hxfxsetup01.eu-gb.cf.appdomain.cloud
Open in
urlscan Pro
5.10.124.142
Malicious Activity!
Public Scan
Effective URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds
Submission: On February 11 via api from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 24th 2019. Valid for: a year.
This is the only time hxfxsetup01.eu-gb.cf.appdomain.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 5.10.124.142 5.10.124.142 | 36351 (SOFTLAYER) (SOFTLAYER) | |
1 | 2606:4700:303... 2606:4700:3034::681f:44f0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 3 |
ASN36351 (SOFTLAYER, US)
PTR: 8e.7c.0a05.ip4.static.sl-reverse.com
dxfxsetup01.eu-gb.cf.appdomain.cloud | |
hxfxsetup01.eu-gb.cf.appdomain.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
appdomain.cloud
dxfxsetup01.eu-gb.cf.appdomain.cloud hxfxsetup01.eu-gb.cf.appdomain.cloud |
199 KB |
1 |
cloudservcp.host
cloudservcp.host |
539 B |
15 | 2 |
Domain | Requested by | |
---|---|---|
13 | hxfxsetup01.eu-gb.cf.appdomain.cloud |
hxfxsetup01.eu-gb.cf.appdomain.cloud
|
1 | cloudservcp.host | |
1 | dxfxsetup01.eu-gb.cf.appdomain.cloud | |
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.eu-gb.cf.appdomain.cloud DigiCert SHA2 Secure Server CA |
2019-09-24 - 2020-09-28 |
a year | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-02-10 - 2020-10-09 |
8 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds
Frame ID: 0AC85FBBE0C73C06EC4F531C2C0EB388
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com Page URL
- https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Page URL
- https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com Page URL
- https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Page URL
- https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
dxfxsetup01.eu-gb.cf.appdomain.cloud/ |
356 B 575 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whsdjd89ajdkdopf0wwmmmxM.php
cloudservcp.host/2exl/ |
433 B 539 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
hxfxsetup01.eu-gb.cf.appdomain.cloud/ |
569 KB 156 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
X1-bg-img.jpg
hxfxsetup01.eu-gb.cf.appdomain.cloud/vpn/media/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
hxfxsetup01.eu-gb.cf.appdomain.cloud/ |
41 KB 41 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
resources.js
hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nsshare.js
hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
in_progress.gif
hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header_gradient.png
hxfxsetup01.eu-gb.cf.appdomain.cloud/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citrixsans_regular.woff
hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citrixsans_bold.woff
hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citrixsans_semibold.woff
hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citrixsans_regular.ttf
hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citrixsans_bold.ttf
hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citrixsans_semibold.ttf
hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| locate string| text function| delineate function| validateform function| changePage function| setFocus function| validateForm undefined| Resources string| message function| clickIE function| clickNS function| disableCtrlKeyCombination string| res string| zork1 number| theleft number| theright0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloudservcp.host
dxfxsetup01.eu-gb.cf.appdomain.cloud
hxfxsetup01.eu-gb.cf.appdomain.cloud
2606:4700:3034::681f:44f0
5.10.124.142
7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
9b0a8c583119a398280d499f36a1d71fb786bb885dbf969a8e6c9aa3db593e3a
e0a1f9ccb5c85dad6604dca197d27630b753f0ec1fa976816c8cc89f36e93627
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec411332dcee4db861d0e2ccf85a56f9cff69f342e8b05dea64ba8602b07c740
f4744c11d54c68be51cc980c9863d43f11519d0d3c2c280bd76b0743325342cf