Report - pay-ftxus.com/

Report Overview

Visited public
2024-07-17 10:49:50
Tags
Submit Tags
URL
pay-ftxus.com/
Finishing URL
pay-ftxus.com/
IP / ASN
185.196.10.138
#42624 Simple Carrier LLC
Title
Recovery User Login | FTX

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-16 18:12:11	1.3 kB	3.5 kB	23.36.77.32
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-07-16 18:12:01	327 B	888 B	23.36.77.32
pay-ftxus.com	unknown	unknown	No data	No data	2.5 kB	571 kB	185.196.10.138
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-07-16 18:27:20	442 B	4.9 kB	151.101.65.229
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-07-17 07:58:43	473 B	3.4 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-17 10:49:24	medium	185.196.10.138	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 32

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-07-16	medium	pay-ftxus.com/	Crypto/Wallet
2024-07-16	medium	pay-ftxus.com/	Crypto/Wallet
2024-07-16	medium	pay-ftxus.com/	Crypto/Wallet
2024-07-16	medium	pay-ftxus.com/	Crypto/Wallet
2024-07-16	medium	pay-ftxus.com/	Crypto/Wallet
2024-07-16	medium	pay-ftxus.com/	Crypto/Wallet

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	pay-ftxus.com/cc9448d8-3f31-4734-b3b0-f208633d0748.js	ScriptElement	1.4 MB	2024-07-17	2024-09-28
Pretty URL pay-ftxus.com/cc9448d8-3f31-4734-b3b0-f208633d0748.js IP 185.196.10.138 ASN #42624 Simple Carrier LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 11:24 Last Seen2024-09-28 08:39 Times Seen48 Hash 30c95ea9316dbd19881ab9a2b744a323 ef6616efe5f25cdc35888680a5131a9d3eb19ff2 d8a7d12da737bea231c3cc476b114666435fc8300c39e6b012a937b8e92e8f98 Loading...

	unknown	Function	79 B	2023-04-11	2025-07-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-07-25 03:37 Times Seen119901 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	Function	37 B	2023-04-11	2025-07-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-07-25 03:59 Times Seen310095 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	Function	34 B	2023-04-11	2025-07-24
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-07-24 23:59 Times Seen67682 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

HTTP Transactions (13)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
515a47172f3cc8fbca49fb1ef5f72e11
5b474a25a17288e58ea017f17fa456cf13893af3
13578d886dc74ebf01cfa31617c3417b42b8c8395e4bacc10a1b6f1d19bc55f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "13578D886DC74EBF01CFA31617C3417B42B8C8395E4BACC10A1B6F1D19BC55F2"
Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4226
Expires: Wed, 17 Jul 2024 11:59:50 GMT
Date: Wed, 17 Jul 2024 10:49:24 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8adae0850833bda75a126609142b9cc3
86bacfb17579cfe95ece8ca414f8a92f640088d9
776a95cb7c486ac5367858d9ad2ab086cb6c33b3f9a5ff8f48b8923d27b0bfa4

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "776A95CB7C486AC5367858D9AD2AB086CB6C33B3F9A5FF8F48B8923D27B0BFA4"
Last-Modified: Tue, 16 Jul 2024 06:46:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Wed, 17 Jul 2024 16:49:23 GMT
Date: Wed, 17 Jul 2024 10:49:24 GMT
Connection: keep-alive

GET pay-ftxus.com/

185.196.10.138

200 OK

2.4 kB

URL User Request GET HTTP/1.1
pay-ftxus.com/
IP
185.196.10.138:443
ASN
#42624 Simple Carrier LLC

Certificate
IssuerLet's Encrypt
Subjectpay-ftxus.com
Fingerprint31:91:2A:C8:E0:5B:F1:B2:EC:B9:10:C9:8C:E4:C3:41:EC:4F:B2:EA
ValidityTue, 16 Jul 2024 05:40:03 GMT - Mon, 14 Oct 2024 05:40:02 GMT

File type
HTML document, ASCII text
Size
2.4 kB (2436 bytes)
Hash
f8815d4144b8dd66aea090b6f95b11ff
6325a14c2721b645788ddb46db9dbcbaaf6956a0
dc63c014ad8c2af9eb6181808993db15f139340cb78ef1ee693d672b058890ac

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET / HTTP/1.1
Host: pay-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 10:49:24 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Tue, 16 Jul 2024 06:19:30 GMT
ETag: "4ba6-61d575410ee12-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2436
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET pay-ftxus.com/css/css.css

185.196.10.138

200 OK

3.6 kB

URL GET HTTP/1.1
pay-ftxus.com/css/css.css
IP
185.196.10.138:443
ASN
#42624 Simple Carrier LLC

Requested by
https://pay-ftxus.com/
Certificate
IssuerLet's Encrypt
Subjectpay-ftxus.com
Fingerprint31:91:2A:C8:E0:5B:F1:B2:EC:B9:10:C9:8C:E4:C3:41:EC:4F:B2:EA
ValidityTue, 16 Jul 2024 05:40:03 GMT - Mon, 14 Oct 2024 05:40:02 GMT

File type
ASCII text, with very long lines (15376), with no line terminators
Size
3.6 kB (3576 bytes)
Hash
613a0286f9a7f399a2241a98d73d0373
f75fd4d189751ae057436037645200e05564b1e4
9aefd7d0d7c5a0abc7ccb71bcf0c609cf9258f0fb30d1224e24500048d564a0d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /css/css.css HTTP/1.1
Host: pay-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 10:49:24 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Tue, 16 Jul 2024 06:19:17 GMT
ETag: "3c10-61d57534c089d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3576
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

GET cdn.jsdelivr.net/npm/signature_pad@4.1.7/dist/signature_pad.umd.min.js

151.101.65.229

200 OK

4.1 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/signature_pad@4.1.7/dist/signature_pad.umd.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://pay-ftxus.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (11191)
Size
4.1 kB (4099 bytes)
Hash
5f083e987c6205fc040c835fba2824d3
c27c06e129775025f7cd96fd95561745e0b577b1
ffc6bfdd82e7ed4941c7da170f1a6ae4be3b7cb1036f6f60edb09617a868e7a4

HTTP Headers

GET /npm/signature_pad@4.1.7/dist/signature_pad.umd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.1.7
x-jsd-version-type: version
etag: W/"2c6e-wnwG4Sl3UCX3zZb9lVYXReC1d7E"
content-encoding: br
accept-ranges: bytes
date: Wed, 17 Jul 2024 10:49:24 GMT
age: 1833326
x-served-by: cache-fra-etou8220084-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4099
X-Firefox-Spdy: h2

GET pay-ftxus.com/exchange.js

185.196.10.138

200 OK

2.8 kB

URL GET HTTP/1.1
pay-ftxus.com/exchange.js
IP
185.196.10.138:443
ASN
#42624 Simple Carrier LLC

Requested by
https://pay-ftxus.com/
Certificate
IssuerLet's Encrypt
Subjectpay-ftxus.com
Fingerprint31:91:2A:C8:E0:5B:F1:B2:EC:B9:10:C9:8C:E4:C3:41:EC:4F:B2:EA
ValidityTue, 16 Jul 2024 05:40:03 GMT - Mon, 14 Oct 2024 05:40:02 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
2.8 kB (2828 bytes)
Hash
27b98b648e00f84c6143bc4640d336d8
f2c414c104b7add3739e46a08456163c66e18dca
759b78a8c881d397d1aea4d1d29d41e74a66580668223b37fe1a3893848e79b8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /exchange.js HTTP/1.1
Host: pay-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 10:49:24 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Tue, 16 Jul 2024 06:19:31 GMT
ETag: "2c5b-61d575421e5c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2828
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

GET pay-ftxus.com/cc9448d8-3f31-4734-b3b0-f208633d0748.js

185.196.10.138

200 OK

545 kB

URL GET HTTP/1.1
pay-ftxus.com/cc9448d8-3f31-4734-b3b0-f208633d0748.js
IP
185.196.10.138:443
ASN
#42624 Simple Carrier LLC

Requested by
https://pay-ftxus.com/
Certificate
IssuerLet's Encrypt
Subjectpay-ftxus.com
Fingerprint31:91:2A:C8:E0:5B:F1:B2:EC:B9:10:C9:8C:E4:C3:41:EC:4F:B2:EA
ValidityTue, 16 Jul 2024 05:40:03 GMT - Mon, 14 Oct 2024 05:40:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
545 kB (545125 bytes)
Hash
30c95ea9316dbd19881ab9a2b744a323
ef6616efe5f25cdc35888680a5131a9d3eb19ff2
d8a7d12da737bea231c3cc476b114666435fc8300c39e6b012a937b8e92e8f98

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /cc9448d8-3f31-4734-b3b0-f208633d0748.js HTTP/1.1
Host: pay-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 10:49:24 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Tue, 16 Jul 2024 06:19:27 GMT
ETag: "1580a8-61d5753ee9155-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET pay-ftxus.com/img/1.png

185.196.10.138

200 OK

1.2 kB

URL GET HTTP/1.1
pay-ftxus.com/img/1.png
IP
185.196.10.138:443
ASN
#42624 Simple Carrier LLC

