anonflare.com

https://anonflare.com/en/

172.67.169.126 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

376 days

HTTP

200 · 26.5s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Website proxying"

Save

Domain Intelligence: anonflare.com

Scanned 4 times since Mar 17, 2026, 10:46 AM UTC

ℹ Low (5)

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Anonflare

Unknown

Technology · 6/3/2026

Summary

The page presents a service branded as Anonflare with UI elements for Websites, Anti-GSB, Proxy, sign-in, and other account-management features. The final URL shows /en/sites and the page title is Website proxying, but the screenshot displays a structured dashboard layout typical of a legitimate service rather than a classic credential-phishing landing. Evidence suggests this is a proxy/hosting-related service rather than a straightforward credential theft site; however, the SPA-style page and external script loading create potential for credential capture if forms are rendered client-side. The domain age is over a year and SSL is present, but the content primarily describes proxying services rather than impersonating a well-known brand in this context.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://anonflare.com/cdn-cgi/rum?.

▸Distinctive asset clues: jquery-3.3.1.min.js, bootstrap.bundle.min.js, css, sweetalert2.min.css, logo.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 53

Hosts: 4

Domains: 4

Observed Signals (1)

Suspicious POST target observed to /cdn-cgi/rum? (likely a WAF analytics endpoint) but not conclusive for credential collection

Observed Indicators (0)

No suspicious indicators identified

Risk AssessmentUsed in abuse reports

The scan identifies Anonflare's own domain presenting a Websites/Proxy dashboard with sign-in options, suggesting this is the operator’s own service. While there is potential for credential capture in SPA-rendered forms, the evidence currently shows legitimate branding for an anonymizing/proxying service rather than impersonation of a third-party brand. The presence of a login-related UI and SPA approach warrants caution and monitoring for potential credential theft on interaction, but there is no definitive impersonation of a well-known brand based on the signals provided. Recommend continued monitoring and verification of any credential submission endpoints if they appear in traffic.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence