paxfulglobalpay.com Open in urlscan Pro
62.141.38.23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paxfulglobalpay.com/login.1
Submission: On November 07 via api (November 7th 2024, 6:23:28 am UTC) from US — Scanned from US

Summary HTTP 28 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 28 HTTP transactions. The main IP is 62.141.38.23, located in Germany and belongs to MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE. The main domain is paxfulglobalpay.com.
TLS certificate: Issued by R11 on November 6th 2024. Valid for: 3 months.

This is the only time paxfulglobalpay.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Paxful (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
2	62.141.38.23 62.141.38.23	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG)
2	2606:4700::68... 2606:4700::6812:ce6d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	102.212.247.90 102.212.247.90	36086 (TELX-LEGACY) (TELX-LEGACY)
28	4

2 62.141.38.23 (Germany)

ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE)
PTR: vps2519674.dedi.server-hosting.expert

paxfulglobalpay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:ce6d (United States)

ASN13335 (CLOUDFLARENET, US)

accounts.paxful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 102.212.247.90 (Kenya)

ASN36086 (TELX-LEGACY, US)
PTR: das107.truehost.cloud

paxfultransact.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	paxful.com accounts.paxful.com	16 KB
2	paxfulglobalpay.com paxfulglobalpay.com	33 KB
1	paxfultransact.com paxfultransact.com Failed	9 KB
28	3

	Domain	Requested by
2	accounts.paxful.com	paxfulglobalpay.com accounts.paxful.com
2	paxfulglobalpay.com	paxfulglobalpay.com
1	paxfultransact.com	paxfulglobalpay.com
28	3

This site contains links to these domains. Also see Links.

Domain
paxful.com
paxfultransact.com

Subject Issuer	Validity	Valid
paxfulglobalpay.com R11	`2024-11-06` - `2025-02-04`	3 months	crt.sh
paxful.com WE1	`2024-09-27` - `2024-12-26`	3 months	crt.sh
*.paxfultransact.com R10	`2024-10-29` - `2025-01-27`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://paxfulglobalpay.com/login.1
Frame ID: 83E8F59524F08B4A9578E58DF327480A
Requests: 27 HTTP requests in this frame

Frame: https://paxfulglobalpay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: C40A051E4B4D1AA90ADC8EBE4E8DF458
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Paxful

Detected technologies

Django (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)

Page Statistics

28
Requests

18 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

58 kB
Transfer

138 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://paxful.com/

Search URL Search Domain Scan URL

URL: https://paxfultransact.com/register
Title: Sign up

Search URL Search Domain Scan URL

URL: https://paxfultransact.com/forgot-password
Title: Forgot password?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.1 Show response paxfulglobalpay.com/	33 KB 33 KB	512ms 88ms	Document text/html	62.141.38.23 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://paxfulglobalpay.com/login.1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.141.38.23 , Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE), Reverse DNS vps2519674.dedi.server-hosting.expert Software Apache / Resource Hash `bc4d4d0ed9b1d4ebe7e7f6ec5747de65a4678e4424e02db66797ed6c063ccc74` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 33996 Date Thu, 07 Nov 2024 06:23:21 GMT Keep-Alive timeout=5, max=100 Last-Modified Tue, 05 Nov 2024 01:22:11 GMT Server Apache
GET H3	200	6672feea99185a86.css accounts.paxful.com/_next/static/css/	2 KB 812 B	147ms 77ms	Stylesheet text/css	2606:4700::6812:ce6d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accounts.paxful.com/_next/static/css/6672feea99185a86.css Requested by Host: paxfulglobalpay.com URL: https://paxfulglobalpay.com/login.1 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:ce6d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d682b28eb5634ce5f7bd1f26f3e299d565fb76dfe4b0743d7e4530c244f130e1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://paxfulglobalpay.com/ Response headers server cloudflare cache-control public, max-age=31536000 content-encoding gzip cf-cache-status HIT etag W/"759-1929034cca3" age 1945129 x-envoy-upstream-service-time 1 cf-ray 8deb3beecd6b8c05-EWR expires Fri, 07 Nov 2025 06:23:21 GMT alt-svc h3=":443"; ma=86400 date Thu, 07 Nov 2024 06:23:21 GMT content-type text/css; charset=UTF-8 last-modified Tue, 15 Oct 2024 12:43:52 GMT vary Accept-Encoding cf-placement local-EWR
GET H3	200	6060de9c41e218f9.css accounts.paxful.com/_next/static/css/	78 KB 15 KB	149ms 80ms	Stylesheet text/css	2606:4700::6812:ce6d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accounts.paxful.com/_next/static/css/6060de9c41e218f9.css Requested by Host: paxfulglobalpay.com URL: https://paxfulglobalpay.com/login.1 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:ce6d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c3a12522a654e5ac53161c298427f5e6c48bc571ce1704a82f3d0e812f788f75` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://paxfulglobalpay.com/ Response headers server cloudflare cache-control public, max-age=31536000 content-encoding gzip cf-cache-status HIT etag W/"137f2-1929034cca3" age 1790859 x-envoy-upstream-service-time 4 cf-ray 8deb3beecd6a8c05-EWR expires Fri, 07 Nov 2025 06:23:21 GMT alt-svc h3=":443"; ma=86400 date Thu, 07 Nov 2024 06:23:21 GMT content-type text/css; charset=UTF-8 last-modified Tue, 15 Oct 2024 12:43:52 GMT vary Accept-Encoding cf-placement local-EWR
GET		webpack-9bc516a4ec8b636f.js paxfultransact.com/_next/static/chunks/	0 0

GET		bccaed0a-e01847b8d80b63ae.js paxfultransact.com/_next/static/chunks/	0 0

GET		7db9047a-c1092a913f6ad6e1.js paxfultransact.com/_next/static/chunks/	0 0

GET		2972-63e1f2c85d818c56.js paxfultransact.com/_next/static/chunks/	0 0

GET		main-app-91f7cd107e47edc9.js paxfultransact.com/_next/static/chunks/	0 0

GET		2819-61dbb981c58931fb.js paxfultransact.com/_next/static/chunks/	0 0

GET		4173-58674d60f1a2932d.js paxfultransact.com/_next/static/chunks/	0 0

GET		4309-be517566326f709a.js paxfultransact.com/_next/static/chunks/	0 0

GET		6095-e377bf1887b1b283.js paxfultransact.com/_next/static/chunks/	0 0

GET		3884-d644b2b612b4beba.js paxfultransact.com/_next/static/chunks/	0 0

GET		8568-fa05631198a467c1.js paxfultransact.com/_next/static/chunks/	0 0

GET		9563-be7e12b752b776c9.js paxfultransact.com/_next/static/chunks/	0 0

GET		1490-54757f865b6a87eb.js paxfultransact.com/_next/static/chunks/	0 0

GET		1302-2a5bc510dcd7b551.js paxfultransact.com/_next/static/chunks/	0 0

GET		page-95face97a7cd1d4a.js paxfultransact.com/_next/static/chunks/app/(public)/login/	0 0

GET		6868-efcddd0d33488449.js paxfultransact.com/_next/static/chunks/	0 0

GET		1660-8b8b80742aa81a87.js paxfultransact.com/_next/static/chunks/	0 0

GET		layout-fa4b4a06eca00182.js paxfultransact.com/_next/static/chunks/app/	0 0

GET		6898-b6878b6b21c53765.js paxfultransact.com/_next/static/chunks/	0 0

GET		not-found-91b2f32596c47477.js paxfultransact.com/_next/static/chunks/app/	0 0

GET		error-ae4b7ea5770defba.js paxfultransact.com/_next/static/chunks/app/	0 0

GET		gt4.js paxfultransact.com/	0 0

GET		db00448b8596db6d-s.p.ttf accounts.paxful.com/_next/static/media/	0 0

GET H/1.1	404 Not Found	main.js paxfulglobalpay.com/cdn-cgi/challenge-platform/scripts/jsd/ Frame C40A	0 0	88ms 87ms	Script text/html	62.141.38.23 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://paxfulglobalpay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js Requested by Host: paxfulglobalpay.com URL: https://paxfulglobalpay.com/login.1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 62.141.38.23 , Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE), Reverse DNS vps2519674.dedi.server-hosting.expert Software Apache / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers Keep-Alive timeout=5, max=99 Content-Length 315 Date Thu, 07 Nov 2024 06:23:21 GMT Content-Type text/html; charset=iso-8859-1 Server Apache Connection Keep-Alive
GET H2	200	favicon.ico paxfultransact.com/	25 KB 9 KB	64ms 63ms	Other image/x-icon	102.212.247.90 TELX-LEGACY
General Check archive.org Show headers Download Go to Full URL https://paxfultransact.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 102.212.247.90 , Kenya, ASN36086 (TELX-LEGACY, US), Reverse DNS das107.truehost.cloud Software / Resource Hash `2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://paxfulglobalpay.com/ Response headers cache-control public, max-age=604800 content-encoding br expires Thu, 14 Nov 2024 06:23:23 GMT accept-ranges bytes content-length 9051 date Thu, 07 Nov 2024 06:23:23 GMT content-type image/x-icon last-modified Mon, 23 Oct 2023 13:14:24 GMT vary Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/webpack-9bc516a4ec8b636f.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/bccaed0a-e01847b8d80b63ae.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/7db9047a-c1092a913f6ad6e1.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/2972-63e1f2c85d818c56.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/main-app-91f7cd107e47edc9.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/2819-61dbb981c58931fb.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/4173-58674d60f1a2932d.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/4309-be517566326f709a.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/6095-e377bf1887b1b283.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/3884-d644b2b612b4beba.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/8568-fa05631198a467c1.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/9563-be7e12b752b776c9.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/1490-54757f865b6a87eb.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/1302-2a5bc510dcd7b551.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/app/(public)/login/page-95face97a7cd1d4a.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/6868-efcddd0d33488449.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/1660-8b8b80742aa81a87.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/app/layout-fa4b4a06eca00182.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/6898-b6878b6b21c53765.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/app/not-found-91b2f32596c47477.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/_next/static/chunks/app/error-ae4b7ea5770defba.js

Domain: paxfultransact.com
URL: https://paxfultransact.com/gt4.js

Domain: accounts.paxful.com
URL: https://accounts.paxful.com/_next/static/media/db00448b8596db6d-s.p.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Paxful (Crypto Exchange)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| __next_s object| __next_f

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.paxful.com/	1970-01-21 00:49:22	Name: __cf_bm Value: OkS3_xm4AAJOTiAWjKR7CaaDHcWWPU15q2k7BFKpBuM-1730960601-1.0.1.1-RrBmr1Ugi9G_7._N2bFFqPj0qfKVAS2i2KGX8cmyHrSA9FEXjTTvSTM6zhRdtjY1Jyx4wk5oDAvE8NYa41ZeJQ

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://paxfulglobalpay.com/login.1 Message: Access to font at 'https://accounts.paxful.com/_next/static/media/db00448b8596db6d-s.p.ttf' from origin 'https://paxfulglobalpay.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://accounts.paxful.com/_next/static/media/db00448b8596db6d-s.p.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://paxfulglobalpay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://paxfulglobalpay.com/login.1 Message: The resource https://paxfultransact.com/gt4.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.paxful.com
paxfulglobalpay.com
paxfultransact.com
accounts.paxful.com
paxfultransact.com
102.212.247.90
2606:4700::6812:ce6d
62.141.38.23
2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932
bc4d4d0ed9b1d4ebe7e7f6ec5747de65a4678e4424e02db66797ed6c063ccc74
c3a12522a654e5ac53161c298427f5e6c48bc571ce1704a82f3d0e812f788f75
d682b28eb5634ce5f7bd1f26f3e299d565fb76dfe4b0743d7e4530c244f130e1

paxfulglobalpay.com Open in urlscan Pro 62.141.38.23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

28 Requests

18 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

58 kBTransfer

138 kBSize

1 Cookies

3 Outgoing links

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

paxfulglobalpay.com Open in urlscan Pro
62.141.38.23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

18 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

58 kB
Transfer

138 kB
Size

1
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!