withdrawal.rebate-ftx.com Open in urlscan Pro
45.12.229.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ipfs.io/ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV
Effective URL:
https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Submission: On October 04 via manual (October 4th 2024, 5:58:57 am UTC) from CZ — Scanned from IT

Summary HTTP 61 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 9 domains to perform 61 HTTP transactions. The main IP is 45.12.229.112, located in St Petersburg, Russian Federation and belongs to SELECTEL, RU. The main domain is withdrawal.rebate-ftx.com.
TLS certificate: Issued by R11 on October 3rd 2024. Valid for: 3 months.

This is the only time withdrawal.rebate-ftx.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 2	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
2	104.18.11.112 104.18.11.112	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	169.150.247.36 169.150.247.36	60068 (CDN77 _) (CDN77 _)
8	45.12.229.112 45.12.229.112	49505 (SELECTEL) (SELECTEL)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	151.101.193.229 151.101.193.229	54113 (FASTLY) (FASTLY)
1	104.18.12.145 104.18.12.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.28.72 104.18.28.72	() ()
61	9

2 209.94.90.1 (United States) 1 redirects

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.11.112 (None, )

ASN13335 (CLOUDFLARENET, US)

cloudflare-eth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.150.247.36 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-36.bunnyinfra.net

ipfs.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 45.12.229.112 (St Petersburg, Russian Federation)

ASN49505 (SELECTEL, RU)

withdrawal.rebate-ftx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.193.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.12.145 (None, )

ASN13335 (CLOUDFLARENET, US)

api-manage-manage-checker.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.28.72 (None, )

ASN- ()

api.web3modal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	rebate-ftx.com withdrawal.rebate-ftx.com	2 MB
5	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	73 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	143 KB
2	web3modal.com api.web3modal.com Failed
2	cloudflare-eth.com cloudflare-eth.com — Cisco Umbrella Rank: 178939	269 B
2	ipfs.io 1 redirects ipfs.io — Cisco Umbrella Rank: 122139	1 KB
1	api-manage-manage-checker.ru api-manage-manage-checker.ru	8 KB
1	ipfs.tech ipfs.tech — Cisco Umbrella Rank: 246059	5 KB
0	googleapis.com Failed fonts.googleapis.com Failed
61	9

	Domain	Requested by
8	withdrawal.rebate-ftx.com	ipfs.io withdrawal.rebate-ftx.com
5	cdn.jsdelivr.net	withdrawal.rebate-ftx.com
3	cdnjs.cloudflare.com	withdrawal.rebate-ftx.com
2	api.web3modal.com	withdrawal.rebate-ftx.com
2	cloudflare-eth.com	ipfs.io
2	ipfs.io	1 redirects
1	api-manage-manage-checker.ru	withdrawal.rebate-ftx.com
1	ipfs.tech
0	fonts.googleapis.com Failed	client
61	9

This site contains links to these domains. Also see Links.

Domain
claims.ftx.com

Subject Issuer	Validity	Valid
ipfs.io WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
cloudflare-eth.com WE1	`2024-09-16` - `2024-12-15`	3 months	crt.sh
withdrawal.rebate-ftx.com R11	`2024-10-03` - `2025-01-01`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
api-manage-manage-checker.ru WE1	`2024-08-10` - `2024-11-08`	3 months	crt.sh
web3modal.com WE1	`2024-08-28` - `2024-11-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Frame ID: A1B18A3587EDCEECD0B587EB1852EDDA
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FTX Cryptocurrency Exchange

Page URL History Show full URLs

https://ipfs.io/ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV Page URL
https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/ Page URL
https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/ Page URL

Detected technologies

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/npm/sweetalert2@([\d.]+)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

61
Requests

36 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

9
IPs

4
Countries

2507 kB
Transfer

9050 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://claims.ftx.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ipfs.io/ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV Page URL
https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/ Page URL
https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://ipfs.io/favicon.ico HTTP 301
https://ipfs.tech/favicon.ico

