0/100

high Risk

anonflare.cc

https://anonflare.cc/

104.21.79.77 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

2 days ⚠

HTTP

200 · 27.7s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Redirect Chain (2 hops)

302https://anonflare.cc/

302https://anonflare.cc/en/

Visual Evidence

Zoom

Title: "Website proxying"

Save

Domain Intelligence: anonflare.cc

Scanned 2 times since Mar 20, 2026, 02:04 AM UTC

✗ Critical (76)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Anonflare

Unknown

technology | ecommerce | finance | cryptocurrency | other · 4/5/2026

Summary

The site anonflare.cc presents as a website proxying service with a dashboard-like UI. The page title and UI text reference website proxying features, and the site is hosted behind Cloudflare. Visuals from the screenshot show an admin-like interface, but there is no recognizable consumer brand being impersonated. The domain is extremely new (2 days) and uses a free Let's Encrypt certificate; network activity includes multiple external JS/CSS assets and a POST to a CDN-rum endpoint, which may be used for telemetry or data exfiltration. The SPA nature suggests credential collection could be implemented client-side in scripts despite no static forms in HTML.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://anonflare.cc/cdn-cgi/rum?.

▸Distinctive asset clues: bootstrap.bundle.min.js, jquery-3.3.1.min.js, ladda-themeless.min.css, metisMenu.min.css, logo.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 54

Hosts: 4

Domains: 4

Attack Techniques (4)

SPA architecture with credential capture potentially rendered client-side (0 static forms, many JS bundles)Cloudflare protection present (hosted behind WAF/CDN) – common in phishing setups to evade scanningExternal asset loading from multiple JS/CSS files (branding assets or credential capture logic embedded in bundles)POST to https://anonflare.cc/cdn-cgi/rum? observed, which could be used for data collection or exfiltration

Indicators of Compromise (0)

No specific IOCs identified in source

Risk AssessmentUsed in abuse reports

Highly suspicious; the domain anonflare.cc is extremely new (2 days) and is hosted behind Cloudflare with a free Let's Encrypt certificate, a pattern often seen in ephemeral phishing infrastructure. The site displays a dashboard-like UI under the brand Anonflare, but there is no explicit alignment with a known legitimate brand. The SPA architecture and large set of external scripts, plus a POST to a potential telemetry or data endpoint, strongly suggest credential or data harvesting capabilities embedded in the client-side code. Given the lack of an obvious legitimate branding and the aggressiveness of the setup, this domain should be treated as malicious and blocked. The presence of a 302/200 redirect chain and the explicit focus on proxy services amplify the risk of abuse and misdirection.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence