paxfulpay.org Open in urlscan Pro
2606:4700:3030::ac43:8492  Malicious Activity! Public Scan

Submitted URL: http://paxfulpay.org/
Effective URL: https://paxfulpay.org/
Submission: On November 28 via manual from US — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3030::ac43:8492, located in United States and belongs to CLOUDFLARENET, US. The main domain is paxfulpay.org.
TLS certificate: Issued by WE1 on November 27th 2024. Valid for: 3 months.
This is the only time paxfulpay.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Paxful (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
9 2606:4700:303... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
15 2
Apex Domain
Subdomains
Transfer
9 paxfulpay.org
paxfulpay.org
818 KB
6 fontawesome.com
ka-f.fontawesome.com — Cisco Umbrella Rank: 6059
301 KB
15 2
Domain Requested by
9 paxfulpay.org paxfulpay.org
6 ka-f.fontawesome.com paxfulpay.org
15 2

This site contains no links.

Subject Issuer Validity Valid
paxfulpay.org
WE1
2024-11-27 -
2025-02-25
3 months crt.sh
ka-f.fontawesome.com
WE1
2024-10-27 -
2025-01-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://paxfulpay.org/
Frame ID: A1BE6C52BA0B34A9F12427DD478DC24F
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Paxful Pay | Trade Payment Platform

Page URL History Show full URLs

  1. http://paxfulpay.org/ HTTP 307
    https://paxfulpay.org/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1120 kB
Transfer

3741 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://paxfulpay.org/ HTTP 307
    https://paxfulpay.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
paxfulpay.org/
Redirect Chain
  • http://paxfulpay.org/
  • https://paxfulpay.org/
14 KB
5 KB
Document
General
Full URL
https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20d5a8b072a4572fe26a9be3e64325f963b5fe2a2cbb52f51a329eafe8ec6957

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e973826ecd7bb73-FRA
content-encoding
zstd
content-type
text/html
date
Thu, 28 Nov 2024 03:19:57 GMT
last-modified
Wed, 27 Nov 2024 08:46:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JAnzNst717rRNVFA8Tl93r2wLbf80QZHAq1zYn545m%2FYDzjkhyZNuv%2FsVTTVi8eI7iYZYfbc9rDFkG9Az9XfHakFdOkBgnbAEs%2FWjOMmn9a7VkhNNZcQVVHZ%2Bzt%2B6ri%2Bav2ZUNjfk3I4nTV7"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=6578&min_rtt=6074&rtt_var=1558&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4145&recv_bytes=4378&delivery_rate=96805&cwnd=12000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=32&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding

Redirect headers

Location
https://paxfulpay.org/
Non-Authoritative-Reason
HttpsUpgrades
home.css
paxfulpay.org/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://paxfulpay.org/css/home.css
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0199f932df43684b1711c0cf9638a0cc946a6627b9f64279da858e0bebac5beb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"154c-624baf9479940-gzip"
age
945
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u7hGB2ygBw11dpPU0p7yMhmwNNgUbqNtG7d1oHO7D2GaJyOWsmM2rlI4dTW3FYfV7S5Ta5zY3N5Or1qbYVvtOQr8K8Z9GOetessq1NJ21tO8FrUlVCL6S4RzAyslpR77nhLdWUNhkb%2Fc24Qf"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6409&min_rtt=6001&rtt_var=906&sent=27&recv=17&lost=0&retrans=0&sent_bytes=21044&recv_bytes=6118&delivery_rate=231085&cwnd=12000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=62&x=1", cfHdrFlush;dur=3
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/css
last-modified
Fri, 18 Oct 2024 07:08:45 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e9738272ce8bb73-FRA
accept-ranges
bytes
content-length
1498
server
cloudflare
tailwind.min.css
paxfulpay.org/css/
3 MB
291 KB
Stylesheet
General
Full URL
https://paxfulpay.org/css/tailwind.min.css
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b005c7cf61850fe295c6d1a88803c9d34ae02a47345676da07424b71bcc55fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
"2bcaee-624baf9479940-gzip"
age
1104
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Itz2J5ym2uTc8g7nRUw0qqQd8B9DZ3ngyCEkR4L%2FSUf0XEZnf6GXVW9phbIRsHnjvRp1%2FQ5FX%2FnF9pe6jJOLuBtkqIjUUMAWa2yKGVA4dTzqAOC0sminggmB4D8aqAhWtMhStCNKcQwsQau5"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9738272ce9bb73-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6409&min_rtt=6001&rtt_var=906&sent=17&recv=17&lost=0&retrans=0&sent_bytes=9044&recv_bytes=6118&delivery_rate=231085&cwnd=12000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=59&x=1", cfHdrFlush;dur=0
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/css
last-modified
Fri, 18 Oct 2024 07:08:45 GMT
vary
Accept-Encoding
server
cloudflare
2dce5fa11f.js
paxfulpay.org/js/
15 KB
6 KB
Script
General
Full URL
https://paxfulpay.org/js/2dce5fa11f.js
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb087b33dffb219f4fc71c06de37382827a2427e9cb14dbcd57332cf4be98eb8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://paxfulpay.org
Referer
https://paxfulpay.org/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"3b9a-624c3d4b33180-gzip"
age
549
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URogag3xIC9G4fL4zDEDcsRlETps66LxsUqRt%2FGOMm%2BayUXimWKRPg7aaS1ExODv%2BSK2qebyARikFpihWlu%2F5fI9Cnq5E3WXOSMyWf%2BTs242c4Yv5wbIBO0cDH1dw8JDrBHgjWD2ye6iOHTE"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6409&min_rtt=6001&rtt_var=906&sent=27&recv=17&lost=0&retrans=0&sent_bytes=21044&recv_bytes=6118&delivery_rate=231085&cwnd=12000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=59&x=1", cfHdrFlush;dur=6
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
application/javascript
last-modified
Fri, 18 Oct 2024 17:42:46 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e9738272cebbb73-FRA
accept-ranges
bytes
content-length
5090
server
cloudflare
bank1.jpg
paxfulpay.org/images/
125 KB
126 KB
Image
General
Full URL
https://paxfulpay.org/images/bank1.jpg
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f692a388265e80994782bb8f7b401237bfdb03e8e3c0e99a7ba194e6f967f8dd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

cf-cache-status
HIT
etag
"1f466-624baf9479940"
age
945
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7B0BHiMezkebw2wQZaZPFxsz1HWCLdzkBMa8ST8D1na9neEzT2GIeiWuVeyJp%2F%2BTfnafS%2FNbPpB%2Fqguvg0vW2Ml4VJ3ZsVbp7NpMTPJw58VIyKTPKQQFVAzIFzTKV%2BDqWLI%2BWMVJGf1PsLfO"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6409&min_rtt=6001&rtt_var=906&sent=27&recv=17&lost=0&retrans=0&sent_bytes=21044&recv_bytes=6118&delivery_rate=231085&cwnd=12000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=60&x=1", cfHdrFlush;dur=5
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
image/jpeg
last-modified
Fri, 18 Oct 2024 07:08:45 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e9738272cedbb73-FRA
accept-ranges
bytes
content-length
128102
server
cloudflare
bank2.jpg
paxfulpay.org/images/
136 KB
137 KB
Image
General
Full URL
https://paxfulpay.org/images/bank2.jpg
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cc2be8e5e5480d998b0722706e82103928914f50fd719bba7ba1dfa165c45f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
REVALIDATED
etag
"22080-624baf9479940"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jycqcCxQhmpSRPrMf0bWKD7%2FgjTZ0qBtp1wGL9FwiG6yfpc4z96Jb6RW8kduOOI%2BJYok5gXiOjJwxRS8mMv9Y2NI1SmLIm0x6lqwQ0kqsxEzKsGLM5%2Fw3amqsApOJW8x3ZRO7624KzTMoYo4"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9738272ceebb73-FRA
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6317&min_rtt=6001&rtt_var=125&sent=83&recv=32&lost=0&retrans=0&sent_bytes=86842&recv_bytes=6763&delivery_rate=3922825&cwnd=42000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=74&x=1", cfHdrFlush;dur=4
content-length
139392
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
image/jpeg
last-modified
Fri, 18 Oct 2024 07:08:45 GMT
vary
Accept-Encoding
server
cloudflare
join.png
paxfulpay.org/images/
248 KB
249 KB
Image
General
Full URL
https://paxfulpay.org/images/join.png
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50040a019d72d5db87b89749d5729d5d2a6f3787256b8fc58b676ac7d8033ee

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
REVALIDATED
etag
"3e1f0-624baf9479940"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BHSQP%2FxnrPCLmKpLvgCVZcUIgkMSNziKjXbF68dW0Ht6QYIWNTV6hl8OMaR%2BV8tkXbPtqElBTkgnYy%2F96FiMUNxl2N%2Bd7WNUJGAp4DAU8AyCY4CnDID9h0cU3K9wq2sxH7IqKNbRf1XP4bAm"}],"group":"cf-nel","max_age":604800}
cf-ray
8e973827ad0ebb73-FRA
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6792&min_rtt=5872&rtt_var=560&sent=516&recv=104&lost=0&retrans=0&sent_bytes=596539&recv_bytes=10290&delivery_rate=35855782&cwnd=276000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=158&x=1", cfHdrFlush;dur=0
content-length
254448
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
image/png
last-modified
Fri, 18 Oct 2024 07:08:45 GMT
vary
Accept-Encoding
server
cloudflare
logo.png
paxfulpay.org/images/
2 KB
3 KB
Image
General
Full URL
https://paxfulpay.org/images/logo.png
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2c0b85f2f8348840ebf7da214910cd95c939caf17d09b8d4e1ce3744b06b1dd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

cf-cache-status
HIT
etag
"7cd-624baf9479940"
age
548
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OLnMJVYwH9dcZqm021BQ9HhTQ9NpC1u6etXqRdRqY53FZE5S7bKoTd7xzDaRZtZ36hldM%2Fs5e5pRKw%2BniqDyY1k00WgIECfstmW6jJCTJyMPMUvnuIed3AjjXKOVleMI%2B9M6NB8WNEu8Odu6"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8438&min_rtt=5872&rtt_var=575&sent=736&recv=128&lost=0&retrans=0&sent_bytes=857380&recv_bytes=11671&delivery_rate=8482372&cwnd=276000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=184&x=1", cfHdrFlush;dur=0
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
image/png
last-modified
Fri, 18 Oct 2024 07:08:45 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e973827ed25bb73-FRA
accept-ranges
bytes
content-length
1997
server
cloudflare
free.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/
94 KB
23 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.6.0/css/free.min.css?token=2dce5fa11f
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/js/2dce5fa11f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f99c17690330c805c47da3d7592864d6acf0f73817d432447e1b0c66ad28f221

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

access-control-max-age
3000
content-encoding
gzip
cf-cache-status
MISS
etag
W/"4ca760f49cd8a14911c81e6c14328874"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cr6wFtUl%2FpYghlQnNcUV5yC%2FrjZt26b14tEVykjMPtqTThyVV9tx90HpL94efBPP695b2q6dt%2F2DsEjnq3uo3vBFGjET8bNsNf3Ds7cRKR44oQD%2By3GApBbIglQ4HUmF9yXY9%2FFkUHHKs6TP3GPEU9YMWA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
ZIQ1iLgDsGM8cVHBpBNyBI1NCJNS3LkORpoyfjd1QVojWyD2GoQNNg==
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/css
last-modified
Mon, 15 Jul 2024 22:20:40 GMT
vary
Accept-Encoding
access-control-allow-headers
fa-kit-token
server-timing
cfL4;desc="?proto=QUIC&rtt=6668&min_rtt=5925&rtt_var=1328&sent=19&recv=16&lost=0&retrans=0&sent_bytes=10901&recv_bytes=5549&delivery_rate=1009221&cwnd=12000&unsent_bytes=0&cid=a8647a51cb8ff9a8&ts=25&x=1", cfHdrFlush;dur=0
cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
cf-ray
8e9738280f2cdbc7-FRA
access-control-allow-origin
*
x-amz-cf-pop
FRA56-C2
server
cloudflare
x-amz-server-side-encryption
AES256
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/
27 KB
5 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v4-shims.min.css?token=2dce5fa11f
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/js/2dce5fa11f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ae3c19265723696f50e3226dcd43fbc7ea617697e0d7169a8e52c854ae3826c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

access-control-max-age
3000
content-encoding
gzip
cf-cache-status
HIT
etag
W/"5e5b0d8c7be5919570a305b6bc229a36"
age
66861
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9KukdAvVvhtXa1EPc4H%2FLh%2BNTN8LwgtxKm%2Fac6va2c9xWUH2VoP19L2blb8jx0YxwteP%2BzF3SGUq%2FcbKsOk6B%2BgV7P0bkKHukXnV4SriTpxgZRYeP5zxJuSz07vf9beEUkmZ5VsALkFDVQ77dbELJf0%2BtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
ovFRMCsEZWsMQvyk6Q1jf6YiO2ybI0j_zunM2f5gQJutjJ750pI47g==
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/css
last-modified
Mon, 15 Jul 2024 22:20:39 GMT
vary
Accept-Encoding
access-control-allow-headers
fa-kit-token
server-timing
cfL4;desc="?proto=QUIC&rtt=6068&min_rtt=5925&rtt_var=1361&sent=14&recv=12&lost=0&retrans=0&sent_bytes=5511&recv_bytes=5377&delivery_rate=98220&cwnd=12000&unsent_bytes=0&cid=a8647a51cb8ff9a8&ts=18&x=1", cfHdrFlush;dur=0
cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
cf-ray
8e9738280f2ddbc7-FRA
access-control-allow-origin
*
x-amz-cf-pop
FRA56-C2
server
cloudflare
x-amz-server-side-encryption
AES256
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/
823 B
1 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v5-font-face.min.css?token=2dce5fa11f
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/js/2dce5fa11f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f264c31cdb355f351235359240c30acae2bbe0a43c73fa6a035123e6d953a01

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

access-control-max-age
3000
content-encoding
zstd
cf-cache-status
HIT
etag
W/"8972ae5004bc634ffa6641be3960e78a"
age
66861
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cSD9sR3BWLQyMfbcQs4VJiJKgWvlDHTkg6JLbV8xggusH3QFv8J4mqyEZH24dOxZgWnsyB%2FTW51diBawfcRHSDaG8HRB0uxAB3LdI%2BwCStS3wVYK9kMAJAJXU8fjT1RuXvj6oFiBPXqn20jtT7bSjIqwaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
zf9LIxeDyKHykUhkZeccWl0XZx7ZvRQRelnoB1ApiF0wVYCF9Dm58A==
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/css
last-modified
Mon, 15 Jul 2024 22:20:39 GMT
vary
Accept-Encoding
access-control-allow-headers
fa-kit-token
server-timing
cfL4;desc="?proto=QUIC&rtt=6068&min_rtt=5925&rtt_var=1361&sent=12&recv=12&lost=0&retrans=0&sent_bytes=4213&recv_bytes=5377&delivery_rate=98220&cwnd=12000&unsent_bytes=0&cid=a8647a51cb8ff9a8&ts=17&x=1", cfHdrFlush;dur=0
cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
cf-ray
8e9738280f2adbc7-FRA
access-control-allow-origin
*
x-amz-cf-pop
FRA56-C2
server
cloudflare
x-amz-server-side-encryption
AES256
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/
2 KB
1 KB
Fetch
General
Full URL
https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v4-font-face.min.css?token=2dce5fa11f
Requested by
Host: paxfulpay.org
URL: https://paxfulpay.org/js/2dce5fa11f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddfbe9ee1f7088339a85fa25a259765ade4258c082a7921b9f569ff9616f904a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

access-control-max-age
3000
content-encoding
gzip
cf-cache-status
MISS
etag
W/"a5a0c9048efb7cb5df90023064d09ba4"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A0gdpU7IV8BghHpsLMZAZcnyzdnY2rq1pVpJAO%2BLWS89HrjFNsQbYfeSr%2FFzcF09rqa7JBGqLde6EILhugb4JSznSUcAxxiNDvaSjew1JRHUbfikfVSmNVGy06fAT5VF8a1gjCxIMqxX6AoBcZjtMZlMew%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
z8KSYpHq7RKbApZZHn9OcC-HtmRsyJkePzrmaQsNVf43ahHm4manVA==
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/css
last-modified
Mon, 15 Jul 2024 22:20:39 GMT
vary
Accept-Encoding
access-control-allow-headers
fa-kit-token
server-timing
cfL4;desc="?proto=QUIC&rtt=6668&min_rtt=5925&rtt_var=1328&sent=29&recv=16&lost=0&retrans=0&sent_bytes=22901&recv_bytes=5549&delivery_rate=1009221&cwnd=12000&unsent_bytes=0&cid=a8647a51cb8ff9a8&ts=26&x=1", cfHdrFlush;dur=6
cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront)
cf-ray
8e9738280f30dbc7-FRA
access-control-allow-origin
*
x-amz-cf-pop
FRA60-P2
server
cloudflare
x-amz-server-side-encryption
AES256
favicon.ico
paxfulpay.org/
275 B
868 B
Other
General
Full URL
https://paxfulpay.org/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8492 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbc06682f3201104d3b42374b0652d00157af7031891f8e06063db4f4b1977c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://paxfulpay.org/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kj5XeWW%2FQ9hwN7yGq7JKm7aJLzaDP%2FVtTQtsBOdxmuzseBQoWFFgD%2BbET9rEQAvaMc9E9HxHK7oHDdCJltR0bWrhGz72H2nw4YMggEWq%2BRREEv0%2BrVRqQvPLKhg6UYHqA6XuXsibY9vf7Zem"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9738285d4cbb73-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8123&min_rtt=5872&rtt_var=1061&sent=740&recv=130&lost=0&retrans=0&sent_bytes=860131&recv_bytes=12059&delivery_rate=168532&cwnd=276000&unsent_bytes=0&cid=9b38116dcaf7035f&ts=267&x=1", cfHdrFlush;dur=0
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
text/html; charset=iso-8859-1
vary
Accept-Encoding
server
cloudflare
free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v6.6.0/webfonts/
115 KB
116 KB
Font
General
Full URL
https://ka-f.fontawesome.com/releases/v6.6.0/webfonts/free-fa-brands-400.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97808cf1efc1c8a6d1cf8f7a6afe77c1aa3c923886b0c895f30ba4e383872745