61 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV Show response
ipfs.io/ipfs/ 510 B
853 B 552ms
70ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460a7dd2c92807ec0b2a350609b24766725c2f53352254c676c0684be747ba44

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 47028
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 8cd2f14c0aea375b-MXP
content-encoding: br
content-type: text/html
date: Fri, 04 Oct 2024 05:58:51 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV
x-ipfs-pop: rainbow-am6-03
x-ipfs-roots: QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV

POST
H2 200 /
cloudflare-eth.com/ 358 B
269 B 217ms
213ms Fetch
application/json 104.18.11.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cloudflare-eth.com/
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.11.112 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://ipfs.io/

Response headers

content-encoding: br
x-cf-eth-has-latest-tag: true
access-control-allow-methods: POST, OPTIONS
x-cf-eth-methods: eth_call
cf-ray: 8cd2f1509d6abadb-MXP
access-control-allow-origin: *
date: Fri, 04 Oct 2024 05:58:52 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

OPTIONS
H2 200 /
cloudflare-eth.com/ 0
0 542ms
90ms Preflight 104.18.11.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cloudflare-eth.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.11.112 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ipfs.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
cf-ray: 8cd2f1502ccdbadb-MXP
content-length: 0
date: Fri, 04 Oct 2024 05:58:52 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2

200

favicon.ico
ipfs.tech/
Redirect Chain

https://ipfs.io/favicon.ico
https://ipfs.tech/favicon.ico

15 KB
5 KB

514ms
91ms

Other
image/x-icon

169.150.247.36
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.tech/favicon.ico

Protocol

Server

169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

169-150-247-36.bunnyinfra.net

Software

BunnyCDN-DE1-1079 /

Resource Hash

94a9fefbbe42310c03ff1e52c1f753c21038805f632867ea78930a52c445a456

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ipfs.io/

Response headers

cdn-status: 200
x-request-id: 7886ad26f982739817d17c925047f172
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
content-encoding: br
x-ipfs-path: /ipfs/bafybeig2htkx6trji2aast7x6bdymzdgm4gc4ouvp25n7fufr55nitci3y/favicon.ico
etag: W/"QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT"
x-content-type-options: nosniff
x-ipfs-roots: bafybeig2htkx6trji2aast7x6bdymzdgm4gc4ouvp25n7fufr55nitci3y,QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT
cdn-cachedat: 09/27/2024 03:58:04
content-type: image/x-icon
x-cache-status: MISS
cdn-cache: HIT
cache-control: max-age=60, stale-while-revalidate=3600
cdn-requestpullsuccess: True
cdn-pullzone: 2016121
referrer-policy: strict-origin-when-cross-origin
cdn-proxyver: 1.04
x-xss-protection: 0
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IT
access-control-allow-methods: GET, HEAD, OPTIONS
date: Fri, 04 Oct 2024 05:58:52 GMT
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid: d5c38506392a9ca1a53a8e0a4767d6a6
access-control-allow-origin: *

Redirect headers

location: https://ipfs.tech/favicon.ico
cf-cache-status: HIT
cf-ray: 8cd2f14d4cb0375b-MXP
date: Fri, 04 Oct 2024 05:58:51 GMT
content-type: text/html
x-ipfs-pop: rainbow-fr2-03
vary: Accept-Encoding
server: cloudflare

GET
H2 200 / Show response
withdrawal.rebate-ftx.com/account/ 92 KB
34 KB 1380ms
229ms Document
text/html 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmQb85PvajoswEpnd9Wzpya1T8juLeaQehDgrzr74SUgcV
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PHP/8.3.12 PleskLin
Resource Hash: c5c6ce270425f052c0b2b2b64b9dfbcfba8616c515676677b8e433d948c4e11c

Request headers

Referer: https://ipfs.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 34579
content-type: text/html; charset=UTF-8
date: Fri, 04 Oct 2024 05:58:53 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.3.12 PleskLin

GET
H2 200 Primary Request / Show response
withdrawal.rebate-ftx.com/account/ 1 MB
641 KB 211ms
211ms Document
text/html 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PHP/8.3.12 PleskLin
Resource Hash: 51a9d01a957faa1e3776f1dc2887eadd99527d86ca9d573ca16a59a8357c8ced

Request headers

Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 04 Oct 2024 05:58:54 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.3.12 PleskLin

GET
H2 200 ethers.umd.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ 719 KB
124 KB 514ms
72ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ethers.umd.min.js

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "62ad87d5-1eb91"
age: 1947255
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12aUIqdfqpE%2BFoiRyXp5zWYp9hDa9sUlzd3ET4f4AoMnBof3uo33ndXo0kHwdhJOn%2FAA0UC7SIvd7HmCo2AV9hx79xVTpZ83JaSc1ewfpV8iTZmRpZwSroplXFBrKKldRKiaDklk"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 05:58:54 GMT
date: Fri, 04 Oct 2024 05:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 18 Jun 2022 08:07:49 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cd2f1604e5c5249-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 125841
server: cloudflare

GET
H2 200 merkletree.js Show response
cdn.jsdelivr.net/npm/merkletreejs@latest/ 215 KB
47 KB 523ms
63ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/merkletreejs@latest/merkletree.js

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"35cec-voDmHbahh9asSkpxmh+JmyyWCMA"
age: 20103
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 04 Oct 2024 05:58:54 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220103-FRA, cache-mxp6956-MXP
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 47359
x-jsd-version: 0.4.0

GET
H2 200 a55a6e40-5f6e-497a-8853-2e1706302bfb.js Show response
withdrawal.rebate-ftx.com/account/ 2 MB
706 KB 314ms
313ms Script
text/javascript 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 979475e288bffd76a188f8b7a2e7b8f98f973f77c289f8aa58f5cf7fb210350d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Response headers

content-encoding: br
date: Fri, 04 Oct 2024 05:58:54 GMT
etag: W/"66fddbe0-204adc"
content-type: text/javascript
last-modified: Wed, 02 Oct 2024 23:48:48 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/ 59 KB
20 KB 68ms
67ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65384d58-4ca5"
age: 18171
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vy6EeAy2YJfdkcurtM5AsvRK8NBuiG7%2BjttBQynDAo47%2F8p89ilBdGzMZY7aA%2Bq3SwYKSiQpF2AQJdd0cSfH6RZRl3FbX8nhwsNi3SBLIkSoEN%2FM5CmSocUkYBtuer5Pnm6TLhcS"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 05:58:55 GMT
date: Fri, 04 Oct 2024 05:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 24 Oct 2023 23:03:52 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cd2f16259435249-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19621
server: cloudflare

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d02ed2193ae427ef93ca24295af13b07ae867d9a185acd55499a31871cb423c9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 97 KB
97 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://withdrawal.rebate-ftx.com
Referer

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 103 KB
103 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://withdrawal.rebate-ftx.com
Referer

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 103 KB
103 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://withdrawal.rebate-ftx.com
Referer

Response headers

Content-Type: font/woff2

POST
H2 200 config Show response
api-manage-manage-checker.ru/ 10 KB
8 KB 611ms
156ms Fetch
text/html 104.18.12.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-manage-manage-checker.ru/config
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.12.145 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1f979f4a6ccfa3e082b4840ec477acb30d2fd2a5152f2dbf33fdd7128310c3b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://withdrawal.rebate-ftx.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
cf-ray: 8cd2f1661cf84bf1-MXP
access-control-allow-origin: https://withdrawal.rebate-ftx.com
date: Fri, 04 Oct 2024 05:58:55 GMT
content-type: text/html; charset=utf-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-powered-by: Express
server: cloudflare

