paxfui.com Open in urlscan Pro
2001:bc8:4::2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paxfui.com/
Effective URL:
https://paxfui.com/login/
Submission: On May 25 via automatic, source openphish (May 25th 2020, 12:20:03 am UTC)

Summary HTTP 18 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 2001:bc8:4::2, located in France and belongs to Online SAS, FR. The main domain is paxfui.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 16th 2020. Valid for: 3 months.

This is the only time paxfui.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Paxful (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 15	2001:bc8:4::2 2001:bc8:4::2	12876 (Online SAS) (Online SAS)
1 1	62.210.16.61 62.210.16.61	12876 (Online SAS) (Online SAS)
4	104.18.73.113 104.18.73.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2

15 2001:bc8:4::2 (France) 1 redirects

ASN12876 (Online SAS, FR)

paxfui.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.210.16.61 (France) 1 redirects

ASN12876 (Online SAS, FR)
PTR: pf-lb-1.online.net

www.paxfui.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.73.113 (United States)

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	paxfui.com 2 redirects paxfui.com www.paxfui.com	211 KB
4	zdassets.com static.zdassets.com	458 KB
18	2

	Domain	Requested by
15	paxfui.com	1 redirects paxfui.com
4	static.zdassets.com	paxfui.com
1	www.paxfui.com	1 redirects
18	3

This site contains links to these domains. Also see Links.

Domain
paxful.com

Subject Issuer	Validity	Valid
paxfui.com Let's Encrypt Authority X3	`2020-05-16` - `2020-08-14`	3 months	crt.sh
*.zdassets.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-25` - `2021-05-31`	2 years	crt.sh

This page contains 3 frames:

Primary Page: https://paxfui.com/login/
Frame ID: B8C8589D38B570C13851F50F2725C7E4
Requests: 12 HTTP requests in this frame

Frame: https://paxfui.com/login/app/support.html
Frame ID: F7FBFEA80025ADAB41CC0C5B209D1651
Requests: 5 HTTP requests in this frame

Frame: https://paxfui.com/login/app/contact.html
Frame ID: 0223836E1E00AC43D8E36127D0354D8B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://paxfui.com/ Page URL
https://paxfui.com/login HTTP 301
http://www.paxfui.com/login/ HTTP 301
https://paxfui.com/login/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

18
Requests

94 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

669 kB
Transfer

3221 kB
Size

0
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://paxful.com/cookie-policy
Title: Learn more

Search URL Search Domain Scan URL

URL: https://paxful.com/

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/en?back=login
Title: English

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/ru?back=login
Title: Русский

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/zh_CN?back=login
Title: 简体中文(SC)

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/zh_TW?back=login
Title: 繁體中文(TC)

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/es?back=login
Title: Español

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/pt?back=login
Title: Português

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/pt_BR?back=login
Title: Português brasileiro

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/fr?back=login
Title: Français

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/de?back=login
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/it?back=login
Title: Italiano

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/id?back=login
Title: Bahasa Indonesia

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/tr?back=login
Title: Türkçe

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/ja?back=login
Title: 日本語

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/vi?back=login
Title: Tiếng Việt

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/ms?back=login
Title: Bahasa Melayu

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/tl?back=login
Title: Wikang Tagalog

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/ko?back=login
Title: 한국어

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/cs?back=login
Title: Čeština

Search URL Search Domain Scan URL

URL: https://paxful.com/set-locale/pl?back=login
Title: Polski

Search URL Search Domain Scan URL

URL: https://paxful.com/register
Title: Create account

Search URL Search Domain Scan URL

URL: https://paxful.com/forgot-password
Title: Forgot password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paxfui.com/ Page URL
https://paxfui.com/login HTTP 301
http://www.paxfui.com/login/ HTTP 301
https://paxfui.com/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
paxfui.com/ 167 B
440 B 81ms
17ms Document
text/html 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://paxfui.com/
Protocol: HTTP/1.1
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6ff016b900ad608981efe5005d924ab0fcb29e5884ae34cbbbceb1ca984bcc26

Request headers

Host: paxfui.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx
Date: Mon, 25 May 2020 00:19:31 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
Last-Modified: Fri, 22 May 2020 06:59:18 GMT
ETag: "a7-5a6372b005507-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1

200
OK

Primary Request / Show response
paxfui.com/login/
Redirect Chain

https://paxfui.com/login
http://www.paxfui.com/login/
https://paxfui.com/login/

93 KB
24 KB

36ms
36ms

Document
text/html

2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: e96975ee855e4e24d299670a458f220d9d1950ee75e380bffa9a7daeec343c6e

Request headers

Host: paxfui.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: http://paxfui.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://paxfui.com/

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Type: text/html
Content-Length: 24649
Connection: keep-alive
Last-Modified: Sat, 23 May 2020 01:25:19 GMT
ETag: "17467-5a6469e75c357-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
server: nginx

Redirect headers

Server: nginx
Date: Mon, 25 May 2020 00:19:31 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 313
Connection: keep-alive
Location: https://paxfui.com/login/

GET
H/1.1 200
OK vanilla.css
paxfui.com/login/app/ 359 KB
47 KB 47ms
45ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/vanilla.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: c7a0e47542f8a651ff0c4afbca327468457232e581d264c15510c947a382f6f0

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:38 GMT
server: nginx
ETag: "59ad1-5a637250b966d-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 48079

GET
H/1.1 200
OK ts.css
paxfui.com/login/app/ 610 KB
73 KB 90ms
58ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/ts.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3439a23fcdafb0ab64c2cddec6ad38064d4980608539a3289edc6e0690d7b247

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:38 GMT
server: nginx
ETag: "98682-5a6372510e5e0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK global.css
paxfui.com/login/app/ 489 B
564 B 63ms
30ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/global.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 5a90fb0070fd9c732b654e7025a241166f48df3400d16b3d37cec402e2d5d9ee

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:35 GMT
server: nginx
ETag: "1e9-5a63724e456fb-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 277

GET
H/1.1 200
OK global-bootstrap.css
paxfui.com/login/app/ 172 B
428 B 62ms
30ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/global-bootstrap.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: f54eef712a4f985f5ad0f8c8799ccac66f4cb2143ffa38b0c50a18c38fa50a40

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:35 GMT
server: nginx
ETag: "ac-5a63724e2c0b5-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 142

GET
H/1.1 200
OK LoginPage.chunk.css
paxfui.com/login/app/ 5 KB
2 KB 63ms
31ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/LoginPage.chunk.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 0e94d0245b6926985a59ff3a2d497b0a130de615b0b878e119fd9f28f160a909

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:36 GMT
server: nginx
ETag: "13a1-5a63724ea61f2-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1305

GET
H/1.1 200
OK style_https.1.5.8.css
paxfui.com/login/app/ 40 KB
5 KB 64ms
31ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/style_https.1.5.8.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:37 GMT
server: nginx
ETag: "9efe-5a63724f9852a-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4729

GET
H/1.1 200
OK logo-dark-8d19bec5dfbd87572706e63eb94fead2.svg
paxfui.com/login/app/ 2 KB
1 KB 18ms
17ms Image
image/svg+xml 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paxfui.com/login/app/logo-dark-8d19bec5dfbd87572706e63eb94fead2.svg
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6a868752dedb71ae5a04d2859bcff2bb37a540f6e6a051e9c255d0c6984d7eb5

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:36 GMT
server: nginx
ETag: W/"689-5a63724f0da4a"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK https-label-2bb876d2763bd9bf6e8a2074fdf9429f.png
paxfui.com/login/app/ 1 KB
1 KB 19ms
17ms Image
image/png 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paxfui.com/login/app/https-label-2bb876d2763bd9bf6e8a2074fdf9429f.png
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 940288b4b764d5af42eb0dad0dfd95972b4eaeb17effeaaef3a9ab85054b6719

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Last-Modified: Fri, 22 May 2020 06:57:36 GMT
server: nginx
ETag: "4e0-5a63724ea61f2"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1248

GET
H/1.1 200
OK cookieconsent.min.css
paxfui.com/login/app/ 4 KB
1 KB 20ms
18ms Stylesheet
text/css 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/cookieconsent.min.css
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 May 2020 06:57:35 GMT
server: nginx
ETag: "f62-5a63724dcc55f-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1182

GET
H/1.1 200
OK support.html Show response
paxfui.com/login/app/ Frame F7FB 1 KB
651 B 17ms
17ms Document
text/html 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/support.html
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 50c05c2f75d9b2347c3a249d12c310fe985fbccf5dd0cf0fde096690f8251725

Request headers

Host: paxfui.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://paxfui.com/login/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://paxfui.com/login/

Response headers

Date: Mon, 25 May 2020 00:19:32 GMT
Content-Type: text/html
Content-Length: 363
Connection: keep-alive
Last-Modified: Fri, 22 May 2020 06:57:37 GMT
ETag: "468-5a63724fadcef-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
server: nginx

GET
H/1.1 200
OK contact.html Show response
paxfui.com/login/app/ Frame 0223 69 KB
13 KB 19ms
19ms Document
text/html 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://paxfui.com/login/app/contact.html
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 5cc03100af1273aae8b6139fb323ca77ced608fb1174aa0f7261616784178899

Request headers

Host: paxfui.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://paxfui.com/login/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://paxfui.com/login/

Response headers

Date: Mon, 25 May 2020 00:19:32 GMT
Content-Type: text/html
Content-Length: 12659
Connection: keep-alive
Last-Modified: Fri, 22 May 2020 06:57:34 GMT
ETag: "114f2-5a63724d1d857-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
server: nginx

GET
H/1.1 200
OK onboarding_rocket-42208a28baf398a8589e8058e7853c11.png
paxfui.com/login/app/ 41 KB
41 KB 18ms
18ms Image
image/png 2001:bc8:4::2
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paxfui.com/login/app/onboarding_rocket-42208a28baf398a8589e8058e7853c11.png
Requested by: Host: paxfui.com
URL: https://paxfui.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:bc8:4::2 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: dbefd1e5598ffcd39c87be3b46c2cc17c3306d257ec172b6ee7b92e4e5f3975a

Request headers

Referer: https://paxfui.com/login/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 May 2020 00:19:32 GMT
Last-Modified: Fri, 22 May 2020 06:57:36 GMT
server: nginx
ETag: "a384-5a63724f39974"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41860

GET
H2 200 preload.d0b503c5b12e353055e2.js Show response
static.zdassets.com/web_widget/latest/ Frame F7FB 44 KB
13 KB 63ms
24ms Script
application/javascript 104.18.73.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/preload.d0b503c5b12e353055e2.js

Requested by

Host: paxfui.com
URL: https://paxfui.com/login/app/support.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.73.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

868c0b47536a22e8e351011c7b5f0f41fdd410885e97a2bbacd17c522df61274

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://paxfui.com/login/app/support.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 May 2020 00:19:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 417874
x-amz-server-side-encryption: AES256
status: 200
x-amz-replication-status: COMPLETED
x-amz-request-id: 69EC873604662FAC
x-amz-id-2: OtONGsyzfaCzPuLnj+tVIy/eR0Fkoqn2n6DpaUuqEya9PNCNnWG1aiZ6OZ61IQXk7CYE2PjvmWU=
last-modified: Wed, 20 May 2020 02:39:41 GMT
server: cloudflare
etag: W/"5c8e52b774fb58ca3cbaec72286be67b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: rN3N.BFQwqtumMNwP3XbaSjHkmXtZRCD
cf-request-id: 02eacbfe9900000bfd19baf200000001
cf-ray: 598b15ddc9ee0bfd-AMS
expires: Thu, 20 May 2021 02:39:40 GMT

GET
H2 200 vendors~web_widget.3ddaa6acebad8511515d.chunk.js Show response
static.zdassets.com/web_widget/latest/ Frame F7FB 1 MB
276 KB 79ms
40ms Script
application/javascript 104.18.73.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/vendors~web_widget.3ddaa6acebad8511515d.chunk.js

Requested by

Host: paxfui.com
URL: https://paxfui.com/login/app/support.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.73.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23ddd93f9255197b5a1956c22fd0dc3fc6a2e18014c3dc4fb05ea76254ff3b97

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://paxfui.com/login/app/support.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 May 2020 00:19:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 417874
x-amz-server-side-encryption: AES256
status: 200
x-amz-replication-status: COMPLETED
x-amz-request-id: 4481F13A462FF18C
x-amz-id-2: wOYg3tEzArMRfIhf4LRGxFcvJkJ6SiA2g7uE9Tb9x2lShk9//2OJGawt/R2y3OKvZKaNsJpmzJU=
last-modified: Wed, 20 May 2020 02:39:42 GMT
server: cloudflare
etag: W/"c9176195060280ba568bedd80b8b9a73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: Um0qQWvnyrdpoUNQpW_7eJfbxk_FJTAN
cf-request-id: 02eacbfe9a00000bfd19bb0200000001
cf-ray: 598b15ddc9f10bfd-AMS
expires: Thu, 20 May 2021 02:39:41 GMT

GET
H2 200 web_widget.9168d5a373489cab3a32.chunk.js Show response
static.zdassets.com/web_widget/latest/ Frame F7FB 858 KB
163 KB 65ms
26ms Script
application/javascript 104.18.73.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web_widget.9168d5a373489cab3a32.chunk.js

Requested by

Host: paxfui.com
URL: https://paxfui.com/login/app/support.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.73.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6044a9e1fa77555c481968bb231c8be16365cb0226f6204b145b006a7c64642

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://paxfui.com/login/app/support.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 May 2020 00:19:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 417874
x-amz-server-side-encryption: AES256
status: 200
x-amz-replication-status: COMPLETED
x-amz-request-id: 36C7D9446A1B0046
x-amz-id-2: rP/wSUDvlcg/qm9hlJYqtXkmu5R/lrBCknEA/IRtGQbI5Fc8gGzbnivcnFHsGp35nGLHwel7qew=
last-modified: Wed, 20 May 2020 02:39:42 GMT
server: cloudflare
etag: W/"185080979052f2e690091df4cd217981"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: JGosiEsusyWd4OrMKNMyc16vSX6BptML
cf-request-id: 02eacbfe9a00000bfd19bb1200000001
cf-ray: 598b15ddc9f30bfd-AMS
expires: Thu, 20 May 2021 02:39:41 GMT

GET
H2 200 en-us.39cd5e9a02de31b5bebb.js Show response
static.zdassets.com/web_widget/latest/locales/ Frame F7FB 24 KB
5 KB 85ms
46ms Script
application/javascript 104.18.73.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/locales/en-us.39cd5e9a02de31b5bebb.js

Requested by

Host: paxfui.com
URL: https://paxfui.com/login/app/support.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.73.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9ccd92da0f2945598b58ab70a3f546117b05134fbda7a6880c8f75f4525e96a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://paxfui.com/login/app/support.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 May 2020 00:19:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2230177
x-amz-server-side-encryption: AES256
status: 200
x-amz-replication-status: COMPLETED
x-amz-request-id: AA9CEF11F49F8772
x-amz-id-2: 65A96q8Oj27VHQ216QV19EpuURbUHUnlMnqu8v6p3oRIGK6eYC6N5ct0UVLyr0GiBfmcH7D5os4=
last-modified: Wed, 29 Apr 2020 04:38:24 GMT
server: cloudflare
etag: W/"39cd5e9a02de31b5bebb818a773ec707"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: w7N7RGUMCBxoUZdHWjTMqTJAE5H7VQOz
cf-request-id: 02eacbfe9a00000bfd19bb2200000001
cf-ray: 598b15ddc9f40bfd-AMS
expires: Thu, 29 Apr 2021 04:38:23 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Paxful (Crypto Exchange)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paxfui.com
static.zdassets.com
www.paxfui.com
104.18.73.113
2001:bc8:4::2
62.210.16.61
0e94d0245b6926985a59ff3a2d497b0a130de615b0b878e119fd9f28f160a909
23ddd93f9255197b5a1956c22fd0dc3fc6a2e18014c3dc4fb05ea76254ff3b97
3439a23fcdafb0ab64c2cddec6ad38064d4980608539a3289edc6e0690d7b247
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
50c05c2f75d9b2347c3a249d12c310fe985fbccf5dd0cf0fde096690f8251725
5a90fb0070fd9c732b654e7025a241166f48df3400d16b3d37cec402e2d5d9ee
5cc03100af1273aae8b6139fb323ca77ced608fb1174aa0f7261616784178899
6a868752dedb71ae5a04d2859bcff2bb37a540f6e6a051e9c255d0c6984d7eb5
6ff016b900ad608981efe5005d924ab0fcb29e5884ae34cbbbceb1ca984bcc26
868c0b47536a22e8e351011c7b5f0f41fdd410885e97a2bbacd17c522df61274
8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e
940288b4b764d5af42eb0dad0dfd95972b4eaeb17effeaaef3a9ab85054b6719
b9ccd92da0f2945598b58ab70a3f546117b05134fbda7a6880c8f75f4525e96a
c7a0e47542f8a651ff0c4afbca327468457232e581d264c15510c947a382f6f0
d6044a9e1fa77555c481968bb231c8be16365cb0226f6204b145b006a7c64642
dbefd1e5598ffcd39c87be3b46c2cc17c3306d257ec172b6ee7b92e4e5f3975a
e96975ee855e4e24d299670a458f220d9d1950ee75e380bffa9a7daeec343c6e
f54eef712a4f985f5ad0f8c8799ccac66f4cb2143ffa38b0c50a18c38fa50a40

paxfui.com Open in urlscan Pro 2001:bc8:4::2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

669 kBTransfer

3221 kBSize

0 Cookies

23 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

paxfui.com Open in urlscan Pro
2001:bc8:4::2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

669 kB
Transfer

3221 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!