hxfxsetup01.eu-gb.cf.appdomain.cloud Open in urlscan Pro
5.10.124.142 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com
Effective URL:
https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds
Submission: On February 11 via api (February 11th 2020, 6:36:21 pm UTC) from US

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 5.10.124.142, located in London, United Kingdom and belongs to SOFTLAYER, US. The main domain is hxfxsetup01.eu-gb.cf.appdomain.cloud.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 24th 2019. Valid for: a year.

This is the only time hxfxsetup01.eu-gb.cf.appdomain.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
14	5.10.124.142 5.10.124.142	36351 (SOFTLAYER) (SOFTLAYER)
1	2606:4700:303... 2606:4700:3034::681f:44f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

14 5.10.124.142 (London, United Kingdom)

ASN36351 (SOFTLAYER, US)
PTR: 8e.7c.0a05.ip4.static.sl-reverse.com

dxfxsetup01.eu-gb.cf.appdomain.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hxfxsetup01.eu-gb.cf.appdomain.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::681f:44f0 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudservcp.host	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	appdomain.cloud dxfxsetup01.eu-gb.cf.appdomain.cloud hxfxsetup01.eu-gb.cf.appdomain.cloud	199 KB
1	cloudservcp.host cloudservcp.host	539 B
15	2

	Domain	Requested by
13	hxfxsetup01.eu-gb.cf.appdomain.cloud	hxfxsetup01.eu-gb.cf.appdomain.cloud
1	cloudservcp.host
1	dxfxsetup01.eu-gb.cf.appdomain.cloud
15	3

This site contains no links.

Subject Issuer	Validity	Valid
*.eu-gb.cf.appdomain.cloud DigiCert SHA2 Secure Server CA	`2019-09-24` - `2020-09-28`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-10` - `2020-10-09`	8 months	crt.sh

This page contains 1 frames:

Primary Page: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds
Frame ID: 0AC85FBBE0C73C06EC4F531C2C0EB388
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com Page URL
https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Page URL
https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

15
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

199 kB
Transfer

683 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com Page URL
https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Page URL
https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response dxfxsetup01.eu-gb.cf.appdomain.cloud/	356 B 575 B	174ms 39ms	Document text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash `e0a1f9ccb5c85dad6604dca197d27630b753f0ec1fa976816c8cc89f36e93627` Request headers Host dxfxsetup01.eu-gb.cf.appdomain.cloud Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers X-Backside-Transport OK OK Connection Keep-Alive Transfer-Encoding chunked Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Tue, 11 Feb 2020 18:36:01 GMT Server Apache Vary Accept-Encoding X-Global-Transaction-ID ba9308f85e42f41116f29be9
GET H2	200	whsdjd89ajdkdopf0wwmmmxM.php Show response cloudservcp.host/2exl/	433 B 539 B	230ms 188ms	Document text/html	2606:4700:3034::681f:44f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::681f:44f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.27 Resource Hash `9b0a8c583119a398280d499f36a1d71fb786bb885dbf969a8e6c9aa3db593e3a` Request headers :method GET :authority cloudservcp.host :scheme https :path /2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest document accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate referer https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Referer https://dxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith%40gmail.com Response headers status 200 date Tue, 11 Feb 2020 18:36:03 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d7ca49bc333e284111cd078fc75c2841c1581446163; expires=Thu, 12-Mar-20 18:36:03 GMT; path=/; domain=.cloudservcp.host; HttpOnly; SameSite=Lax x-powered-by PHP/7.2.27 vary Accept-Encoding cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 56386d186da896c2-FRA content-encoding br
GET H/1.1	200 OK	Primary Request / Show response hxfxsetup01.eu-gb.cf.appdomain.cloud/	569 KB 156 KB	198ms 91ms	Document text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash `f4744c11d54c68be51cc980c9863d43f11519d0d3c2c280bd76b0743325342cf` Request headers Host hxfxsetup01.eu-gb.cf.appdomain.cloud Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Referer https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Referer https://cloudservcp.host/2exl/whsdjd89ajdkdopf0wwmmmxM.php?pak1=john.smith@gmail.com&text=cds Response headers X-Backside-Transport OK OK Connection Keep-Alive Transfer-Encoding chunked Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Tue, 11 Feb 2020 18:36:04 GMT Server Apache Vary Accept-Encoding X-Global-Transaction-ID ba9308f85e42f4148a9cee7f
GET H/1.1	404 Not Found	X1-bg-img.jpg hxfxsetup01.eu-gb.cf.appdomain.cloud/vpn/media/	196 B 196 B	80ms 45ms	Image text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/vpn/media/X1-bg-img.jpg Requested by Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID ba9308f85e42f414439a76f7 Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	/ hxfxsetup01.eu-gb.cf.appdomain.cloud/	41 KB 41 KB	156ms 76ms	Image text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Requested by Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Tue, 11 Feb 2020 18:36:04 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 X-Backside-Transport OK OK X-Global-Transaction-ID 01ec2aee5e42f41441b05e07 Connection Keep-Alive Transfer-Encoding chunked
GET H/1.1	404 Not Found	resources.js hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/	0 0	77ms 44ms	Script text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/resources.js Requested by Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID 086c0fe95e42f41486cfac8f Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	nsshare.js hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/	0 0	87ms 58ms	Script text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/nsshare.js Requested by Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID ba9308f85e42f414585d08ad Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	in_progress.gif hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/	196 B 196 B	88ms 44ms	Image text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/Outlook%20Web%20App_files/in_progress.gif Requested by Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID ba9308f85e42f4148a9cf09f Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET DATA	200 OK	truncated /	68 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ec411332dcee4db861d0e2ccf85a56f9cff69f342e8b05dea64ba8602b07c740` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	404 Not Found	header_gradient.png hxfxsetup01.eu-gb.cf.appdomain.cloud/	196 B 196 B	89ms 88ms	Image text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud/header_gradient.png Requested by Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID ba9308f85e42f414439a7c67 Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	404 Not Found	citrixsans_regular.woff hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/	0 0	74ms 73ms	Font text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud//vpn/js/rdx/core/css/fonts/citrix_sans/citrixsans_regular.woff Requested by* Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Origin https://hxfxsetup01.eu-gb.cf.appdomain.cloud Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID ba9308f85e42f4148a9cf12f Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	citrixsans_bold.woff hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/	0 0	72ms 72ms	Font text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud//vpn/js/rdx/core/css/fonts/citrix_sans/citrixsans_bold.woff Requested by* Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Origin https://hxfxsetup01.eu-gb.cf.appdomain.cloud Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID 086c0fe95e42f41456f1206d Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	citrixsans_semibold.woff hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/	0 0	67ms 66ms	Font text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud//vpn/js/rdx/core/css/fonts/citrix_sans/citrixsans_semibold.woff Requested by* Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Origin https://hxfxsetup01.eu-gb.cf.appdomain.cloud Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID 01ec2aee5e42f41441b060b7 Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	citrixsans_regular.ttf hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/	0 0	58ms 58ms	Font text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud//vpn/js/rdx/core/css/fonts/citrix_sans/citrixsans_regular.ttf Requested by* Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Origin https://hxfxsetup01.eu-gb.cf.appdomain.cloud Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID ba9308f85e42f414439a7c87 Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	citrixsans_bold.ttf hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/	0 0	56ms 55ms	Font text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud//vpn/js/rdx/core/css/fonts/citrix_sans/citrixsans_bold.ttf Requested by* Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Origin https://hxfxsetup01.eu-gb.cf.appdomain.cloud Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID 086c0fe95e42f41413988793 Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	citrixsans_semibold.ttf hxfxsetup01.eu-gb.cf.appdomain.cloud/*/vpn/js/rdx/core/css/fonts/citrix_sans/	0 0	33ms 33ms	Font text/html	5.10.124.142 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://hxfxsetup01.eu-gb.cf.appdomain.cloud//vpn/js/rdx/core/css/fonts/citrix_sans/citrixsans_semibold.ttf Requested by* Host: hxfxsetup01.eu-gb.cf.appdomain.cloud URL: https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.10.124.142 London, United Kingdom, ASN36351 (SOFTLAYER, US), Reverse DNS 8e.7c.0a05.ip4.static.sl-reverse.com Software Apache / Resource Hash Request headers Referer https://hxfxsetup01.eu-gb.cf.appdomain.cloud/?pak1=john.smith@gmail.com&text=cds Origin https://hxfxsetup01.eu-gb.cf.appdomain.cloud Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers X-Backside-Transport FAIL FAIL Date Tue, 11 Feb 2020 18:36:04 GMT X-Global-Transaction-ID 01ec2aee5e42f41427757ac1 Server Apache Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloudservcp.host
dxfxsetup01.eu-gb.cf.appdomain.cloud
hxfxsetup01.eu-gb.cf.appdomain.cloud
2606:4700:3034::681f:44f0
5.10.124.142
7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
9b0a8c583119a398280d499f36a1d71fb786bb885dbf969a8e6c9aa3db593e3a
e0a1f9ccb5c85dad6604dca197d27630b753f0ec1fa976816c8cc89f36e93627
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec411332dcee4db861d0e2ccf85a56f9cff69f342e8b05dea64ba8602b07c740
f4744c11d54c68be51cc980c9863d43f11519d0d3c2c280bd76b0743325342cf

hxfxsetup01.eu-gb.cf.appdomain.cloud Open in urlscan Pro 5.10.124.142 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

199 kBTransfer

683 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

0 Cookies

Indicators

hxfxsetup01.eu-gb.cf.appdomain.cloud Open in urlscan Pro
5.10.124.142 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

199 kB
Transfer

683 kB
Size

0
Cookies

15 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!