GET
H2 200 disable-devtool Show response
cdn.jsdelivr.net/npm/ 17 KB
6 KB 44ms
39ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/disable-devtool

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8a23f92a25922d13437d67f25ba2269b64080b5ec030f5cba982e0261abbfe04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"4372-cTTqYs22VcKkI7FmI2XJm6ZFwr0"
age: 13957
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 04 Oct 2024 05:58:55 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230052-FRA, cache-mxp6956-MXP
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6161
x-jsd-version: 0.3.8

GET
H2 200 ethers.umd.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ 719 KB
0 3ms
3ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ethers.umd.min.js

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "62ad87d5-1eb91"
age: 1947255
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12aUIqdfqpE%2BFoiRyXp5zWYp9hDa9sUlzd3ET4f4AoMnBof3uo33ndXo0kHwdhJOn%2FAA0UC7SIvd7HmCo2AV9hx79xVTpZ83JaSc1ewfpV8iTZmRpZwSroplXFBrKKldRKiaDklk"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 05:58:54 GMT
date: Fri, 04 Oct 2024 05:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 18 Jun 2022 08:07:49 GMT
vary: Accept-Encoding
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cd2f1604e5c5249-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 125841
server: cloudflare

GET
H2 200 merkletree.js Show response
cdn.jsdelivr.net/npm/merkletreejs@latest/ 215 KB
0 4ms
4ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/merkletreejs@latest/merkletree.js

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"35cec-voDmHbahh9asSkpxmh+JmyyWCMA"
age: 20103
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 04 Oct 2024 05:58:54 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220103-FRA, cache-mxp6956-MXP
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 47359
x-jsd-version: 0.4.0

GET
H2 200 wallet-connect-v4.js
withdrawal.rebate-ftx.com/account/scripts/ 595 KB
0 300ms
295ms Script
text/javascript 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/scripts/wallet-connect-v4.js
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PleskLin
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Response headers

content-encoding: br
date: Fri, 04 Oct 2024 05:58:55 GMT
etag: W/"66fdd989-227357"
content-type: text/javascript
last-modified: Wed, 02 Oct 2024 23:38:49 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 bip39.js Show response
withdrawal.rebate-ftx.com/account/scripts/ 254 KB
81 KB 211ms
207ms Script
text/javascript 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/scripts/bip39.js
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: ea794648e6cfcdfe31005c8a4280eb430c28ed0052a9e1c529880a4cd81793c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Response headers

content-encoding: br
date: Fri, 04 Oct 2024 05:58:55 GMT
etag: W/"66fdd983-3f708"
content-type: text/javascript
last-modified: Wed, 02 Oct 2024 23:38:43 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 autocomplete.min.js Show response
cdn.jsdelivr.net/npm/autocompleter@9.2.1/ 6 KB
2 KB 45ms
41ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/autocompleter@9.2.1/autocomplete.min.js

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ad210c53d6d3b61146779594a306e0d0f48272ebf884284700613baa05919c74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"1778-T/efyFDYUSEmqnfjRzQWaoXGxew"
age: 2428372
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 04 Oct 2024 05:58:55 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230045-FRA, cache-mxp6956-MXP
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2332
x-jsd-version: 9.2.1

GET
H2 200 modal-12-seed.css
withdrawal.rebate-ftx.com/account/styles/ 29 KB
5 KB 183ms
179ms Stylesheet
text/css 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/styles/modal-12-seed.css
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 3457317dd30b5da56a84c62342b66e60acaaa1641b210916f6c23216b558b4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Response headers

content-encoding: br
date: Fri, 04 Oct 2024 05:58:55 GMT
etag: W/"66fdd98a-72c5"
content-type: text/css
last-modified: Wed, 02 Oct 2024 23:38:50 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 sweetalert2@11 Show response
cdn.jsdelivr.net/npm/ 69 KB
18 KB 48ms
44ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@11

