Report - reorganize-ftxus.com/

Report Overview

Visited public
2024-08-06 21:20:07
Tags
Submit Tags
URL
reorganize-ftxus.com/
Finishing URL
reorganize-ftxus.com/
IP / ASN
172.67.177.196
#13335 CLOUDFLARENET
Title
Recovery User Login | FTX

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
r10.o.lencr.org	unknown	1.6 kB	4.4 kB	23.33.119.57
reorganize-ftxus.com	unknown	2.7 kB	1.9 MB	172.67.177.196
cdn.jsdelivr.net	439	449 B	4.9 kB	151.101.193.229
o.pki.goog	unknown	650 B	1.4 kB	142.250.74.131
fonts.googleapis.com	8877	482 B	6.8 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-08-06	medium	reorganize-ftxus.com/	Crypto/Wallet
2024-08-06	medium	reorganize-ftxus.com/	Crypto/Wallet
2024-08-06	medium	reorganize-ftxus.com/	Crypto/Wallet
2024-08-06	medium	reorganize-ftxus.com/	Crypto/Wallet
2024-08-06	medium	reorganize-ftxus.com/	Crypto/Wallet
2024-08-06	medium	reorganize-ftxus.com/	Crypto/Wallet

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	34 B	2023-04-11	2025-07-24
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-07-24 23:59 Times Seen67682 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	reorganize-ftxus.com/b074f3b9-236e-4662-8215-48029f7a56f5.js	ScriptElement	1.8 MB	2024-08-05	2024-08-19
Pretty URL reorganize-ftxus.com/b074f3b9-236e-4662-8215-48029f7a56f5.js IP 172.67.177.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-05 23:36 Last Seen2024-08-19 14:27 Times Seen2 Hash 790426284a34eaa9763b2c4bdeee4f8f cefe9861ad57b4cfe050018d46ad339600389df4 e6699dc85c62f67b334769d405ef9790e2075096e46c55fbcb76b036de9505cf Loading...

HTTP Transactions (15)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
75efd2f3585f3075b07d7001e610bf02
afeabc51586d1efe3d02337b8a43741c0d5a79b5
26b1b697a9cff033ffa5ef52c9261a48313b206b2093d4d0aa6a9d3e9d24ab15

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26B1B697A9CFF033FFA5EF52C9261A48313B206B2093D4D0AA6A9D3E9D24AB15"
Last-Modified: Tue, 06 Aug 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17492
Expires: Wed, 07 Aug 2024 02:11:13 GMT
Date: Tue, 06 Aug 2024 21:19:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
364e0d4e7956b61b144a82620b9fee26
8d45d1cf6f1805ae7308ae92b1676839bcc84dc2
167eb76ed650b4d8ed7747252181955a5803628ec02ca02edfe509b1b403786b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "167EB76ED650B4D8ED7747252181955A5803628EC02CA02EDFE509B1B403786B"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7742
Expires: Tue, 06 Aug 2024 23:28:43 GMT
Date: Tue, 06 Aug 2024 21:19:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e7a128439c6dec237227cc4b883a2c99
7794fc9e9bc964823a96cec60a2ec829dbce9919
f0a648a200fc7849174d4b74c6fbfee82b5bd098c9c9cae7084bdafaba169e3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0A648A200FC7849174D4B74C6FBFEE82B5BD098C9C9CAE7084BDAFABA169E3B"
Last-Modified: Tue, 06 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18651
Expires: Wed, 07 Aug 2024 02:30:32 GMT
Date: Tue, 06 Aug 2024 21:19:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5aa0870760a323e0c76c1574633ed6e1
5ba6f90abf50092defc125757aef5f3775353f40
485adde6605f8d46bbb24f1ce8fbdeba81d44f09b75600300584d408aa9f3ce1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "485ADDE6605F8D46BBB24F1CE8FBDEBA81D44F09B75600300584D408AA9F3CE1"
Last-Modified: Tue, 06 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10842
Expires: Wed, 07 Aug 2024 00:20:23 GMT
Date: Tue, 06 Aug 2024 21:19:41 GMT
Connection: keep-alive

GET reorganize-ftxus.com/css/css.css

172.67.177.196

200 OK

3.6 kB

URL GET HTTP/3
reorganize-ftxus.com/css/css.css
IP
172.67.177.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectreorganize-ftxus.com
Fingerprint6A:0D:64:13:95:44:23:5C:95:74:81:9F:4D:32:7E:6A:B1:A4:73:47
ValidityMon, 05 Aug 2024 16:10:12 GMT - Sun, 03 Nov 2024 16:10:11 GMT

