paxfui.com
Open in
urlscan Pro
2001:bc8:4::2
Malicious Activity!
Public Scan
Effective URL: https://paxfui.com/login/
Submission: On May 25 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 16th 2020. Valid for: 3 months.
This is the only time paxfui.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Paxful (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 2001:bc8:4::2 2001:bc8:4::2 | 12876 (Online SAS) (Online SAS) | |
1 1 | 62.210.16.61 62.210.16.61 | 12876 (Online SAS) (Online SAS) | |
4 | 104.18.73.113 104.18.73.113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
paxfui.com
2 redirects
paxfui.com www.paxfui.com |
211 KB |
4 |
zdassets.com
static.zdassets.com |
458 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
15 | paxfui.com |
1 redirects
paxfui.com
|
4 | static.zdassets.com |
paxfui.com
|
1 | www.paxfui.com | 1 redirects |
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
paxful.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
paxfui.com Let's Encrypt Authority X3 |
2020-05-16 - 2020-08-14 |
3 months | crt.sh |
*.zdassets.com Sectigo RSA Domain Validation Secure Server CA |
2019-06-25 - 2021-05-31 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://paxfui.com/login/
Frame ID: B8C8589D38B570C13851F50F2725C7E4
Requests: 12 HTTP requests in this frame
Frame:
https://paxfui.com/login/app/support.html
Frame ID: F7FBFEA80025ADAB41CC0C5B209D1651
Requests: 5 HTTP requests in this frame
Frame:
https://paxfui.com/login/app/contact.html
Frame ID: 0223836E1E00AC43D8E36127D0354D8B
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://paxfui.com/ Page URL
-
https://paxfui.com/login
HTTP 301
http://www.paxfui.com/login/ HTTP 301
https://paxfui.com/login/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
23 Outgoing links
These are links going to different origins than the main page.
Title: Learn more
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: Русский
Search URL Search Domain Scan URL
Title: 简体中文(SC)
Search URL Search Domain Scan URL
Title: 繁體中文(TC)
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Português
Search URL Search Domain Scan URL
Title: Português brasileiro
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Bahasa Indonesia
Search URL Search Domain Scan URL
Title: Türkçe
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: Tiếng Việt
Search URL Search Domain Scan URL
Title: Bahasa Melayu
Search URL Search Domain Scan URL
Title: Wikang Tagalog
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: Čeština
Search URL Search Domain Scan URL
Title: Polski
Search URL Search Domain Scan URL
Title: Create account
Search URL Search Domain Scan URL
Title: Forgot password?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://paxfui.com/ Page URL
-
https://paxfui.com/login
HTTP 301
http://www.paxfui.com/login/ HTTP 301
https://paxfui.com/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
paxfui.com/ |
167 B 440 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
paxfui.com/login/ Redirect Chain
|
93 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vanilla.css
paxfui.com/login/app/ |
359 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ts.css
paxfui.com/login/app/ |
610 KB 73 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
paxfui.com/login/app/ |
489 B 564 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global-bootstrap.css
paxfui.com/login/app/ |
172 B 428 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LoginPage.chunk.css
paxfui.com/login/app/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style_https.1.5.8.css
paxfui.com/login/app/ |
40 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-dark-8d19bec5dfbd87572706e63eb94fead2.svg
paxfui.com/login/app/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
https-label-2bb876d2763bd9bf6e8a2074fdf9429f.png
paxfui.com/login/app/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookieconsent.min.css
paxfui.com/login/app/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
support.html
paxfui.com/login/app/ Frame F7FB |
1 KB 651 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact.html
paxfui.com/login/app/ Frame 0223 |
69 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
onboarding_rocket-42208a28baf398a8589e8058e7853c11.png
paxfui.com/login/app/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preload.d0b503c5b12e353055e2.js
static.zdassets.com/web_widget/latest/ Frame F7FB |
44 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~web_widget.3ddaa6acebad8511515d.chunk.js
static.zdassets.com/web_widget/latest/ Frame F7FB |
1 MB 276 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web_widget.9168d5a373489cab3a32.chunk.js
static.zdassets.com/web_widget/latest/ Frame F7FB |
858 KB 163 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-us.39cd5e9a02de31b5bebb.js
static.zdassets.com/web_widget/latest/locales/ Frame F7FB |
24 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Paxful (Crypto Exchange)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| zEmbed function| zE function| $zopim0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
paxfui.com
static.zdassets.com
www.paxfui.com
104.18.73.113
2001:bc8:4::2
62.210.16.61
0e94d0245b6926985a59ff3a2d497b0a130de615b0b878e119fd9f28f160a909
23ddd93f9255197b5a1956c22fd0dc3fc6a2e18014c3dc4fb05ea76254ff3b97
3439a23fcdafb0ab64c2cddec6ad38064d4980608539a3289edc6e0690d7b247
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
50c05c2f75d9b2347c3a249d12c310fe985fbccf5dd0cf0fde096690f8251725
5a90fb0070fd9c732b654e7025a241166f48df3400d16b3d37cec402e2d5d9ee
5cc03100af1273aae8b6139fb323ca77ced608fb1174aa0f7261616784178899
6a868752dedb71ae5a04d2859bcff2bb37a540f6e6a051e9c255d0c6984d7eb5
6ff016b900ad608981efe5005d924ab0fcb29e5884ae34cbbbceb1ca984bcc26
868c0b47536a22e8e351011c7b5f0f41fdd410885e97a2bbacd17c522df61274
8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e
940288b4b764d5af42eb0dad0dfd95972b4eaeb17effeaaef3a9ab85054b6719
b9ccd92da0f2945598b58ab70a3f546117b05134fbda7a6880c8f75f4525e96a
c7a0e47542f8a651ff0c4afbca327468457232e581d264c15510c947a382f6f0
d6044a9e1fa77555c481968bb231c8be16365cb0226f6204b145b006a7c64642
dbefd1e5598ffcd39c87be3b46c2cc17c3306d257ec172b6ee7b92e4e5f3975a
e96975ee855e4e24d299670a458f220d9d1950ee75e380bffa9a7daeec343c6e
f54eef712a4f985f5ad0f8c8799ccac66f4cb2143ffa38b0c50a18c38fa50a40