Requested by

Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

84c733b55ba8c2a952391013ce80772d11acab1840b420dfa6c775c9593b3a4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"1143e-UGRUcHasR0sHJmoE102vCEg7eS0"
age: 18945
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 04 Oct 2024 05:58:55 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230029-FRA, cache-mxp6956-MXP
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18281
x-jsd-version: 11.14.1

GET popup-6.css
withdrawal.rebate-ftx.com/account/styles/ 0
0

GET
H2 200 wallet-connect-v4.js Show response
withdrawal.rebate-ftx.com/account/scripts/ 2 MB
498 KB 212ms
211ms Script
text/javascript 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/scripts/wallet-connect-v4.js
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 268fc6f1f944b25ac9e9eccf2a766573e4b55703885b6b71954349a42ee2e6d9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Response headers

content-encoding: br
date: Fri, 04 Oct 2024 05:58:56 GMT
etag: W/"66fdd989-227357"
content-type: text/javascript
last-modified: Wed, 02 Oct 2024 23:38:49 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 popup-6.css
withdrawal.rebate-ftx.com/account/styles/ 51 KB
9 KB 262ms
261ms Stylesheet
text/css 45.12.229.112
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://withdrawal.rebate-ftx.com/account/styles/popup-6.css
Requested by: Host: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/a55a6e40-5f6e-497a-8853-2e1706302bfb.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.12.229.112 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: f4f2ea8a9fae0fe006897e4d5907c3677086ab3d476e308e2a6a43f43ca8ffaf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://withdrawal.rebate-ftx.com/account/?WithdrawalForm=x172e391/BTC/ETH/XRP/USDT/USDC/stETH/

Response headers

content-encoding: br
date: Fri, 04 Oct 2024 05:58:56 GMT
etag: W/"66fdd98e-cbe2"
content-type: text/css
last-modified: Wed, 02 Oct 2024 23:38:54 GMT
server: nginx
x-powered-by: PleskLin

OPTIONS getWallets
api.web3modal.com/ 0
0

OPTIONS 692ed6ba-e569-459a-556a-776476829e00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS ab9c186a-c52f-464b-2906-ca59d760a400
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS 93564157-2e8e-4ce7-81df-b264dbee9b00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS 02b53f6a-e3d4-479e-1cb4-21178987d100
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS
H2 204 41d04d42-da3b-4453-8506-668cc0727900
api.web3modal.com/public/getAssetImage/ 0
0 477ms
42ms Preflight 104.18.28.72

General

Check archive.org

Show headers Download Go to

Full URL: https://api.web3modal.com/public/getAssetImage/41d04d42-da3b-4453-8506-668cc0727900
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.72 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-project-id,x-sdk-type,x-sdk-version
Access-Control-Request-Method: GET
Origin: https://withdrawal.rebate-ftx.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-project-id,x-sdk-version,x-sdk-type
access-control-allow-methods: OPTIONS,GET,POST,PUT,PATCH,DELETE
access-control-allow-origin: https://withdrawal.rebate-ftx.com
access-control-max-age: 86400
cf-ray: 8cd2f16f2a3a375d-MXP
date: Fri, 04 Oct 2024 05:58:57 GMT
server: cloudflare
vary: Origin, Access-Control-Request-Headers, Accept-Encoding

OPTIONS 06b26297-fe0c-4733-5d6b-ffa5498aac00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS b310f07f-4ef7-49f3-7073-2a0a39685800
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS 161038da-44ae-4ec7-1208-0ea569454b00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS f1d73bb6-5450-4e18-38f7-fb6484264a00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS 7289c336-3981-4081-c5f4-efc26ac64a00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS
H2 204 3bff954d-5cb0-47a0-9a23-d20192e74600
api.web3modal.com/public/getAssetImage/ 0
0 475ms
42ms Preflight 104.18.28.72