File type
ASCII text, with very long lines (15376), with no line terminators
Size
3.6 kB (3576 bytes)
Hash
613a0286f9a7f399a2241a98d73d0373
f75fd4d189751ae057436037645200e05564b1e4
9aefd7d0d7c5a0abc7ccb71bcf0c609cf9258f0fb30d1224e24500048d564a0d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /css/css.css HTTP/1.1
Host: reorganize-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Aug 2024 21:19:42 GMT
content-type: text/css
content-length: 3576
last-modified: Sat, 13 Jul 2024 02:28:06 GMT
etag: "3c10-61d17befd7980-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOBh0RLpQrQr3vJFv5btqG3gmcn5B4yG9iD%2BtKT%2FvcyaJD8oQ9L4EjX4V3LvKm9sv%2Fu3Bpxnwil%2B5fHfpn5L57i6nUIsWJC%2BAaEn1K2WD1AajNLWnwKFGV9n%2FOA87ipv8C5lwQv6FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8af21112ac5456ae-OSL
alt-svc: h3=":443"; ma=86400

GET reorganize-ftxus.com/img/1.png

172.67.177.196

200 OK

1.2 kB

URL GET HTTP/3
reorganize-ftxus.com/img/1.png
IP
172.67.177.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectreorganize-ftxus.com
Fingerprint6A:0D:64:13:95:44:23:5C:95:74:81:9F:4D:32:7E:6A:B1:A4:73:47
ValidityMon, 05 Aug 2024 16:10:12 GMT - Sun, 03 Nov 2024 16:10:11 GMT

File type
PNG image data, 452 x 160, 8-bit colormap, non-interlaced
Size
1.2 kB (1249 bytes)
Hash
8cec8fb9229d19f7009be1949132ebec
1983fadc6a314161a64d42013dbb9cc7306cccc8
d02ed2193ae427ef93ca24295af13b07ae867d9a185acd55499a31871cb423c9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /img/1.png HTTP/1.1
Host: reorganize-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Aug 2024 21:19:42 GMT
content-type: image/png
content-length: 1249
last-modified: Tue, 21 May 2024 08:07:56 GMT
etag: "4e1-618f250bd4f00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yefc9GRTb0ytN4J4IXNXeFDTEcCArxrpxj8OnkmUFWP80sAu2Bl6ElaPpF8NZNOzi4sBYVDNHp24oUVtQx4Jz%2Bg3K0htIBs3gVP95J0Z%2Bo5e4CQbFgj6WEYKFqpeWa7NfYUGpoRxjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8af21112ac5856ae-OSL
alt-svc: h3=":443"; ma=86400

GET cdn.jsdelivr.net/npm/signature_pad@4.1.7/dist/signature_pad.umd.min.js

151.101.193.229

200 OK

4.1 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/signature_pad@4.1.7/dist/signature_pad.umd.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (11191)
Size
4.1 kB (4099 bytes)
Hash
5f083e987c6205fc040c835fba2824d3
c27c06e129775025f7cd96fd95561745e0b577b1
ffc6bfdd82e7ed4941c7da170f1a6ae4be3b7cb1036f6f60edb09617a868e7a4

HTTP Headers

GET /npm/signature_pad@4.1.7/dist/signature_pad.umd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.1.7
x-jsd-version-type: version
etag: W/"2c6e-wnwG4Sl3UCX3zZb9lVYXReC1d7E"
content-encoding: br
accept-ranges: bytes
age: 1194331
date: Tue, 06 Aug 2024 21:19:42 GMT
x-served-by: cache-fra-etou8220084-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4099
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c874c4740d04d22466a4181f4a57e3f3
7744e4386356bbcc43c9064830e7addc3a861b36
b9115430ce3d0b3da1f63c614e0d5d5a8579921f13b290213df357833b71b2b2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Aug 2024 21:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET reorganize-ftxus.com/exchange.js

172.67.177.196

200 OK

90 kB

URL GET HTTP/3
reorganize-ftxus.com/exchange.js
IP
172.67.177.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectreorganize-ftxus.com
Fingerprint6A:0D:64:13:95:44:23:5C:95:74:81:9F:4D:32:7E:6A:B1:A4:73:47
ValidityMon, 05 Aug 2024 16:10:12 GMT - Sun, 03 Nov 2024 16:10:11 GMT

File type
gzip compressed data, from Unix
Size
90 kB (90134 bytes)
Hash
f833609204921273400dc9f001a51d4f
ada85d22ebe5c9a4b38a7172204efee7e5739971
da461c8836941691ef797a9c2d368f65efbaf83d542ae712d95556dd096f27d8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /exchange.js HTTP/1.1
Host: reorganize-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Aug 2024 21:19:42 GMT
content-type: text/javascript
last-modified: Tue, 30 Jul 2024 05:34:30 GMT
etag: "389b0-61e7054e92580-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZWoVVZQySt1scBua7T6XJMfTpPIv2hwB%2B3EzF2%2B9zJv1lDmwcaxSvRrKSODNGEOt18hkOKSw%2BbKQtfzoKa9uwE%2Bt4dMMhu0idt87QmkG01OnYmnlBK7oZ8lCSwpwCHxUa4SzuydRaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8af21112bc5b56ae-OSL
alt-svc: h3=":443"; ma=86400

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c874c4740d04d22466a4181f4a57e3f3
7744e4386356bbcc43c9064830e7addc3a861b36
b9115430ce3d0b3da1f63c614e0d5d5a8579921f13b290213df357833b71b2b2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Aug 2024 21:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET reorganize-ftxus.com/img/favicon.ico

