpN6E%2BeMyMj80qhk5jcShpJ%2BMmsrjj0NgNDjnOZr2Gwq%2FrICZWUkLMfswPuXXqK9sOgiI9awGOEvgkG%2Br%2Fpk7z3qQzaWUV2VpPMa0wvW7C4NE"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 81031257cc1fb4fa-OSL
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 03 Oct 2023 06:19:06 GMT
Expires: Tue, 03 Oct 2023 07:19:06 GMT
Location: https://oss.anscxnyn.com
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2oUThAcsa9WuO%2BAI3e0lFgwCAUPNWoiPytcrYDQDfxJYRIZik6A2bEOR0k%2Fu6Z9di07prw5b4sUEf9yfuB08c1nbt8GstHltOG8S8K2k6jQkof9t0e9yflbDl81UPvkCCJhPc9RCdSAofpJuVVT0uCWH"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK jquery.min.js Show response
cdn.staticfile.org/jquery/1.10.2/ 91 KB
33 KB 2524ms
317ms Script
application/javascript 240e:908:8003:1:3::3fe
CHINATELECOM-HEIL...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 240e:908:8003:1:3::3fe , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN),
Reverse DNS
Software: Tengine /
Resource Hash: 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

X-Log: X-Log
Date: Mon, 02 Oct 2023 16:14:42 GMT
Via: cache52.l2cn3102[88,89,304-0,M], cache39.l2cn3102[90,0], vcache10.cn3465[0,0,200-0,H], vcache11.cn3465[1,0]
Content-Encoding: gzip
X-Svr: IO
X-Reqid: 7ssAAACf9e13VooX
Age: 50667
X-Swift-CacheTime: 86400
X-Cache: HIT TCP_MEM_HIT dirn:9:44890140
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Connection: keep-alive
X-Swift-SaveTime: Mon, 02 Oct 2023 16:14:42 GMT
Content-Length: 32989
Last-Modified: Tue, 16 Feb 2016 04:22:54 GMT
Server: Tengine
Etag: "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz"
Access-Control-Max-Age: 2592000
Ali-Swift-Global-Savetime: 1696263282
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Vary: Accept-Encoding
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2a65001f16963139498101784e

GET
H2 200 stylex-ce269a9819ee8f292840728689a22cc5.css
oss.anscxnyn.com/WhatsApp_files/ 175 KB
43 KB 795ms
794ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 24 Aug 2023 08:02:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64e70e86-2bb72"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yX0kxFhLqL7Lax65uEsIPOFuo5MMSkw1FGj94DHc7dHCmz8wuAtQHKEp7Xp5PCtWsNK3BQLt2kqsdRuFnNmlkoTn7%2FucpB72rhWIDXylWNK%2Bwsl%2BdPdP6jmt6Nuv%2F0x%2Fm9850cR2CTmfyWwBPIg3"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 8103125b6d201c0a-OSL
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 18:19:07 GMT

GET
H2 200 app-6d34864fd47903428794.css
oss.anscxnyn.com/WhatsApp_files/ 187 KB
56 KB 813ms
811ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/WhatsApp_files/app-6d34864fd47903428794.css
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 24 Aug 2023 08:01:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64e70e58-2eab4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U4pRK8gTQ%2B5WXJMd0TNbKlESoxfUxj%2BBJr7z0b4iJqGegls8HTbSngKBnInoyNA9PzEPiJPQou9kqdaiR7WtkxmH74yX4dFZir7UZ71Qguxs82qQ%2BFC7lKZAk95sLRbrJIU2%2FVOXN77bq%2F7493O3"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 8103125b6d211c0a-OSL
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 18:19:07 GMT

GET
H2 200 main~.b66100b3486cd1857cd3.css
oss.anscxnyn.com/WhatsApp_files/ 21 KB
5 KB 414ms
413ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/WhatsApp_files/main~.b66100b3486cd1857cd3.css
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:07 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 24 Aug 2023 08:02:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64e70e83-55b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZFLmpx%2FEi5kWMKwV2GQN9ceR9FAyxN%2FdWw3QjMivtVQD4q11aS0fXaIRkFSBodrYzjaYR%2BC4pKWtRWMbUP42A9dZOGqKqVMwNn3WxqTE3bMiDeUxoadZ8azaPbHJ%2FNoB8hM%2BQl7JB4MEBOM%2FbvK"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 8103125b6d221c0a-OSL
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 18:19:07 GMT

GET
H2 200 main.fdf0caa2786c3269572d.css
oss.anscxnyn.com/WhatsApp_files/ 150 KB
30 KB 587ms
586ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/WhatsApp_files/main.fdf0caa2786c3269572d.css
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:07 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 24 Aug 2023 08:02:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64e70e82-257df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9kokoADxb%2FovQmvrHo7naNz%2Fo3nfnj7aPQAiBMVxwVqnCS%2B0dKS7LEP5T%2FRQBc34f5%2BZM%2Fx%2FyeDMkQUaFX0yuOtYy9gs2JJ7xAKUTU%2FLshLh3q7YVghP7WZ60A6El47xLfgd8m2SJr2FXV5J288"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 8103125b6d231c0a-OSL
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 18:19:07 GMT

GET
H3 200 qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
oss.anscxnyn.com/WhatsApp_files/ 16 KB
16 KB 614ms
613ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oss.anscxnyn.com/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

Request headers

Referer: https://oss.anscxnyn.com/
Origin: https://oss.anscxnyn.com
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:09 GMT
cf-cache-status: MISS
last-modified: Thu, 24 Aug 2023 08:02:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64e70e83-3f83"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3FTrHtV3Kw7DnDESWx%2FuuJoJI%2FuZojPJJkf55JY%2BS9gX%2FQ274LRIESfOQ34sGJVNVtJXBXiFImkN7xuqZiCRgLI2m8IrmIvUB%2FKFgxSGH7%2B2qiYXh%2B0HNx08VPuW0NcBg8RhrwZKAxVTiV5pCoE"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 810312634f31568e-OSL
alt-svc: h3=":443"; ma=86400
content-length: 16259
expires: Thu, 02 Nov 2023 06:19:08 GMT

GET binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/ 0
0

GET
H3 200 main.js Show response
oss.anscxnyn.com/ 18 KB
6 KB 416ms
415ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/main.js?ver=1.11
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a449af42da1b5140cdfac11b04bcbd081af2b6c65eecac9005526ab3f6b13193

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 26 Aug 2023 18:05:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64ea3ed8-48ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32NeCAGUGzPdNJt%2Fum8zW9ogkpGsbFDKMG6u7Ka4xhJ0OOA7hd6zLN5q3eLEc%2BuHtJIk7JSfjVT78ksbxZ3mCr%2FdCk4Ev0RjVrUePv6Am98M5NT7NJT2nsPapmTi30p6%2BdaUUZEnHjeNVLXY%2FyRE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 81031260ada6568e-OSL
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 18:19:08 GMT

GET
H3

200

main.js Show response
oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/ Frame 278C
Redirect Chain

https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

7 KB
4 KB

48ms
47ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1eea3a63d50fc518be1eb9b92cb780f5530749d2693a45a190f458c90caa7aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:10 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2iRV1YwXMMjm7wP9i55RKA0mANpNTkHP%2BTGxE5qlmLLpOYhX5CCcRryOCuQbD0xGkw3e%2FcwOMNhTjVOUs7TQ5Tm%2BVhCNseHS9u%2FK3OvOk8vkHpdrcGQQ4hf2ofoPz%2B%2F2%2BVRXegLPlf4LHq1e1mAh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8103126fb974568e-OSL
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 03 Oct 2023 06:19:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C7%2F5tKZsnOAekEz0H9n1hyILV5fRhsMpZcbbl6vX2MYJBEd6rr2atR%2FXjTw4BDzyoIkK3ssOU2nkfGEKjONGum36ywhKvn7CQ91o2ppGHXAcM6tGNF%2Fr%2F717GepSge5w08WsSkaIlRvNQJHnxRGW"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 8103126f6911568e-OSL
alt-svc: h3=":443"; ma=86400

POST
H3 200 81031258dc3c1c0a Show response
oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 278C 0
566 B 1946ms
1942ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/jsd/r/81031258dc3c1c0a
Requested by: Host: oss.anscxnyn.com
URL: https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 03 Oct 2023 06:19:12 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAqYzUC0SNCAQ%2FP%2BaS6DLSioi3G%2BhEyR0xFV7%2BslBzGIx0Vo3ZlXEXGd5tBuYrqYvvLjyvEs%2BICFGHtMEo5RtMkkeJ%2FnhReipSFWZ%2F%2BkEvD1OlDRwW7DCf8wBYzR6w%2F6bboIsp57QiMuu7kFllc%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 810312714ae7568e-OSL
alt-svc: h3=":443"; ma=86400

GET
H3 200 89440125-44d8-4d7b-b076-eb7642a81f7d.png
18srv.anscxnyfrtg.com/qrcodes/ 2 KB
2 KB 703ms
606ms Image
image/png 2606:4700:3033::ac43:c0b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://18srv.anscxnyfrtg.com/qrcodes/89440125-44d8-4d7b-b076-eb7642a81f7d.png?1696313951541
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: eeacf1eb1c4037558556d95eeb866c4cb1a9081b7d155da47c6f36d1daf397dd

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://oss.anscxnyn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:19:12 GMT
cf-cache-status: MISS
last-modified: Tue, 03 Oct 2023 06:19:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"6b0-18af430a8bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IK8iDuo5FMJPBevqW54h4DhGs4XWUuh3I5E4saGUbopXZmhWYb%2BIkjnKcQNIeGwp0rGpP4C3RW5W%2Fqt1SpIjKw%2FXPOXEfrnOy8DwwT4BiqMDPyLWoVGDaRvXJkMsEDkrbupueRUvnrhM0j7RJ5R8ONDHxXg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 81031275dfe9b521-OSL
alt-svc: h3=":443"; ma=86400
content-length: 1712

GET 89440125-44d8-4d7b-b076-eb7642a81f7d.png
18srv.anscxnyfrtg.com/qrcodes/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Domain: 18srv.anscxnyfrtg.com
URL: https://18srv.anscxnyfrtg.com/qrcodes/89440125-44d8-4d7b-b076-eb7642a81f7d.png?1696313954542

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.client.anscxnyn.com/	1970-01-20 15:13:20	Name: __cf_mw_byp Value: qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-/
			.anscxnyn.com/	1970-01-20 23:57:29	Name: cf_clearance Value: HkuBVYiuB00.lk0jvQK.ybbjcrPxxACX9JkOrRezjHs-1696313952-0-1-75a197d0.9da8bc48.65696221-0.2.1696313952

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://oss.anscxnyn.com/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://oss.anscxnyn.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

18srv.anscxnyfrtg.com
cdn.staticfile.org
client.anscxnyn.com
oss.anscxnyn.com
web.whatsapp.com
18srv.anscxnyfrtg.com
web.whatsapp.com
240e:908:8003:1:3::3fe
2606:4700:3033::ac43:c0b0
2a06:98c1:3120::3
2a06:98c1:3121::3
0a684b03789a3325ef7891c8079dbdcece3d5c4d7c5334b8c8e2177fca67a85f
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
59d6b78431e7845e24ab5aff52355a29b5a02c1c173e9a0fef990f25dc07d710
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
a1eea3a63d50fc518be1eb9b92cb780f5530749d2693a45a190f458c90caa7aa
a449af42da1b5140cdfac11b04bcbd081af2b6c65eecac9005526ab3f6b13193
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeacf1eb1c4037558556d95eeb866c4cb1a9081b7d155da47c6f36d1daf397dd
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

oss.anscxnyn.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

63 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

212 kBTransfer

713 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

2 Cookies

2 Console Messages

Security Headers

Indicators

oss.anscxnyn.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

63 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

212 kB
Transfer

713 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!