Requested by
https://pay-ftxus.com/
Certificate
IssuerLet's Encrypt
Subjectpay-ftxus.com
Fingerprint31:91:2A:C8:E0:5B:F1:B2:EC:B9:10:C9:8C:E4:C3:41:EC:4F:B2:EA
ValidityTue, 16 Jul 2024 05:40:03 GMT - Mon, 14 Oct 2024 05:40:02 GMT

File type
PNG image data, 452 x 160, 8-bit colormap, non-interlaced
Size
1.2 kB (1249 bytes)
Hash
8cec8fb9229d19f7009be1949132ebec
1983fadc6a314161a64d42013dbb9cc7306cccc8
d02ed2193ae427ef93ca24295af13b07ae867d9a185acd55499a31871cb423c9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /img/1.png HTTP/1.1
Host: pay-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 10:49:25 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Tue, 16 Jul 2024 06:17:22 GMT
ETag: "4e1-61d574c765e4c"
Accept-Ranges: bytes
Content-Length: 1249
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

GET pay-ftxus.com/img/favicon.ico

185.196.10.138

200 OK

14 kB

URL GET HTTP/1.1
pay-ftxus.com/img/favicon.ico
IP
185.196.10.138:443
ASN
#42624 Simple Carrier LLC

Requested by
https://pay-ftxus.com/
Certificate
IssuerLet's Encrypt
Subjectpay-ftxus.com
Fingerprint31:91:2A:C8:E0:5B:F1:B2:EC:B9:10:C9:8C:E4:C3:41:EC:4F:B2:EA
ValidityTue, 16 Jul 2024 05:40:03 GMT - Mon, 14 Oct 2024 05:40:02 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
14 kB (14254 bytes)
Hash
cb8cbdd8bfefc5e45e58aca8ed3847fa
12a44e2439d501659eac6d0b2c74a4310d5a0645
4d076901875aa4ca3242d34a224120a145117aba21c96a840117e5bcda91fad3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: pay-ftxus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 10:49:25 GMT
Server: Apache/2.4.61 (Debian)
Last-Modified: Tue, 16 Jul 2024 06:17:20 GMT
ETag: "37ae-61d574c540195"
Accept-Ranges: bytes
Content-Length: 14254
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
24c83d2f348779cbefbb6c6bd4b8c2a8
4373c3ca7bee06c8456f6997929b0af5e349283d
f957efbbe90dee51487d910c6039fa2ac841192fd9f67efb69358b536f87b7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F957EFBBE90DEE51487D910C6039FA2AC841192FD9F67EFB69358B536F87B7D3"
Last-Modified: Mon, 15 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2284
Expires: Wed, 17 Jul 2024 11:27:29 GMT
Date: Wed, 17 Jul 2024 10:49:25 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
24c83d2f348779cbefbb6c6bd4b8c2a8
4373c3ca7bee06c8456f6997929b0af5e349283d
f957efbbe90dee51487d910c6039fa2ac841192fd9f67efb69358b536f87b7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F957EFBBE90DEE51487D910C6039FA2AC841192FD9F67EFB69358B536F87B7D3"
Last-Modified: Mon, 15 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2284
Expires: Wed, 17 Jul 2024 11:27:29 GMT
Date: Wed, 17 Jul 2024 10:49:25 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
24c83d2f348779cbefbb6c6bd4b8c2a8
4373c3ca7bee06c8456f6997929b0af5e349283d
f957efbbe90dee51487d910c6039fa2ac841192fd9f67efb69358b536f87b7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F957EFBBE90DEE51487D910C6039FA2AC841192FD9F67EFB69358B536F87B7D3"
Last-Modified: Mon, 15 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2284
Expires: Wed, 17 Jul 2024 11:27:29 GMT
Date: Wed, 17 Jul 2024 10:49:25 GMT
Connection: keep-alive

GET fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap

142.250.74.106

200 OK

2.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://pay-ftxus.com/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint8F:1C:80:D7:A7:FA:04:F3:EE:EF:70:FD:56:35:32:FD:55:AB:63:5F
ValidityMon, 24 Jun 2024 07:40:53 GMT - Mon, 16 Sep 2024 07:40:52 GMT

File type
gzip compressed data, max compression
Size
2.8 kB (2774 bytes)
Hash
c0cc0dcdb35e5867c81b79df24177d7c
f384a7c3ee3ccc17aadbd4902a40b90cd3f81cdc
115406b694064a90ce7874ba61bbfc1766437440a7de141e16fbb495f578dd33

HTTP Headers

GET /css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pay-ftxus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Jul 2024 10:49:24 GMT
date: Wed, 17 Jul 2024 10:49:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate