oss.anscxnyn.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://oss.anscxnyn.com/
Submission: On October 03 via manual from HK — Scanned from NO
Summary
TLS certificate: Issued by E1 on October 2nd 2023. Valid for: 3 months.
This is the only time oss.anscxnyn.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online) WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 5 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 10 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 240e:908:8003... 240e:908:8003:1:3::3fe | 137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province) | |
1 | 2606:4700:303... 2606:4700:3033::ac43:c0b0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 5 |
ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)
cdn.staticfile.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
anscxnyn.com
3 redirects
client.anscxnyn.com oss.anscxnyn.com |
178 KB |
1 |
anscxnyfrtg.com
18srv.anscxnyfrtg.com |
2 KB |
1 |
staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 48572 |
33 KB |
0 |
whatsapp.com
Failed
web.whatsapp.com Failed |
|
16 | 4 |
Domain | Requested by | |
---|---|---|
10 | oss.anscxnyn.com |
1 redirects
oss.anscxnyn.com
|
5 | client.anscxnyn.com |
2 redirects
client.anscxnyn.com
|
1 | 18srv.anscxnyfrtg.com | |
1 | cdn.staticfile.org |
oss.anscxnyn.com
|
0 | web.whatsapp.com Failed |
oss.anscxnyn.com
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
faq.whatsapp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
anscxnyn.com E1 |
2023-10-02 - 2023-12-31 |
3 months | crt.sh |
*.staticfile.org GeoTrust RSA CN CA G2 |
2023-09-08 - 2024-10-04 |
a year | crt.sh |
*.anscxnyfrtg.com GTS CA 1P5 |
2023-10-02 - 2023-12-31 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://oss.anscxnyn.com/
Frame ID: 05C213483FD3093E5E409EBCC0A8E6D6
Requests: 14 HTTP requests in this frame
Frame:
https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
Frame ID: 278C855F514C1654A03B1DBA39BB6D6B
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
WhatsAppPage URL History Show full URLs
- http://client.anscxnyn.com/ Page URL
-
http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-169631...
HTTP 301
http://client.anscxnyn.com/ HTTP 301
https://oss.anscxnyn.com/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Need help to get started?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://client.anscxnyn.com/ Page URL
-
http://client.anscxnyn.com/cdn-cgi/phish-bypass?atok=qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-%2F
HTTP 301
http://client.anscxnyn.com/ HTTP 301
https://oss.anscxnyn.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- https://oss.anscxnyn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
client.anscxnyn.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
client.anscxnyn.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
client.anscxnyn.com/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
oss.anscxnyn.com/ Redirect Chain
|
18 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/ |
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylex-ce269a9819ee8f292840728689a22cc5.css
oss.anscxnyn.com/WhatsApp_files/ |
175 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-6d34864fd47903428794.css
oss.anscxnyn.com/WhatsApp_files/ |
187 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main~.b66100b3486cd1857cd3.css
oss.anscxnyn.com/WhatsApp_files/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.fdf0caa2786c3269572d.css
oss.anscxnyn.com/WhatsApp_files/ |
150 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
oss.anscxnyn.com/WhatsApp_files/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
oss.anscxnyn.com/ |
18 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/ Frame 278C Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
81031258dc3c1c0a
oss.anscxnyn.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 278C |
0 566 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
89440125-44d8-4d7b-b076-eb7642a81f7d.png
18srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
89440125-44d8-4d7b-b076-eb7642a81f7d.png
18srv.anscxnyfrtg.com/qrcodes/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.whatsapp.com
- URL
- https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
- Domain
- 18srv.anscxnyfrtg.com
- URL
- https://18srv.anscxnyfrtg.com/qrcodes/89440125-44d8-4d7b-b076-eb7642a81f7d.png?1696313954542
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online) WhatsApp (Instant Messenger)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture function| $ function| jQuery function| guid function| getUUID string| uuid boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme string| version_ function| _0x1348 function| _0x453797 function| _0x4d44 string| srv number| i_referer number| isEnable function| xorEncryptDecrypt object| ws function| status_callback function| refershQrCode object| json number| code string| qrcode_text2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.client.anscxnyn.com/ | Name: __cf_mw_byp Value: qi49cPAmVb9u7gQLDotcL79AC3KYknlO4redGP8yzK8-1696313941-0-/ |
|
.anscxnyn.com/ | Name: cf_clearance Value: HkuBVYiuB00.lk0jvQK.ybbjcrPxxACX9JkOrRezjHs-1696313952-0-1-75a197d0.9da8bc48.65696221-0.2.1696313952 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
18srv.anscxnyfrtg.com
cdn.staticfile.org
client.anscxnyn.com
oss.anscxnyn.com
web.whatsapp.com
18srv.anscxnyfrtg.com
web.whatsapp.com
240e:908:8003:1:3::3fe
2606:4700:3033::ac43:c0b0
2a06:98c1:3120::3
2a06:98c1:3121::3
0a684b03789a3325ef7891c8079dbdcece3d5c4d7c5334b8c8e2177fca67a85f
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
59d6b78431e7845e24ab5aff52355a29b5a02c1c173e9a0fef990f25dc07d710
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
a1eea3a63d50fc518be1eb9b92cb780f5530749d2693a45a190f458c90caa7aa
a449af42da1b5140cdfac11b04bcbd081af2b6c65eecac9005526ab3f6b13193
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeacf1eb1c4037558556d95eeb866c4cb1a9081b7d155da47c6f36d1daf397dd
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016