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://paxfulpay.org
Referer
https://paxfulpay.org/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"4599d5f7abae601c045d89a85b737d51"
age
66861
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKhLg45IdTZvDNrVxHDqkOgEUw5sjWyW66cha2%2BtLNHXF9Z0uMhOt9o8zFzfq%2BYgjlCa2%2BHmxaO7CP7uqw7MFg0hH%2BohPV1tW6LRzw4OtLwBXl7pyvqzDToMmvjmnnECWvj4DnE4d9IHlXw1s2%2F1Do03WA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Zf0JAvsFy-mTUSQSGgwD4q5yf-bSY9_lmS83_i8B4tnR8_XzsPUEbg==
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
font/woff2
last-modified
Mon, 15 Jul 2024 22:44:07 GMT
vary
Accept-Encoding
access-control-allow-headers
fa-kit-token
server-timing
cfL4;desc="?proto=QUIC&rtt=6311&min_rtt=5925&rtt_var=223&sent=42&recv=29&lost=0&retrans=0&sent_bytes=36102&recv_bytes=6687&delivery_rate=2099442&cwnd=19200&unsent_bytes=0&cid=a8647a51cb8ff9a8&ts=78&x=1", cfHdrFlush;dur=0
cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
cf-ray
8e9738286f8fdbc7-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
118072
x-amz-cf-pop
FRA56-C2
server
cloudflare
x-amz-server-side-encryption
AES256
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.6.0/webfonts/
154 KB
154 KB
Font
General
Full URL
https://ka-f.fontawesome.com/releases/v6.6.0/webfonts/free-fa-solid-900.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
340e6d7f301471e307e50c2ed43fe45debc8ebbf24febef17b24f0b06f8883f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://paxfulpay.org
Referer
https://paxfulpay.org/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"76cf3ff0dbd23dd4504e2089f0df4acb"
age
66861
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=seG0IswF%2FvNBrsF%2B3ZbSy3lQ%2F6q9RzhaGn8rD88EubZDXngEoBcGg0xtIiaDnMW9ii8R19FlkUKNLuvCl6eOA%2BD0juNv562iUU990fkqIfryaSC8R0ke4hHErqTKx9dkEFalC2%2FERd6jrOepVqoAY8SdDA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
KQkXaHouAb9fPgkDy0xA5gF58y4qmOUjH42YKdD045dnPAPYORxt3g==
date
Thu, 28 Nov 2024 03:19:57 GMT
content-type
font/woff2
last-modified
Mon, 15 Jul 2024 22:44:08 GMT
vary
Accept-Encoding
access-control-allow-headers
fa-kit-token
server-timing
cfL4;desc="?proto=QUIC&rtt=6311&min_rtt=5925&rtt_var=223&sent=58&recv=29&lost=0&retrans=0&sent_bytes=55302&recv_bytes=6687&delivery_rate=2099442&cwnd=19200&unsent_bytes=0&cid=a8647a51cb8ff9a8&ts=79&x=1", cfHdrFlush;dur=5
cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
cf-ray
8e9738286f91dbc7-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
157192
x-amz-cf-pop
FRA60-P2
server
cloudflare
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Paxful (Crypto Exchange)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FontAwesomeKitConfig

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://paxfulpay.org/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()