172.67.177.196

200 OK

348 B

URL GET HTTP/3
reorganize-ftxus.com/img/favicon.ico
IP
172.67.177.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectreorganize-ftxus.com
Fingerprint6A:0D:64:13:95:44:23:5C:95:74:81:9F:4D:32:7E:6A:B1:A4:73:47
ValidityMon, 05 Aug 2024 16:10:12 GMT - Sun, 03 Nov 2024 16:10:11 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
348 B (348 bytes)
Hash
cb8cbdd8bfefc5e45e58aca8ed3847fa
12a44e2439d501659eac6d0b2c74a4310d5a0645
4d076901875aa4ca3242d34a224120a145117aba21c96a840117e5bcda91fad3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: reorganize-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Aug 2024 21:19:43 GMT
content-type: image/x-icon
content-length: 348
last-modified: Tue, 21 May 2024 08:07:54 GMT
etag: "37ae-618f2509eca80-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32BdjER%2FDai5DKZxwEqGq5NTQqXGKOsjUhfBT70UNUc%2BOrp0TscywjkpiLNGcUIo4FVzEpIyEti2d5ehHxWHQuc8cECGCWFqyRdSO85%2BIHketLhtolSEzUBpczF8zNi9t77n1HgHAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8af21118c9e656ae-OSL
alt-svc: h3=":443"; ma=86400

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
460334cc4e5b7d0e9bae1a2db2ad27cd
b0a331b5252d61b68e687dc25581842a360aac4f
8e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14950
Expires: Wed, 07 Aug 2024 01:28:53 GMT
Date: Tue, 06 Aug 2024 21:19:43 GMT
Connection: keep-alive

GET reorganize-ftxus.com/

172.67.177.196

200 OK

19 kB

URL User Request GET HTTP/2
reorganize-ftxus.com/
IP
172.67.177.196:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectreorganize-ftxus.com
Fingerprint6A:0D:64:13:95:44:23:5C:95:74:81:9F:4D:32:7E:6A:B1:A4:73:47
ValidityMon, 05 Aug 2024 16:10:12 GMT - Sun, 03 Nov 2024 16:10:11 GMT

File type
HTML document, ASCII text
Size
19 kB (19366 bytes)
Hash
51e9c99aba4973ff6adf4e78ea489dfb
658d636e96894caa23e0116bfce387870ca12854
b3bc3cc081fdc539499e1de3e155fba3d09b061e7c3e376af2e568f27670df3e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET / HTTP/1.1
Host: reorganize-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 Aug 2024 21:19:42 GMT
content-type: text/html
last-modified: Sun, 04 Aug 2024 12:49:08 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dvK0wFD0DY%2Bi%2FiWV7ChtXl5jzgO2ybynGrWnw1%2BozvMxyyHDI4fbK1IA5bXAilI4lWNtqH8F5E34jXeha65FBgkgmetwg1SG8zCiDbw8koqSiN4PQ4RXyjsxVR9QJz6GUfd80kY5TA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8af2110fda8fb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap

142.250.74.106

200 OK

6.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF
ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT

File type
ASCII text, with very long lines (6345), with no line terminators
Size
6.2 kB (6185 bytes)
Hash
21b9ba06f932dab6b9cc106e811736bd
59f2d20bdc66387911938a4a363b242db792268e
816b5a9a2c3f3e92ec83efbae41d840e0d28c004a7976cfa35bd458966227964

HTTP Headers

GET /css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Aug 2024 21:19:42 GMT
date: Tue, 06 Aug 2024 21:19:42 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET reorganize-ftxus.com/b074f3b9-236e-4662-8215-48029f7a56f5.js

172.67.177.196

200 OK

1.8 MB

URL GET HTTP/3
reorganize-ftxus.com/b074f3b9-236e-4662-8215-48029f7a56f5.js
IP
172.67.177.196:443
ASN
#13335 CLOUDFLARENET

Requested by
https://reorganize-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectreorganize-ftxus.com
Fingerprint6A:0D:64:13:95:44:23:5C:95:74:81:9F:4D:32:7E:6A:B1:A4:73:47
ValidityMon, 05 Aug 2024 16:10:12 GMT - Sun, 03 Nov 2024 16:10:11 GMT

File type

Size
1.8 MB (1800392 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /b074f3b9-236e-4662-8215-48029f7a56f5.js HTTP/1.1
Host: reorganize-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reorganize-ftxus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Aug 2024 21:19:42 GMT
content-type: text/javascript
last-modified: Sun, 04 Aug 2024 12:48:42 GMT
etag: "1b78c8-61edafaeffe80-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AbUj6l9bnOwVVbxZ2kokcmbMQ2jKdrBE%2B8hMyAenOTYlnelGYNVrfS%2FeY6dZ8D3OZjcGQ%2Bo9oy2Gp58kLvM%2Fbq8KFakhAxUykvfHxeiLrEVMksyiQP%2BrUGkU%2FX8jAqF2pfw4zeg8xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8af21112ac5656ae-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size