General

Check archive.org

Show headers Download Go to

Full URL: https://api.web3modal.com/public/getAssetImage/3bff954d-5cb0-47a0-9a23-d20192e74600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.72 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-project-id,x-sdk-type,x-sdk-version
Access-Control-Request-Method: GET
Origin: https://withdrawal.rebate-ftx.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-project-id,x-sdk-version,x-sdk-type
access-control-allow-methods: OPTIONS,GET,POST,PUT,PATCH,DELETE
access-control-allow-origin: https://withdrawal.rebate-ftx.com
access-control-max-age: 86400
cf-ray: 8cd2f16f2a3d375d-MXP
date: Fri, 04 Oct 2024 05:58:57 GMT
server: cloudflare
vary: Origin, Access-Control-Request-Headers, Accept-Encoding

OPTIONS ab781bbc-ccc6-418d-d32d-789b15da1f00
api.web3modal.com/public/getAssetImage/ 0
0

GET css2
fonts.googleapis.com/ 0
0

GET getWallets
api.web3modal.com/ 0
0

GET 692ed6ba-e569-459a-556a-776476829e00
api.web3modal.com/public/getAssetImage/ 0
0

GET ab9c186a-c52f-464b-2906-ca59d760a400
api.web3modal.com/public/getAssetImage/ 0
0

GET 93564157-2e8e-4ce7-81df-b264dbee9b00
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS 30c46e53-e989-45fb-4549-be3bd4eb3b00
api.web3modal.com/public/getAssetImage/ 0
0

GET 02b53f6a-e3d4-479e-1cb4-21178987d100
api.web3modal.com/public/getAssetImage/ 0
0

GET 41d04d42-da3b-4453-8506-668cc0727900
api.web3modal.com/public/getAssetImage/ 0
0

GET 06b26297-fe0c-4733-5d6b-ffa5498aac00
api.web3modal.com/public/getAssetImage/ 0
0

GET b310f07f-4ef7-49f3-7073-2a0a39685800
api.web3modal.com/public/getAssetImage/ 0
0

GET 161038da-44ae-4ec7-1208-0ea569454b00
api.web3modal.com/public/getAssetImage/ 0
0

GET f1d73bb6-5450-4e18-38f7-fb6484264a00
api.web3modal.com/public/getAssetImage/ 0
0

GET 7289c336-3981-4081-c5f4-efc26ac64a00
api.web3modal.com/public/getAssetImage/ 0
0

GET 3bff954d-5cb0-47a0-9a23-d20192e74600
api.web3modal.com/public/getAssetImage/ 0
0

GET ab781bbc-ccc6-418d-d32d-789b15da1f00
api.web3modal.com/public/getAssetImage/ 0
0

GET 30c46e53-e989-45fb-4549-be3bd4eb3b00
api.web3modal.com/public/getAssetImage/ 0
0

GET 3ff73439-a619-4894-9262-4470c773a100
api.web3modal.com/public/getAssetImage/ 0
0

GET ef1a1fcf-7fe8-4d69-bd6d-fda1345b4400
api.web3modal.com/public/getAssetImage/ 0
0

GET 0c2840c3-5b04-4c44-9661-fbd4b49e1800
api.web3modal.com/public/getAssetImage/ 0
0

GET getAnalyticsConfig
api.web3modal.com/ 0
0

OPTIONS 3ff73439-a619-4894-9262-4470c773a100
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS ef1a1fcf-7fe8-4d69-bd6d-fda1345b4400
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS 0c2840c3-5b04-4c44-9661-fbd4b49e1800
api.web3modal.com/public/getAssetImage/ 0
0

OPTIONS getAnalyticsConfig
api.web3modal.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: withdrawal.rebate-ftx.com
URL: https://withdrawal.rebate-ftx.com/account/styles/popup-6.css

Domain: api.web3modal.com
URL: https://api.web3modal.com/getWallets?page=1&entries=3&include=c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96%2C4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0%2Ce9ff15be73584489ca4a66f64d32c4537711797e30b6660dbcb71ea72a42b1f4

Domain: api.web3modal.com
URL: https://api.web3modal.com/getWallets?page=1&entries=4&exclude=c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96%2C4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0%2Ce9ff15be73584489ca4a66f64d32c4537711797e30b6660dbcb71ea72a42b1f4

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/692ed6ba-e569-459a-556a-776476829e00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/ab9c186a-c52f-464b-2906-ca59d760a400

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/93564157-2e8e-4ce7-81df-b264dbee9b00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/02b53f6a-e3d4-479e-1cb4-21178987d100

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/06b26297-fe0c-4733-5d6b-ffa5498aac00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/b310f07f-4ef7-49f3-7073-2a0a39685800

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/161038da-44ae-4ec7-1208-0ea569454b00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/f1d73bb6-5450-4e18-38f7-fb6484264a00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/7289c336-3981-4081-c5f4-efc26ac64a00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/ab781bbc-ccc6-418d-d32d-789b15da1f00

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap

Domain: api.web3modal.com
URL: https://api.web3modal.com/getWallets?page=1&entries=3&include=c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96%2C4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0%2Ce9ff15be73584489ca4a66f64d32c4537711797e30b6660dbcb71ea72a42b1f4

Domain: api.web3modal.com
URL: https://api.web3modal.com/getWallets?page=1&entries=4&exclude=c57ca95b47569778a828d19178114f4db188b89b763c899ba0be274e97267d96%2C4622a2b2d6af1c9844944291e5e7351a6aa24cd7b23099efac1b2fd875da31a0%2Ce9ff15be73584489ca4a66f64d32c4537711797e30b6660dbcb71ea72a42b1f4

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/692ed6ba-e569-459a-556a-776476829e00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/ab9c186a-c52f-464b-2906-ca59d760a400

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/93564157-2e8e-4ce7-81df-b264dbee9b00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/30c46e53-e989-45fb-4549-be3bd4eb3b00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/02b53f6a-e3d4-479e-1cb4-21178987d100

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/41d04d42-da3b-4453-8506-668cc0727900

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/06b26297-fe0c-4733-5d6b-ffa5498aac00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/b310f07f-4ef7-49f3-7073-2a0a39685800

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/161038da-44ae-4ec7-1208-0ea569454b00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/f1d73bb6-5450-4e18-38f7-fb6484264a00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/7289c336-3981-4081-c5f4-efc26ac64a00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/3bff954d-5cb0-47a0-9a23-d20192e74600

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/ab781bbc-ccc6-418d-d32d-789b15da1f00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/30c46e53-e989-45fb-4549-be3bd4eb3b00

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/3ff73439-a619-4894-9262-4470c773a100

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/ef1a1fcf-7fe8-4d69-bd6d-fda1345b4400

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/0c2840c3-5b04-4c44-9661-fbd4b49e1800

Domain: api.web3modal.com
URL: https://api.web3modal.com/getAnalyticsConfig

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/3ff73439-a619-4894-9262-4470c773a100

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/ef1a1fcf-7fe8-4d69-bd6d-fda1345b4400

Domain: api.web3modal.com
URL: https://api.web3modal.com/public/getAssetImage/0c2840c3-5b04-4c44-9661-fbd4b49e1800

Domain: api.web3modal.com
URL: https://api.web3modal.com/getAnalyticsConfig

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			withdrawal.rebate-ftx.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: kmo5ejecqp5teg4d5bmtbsednt
			withdrawal.rebate-ftx.com/	1970-01-21 00:01:47	Name: xvjWfZs Value: AlUnVkBcLl9jOyoVW00vF0VQL0VYcGpBT0dkGRBRLlhXOiRSQ0ZmBQJEZxNeNyQHFgU/Z2ZtaQsDY2ZcWwcxR19QOEJZPT4DW00vF1VcJF1fMTEEEBg6FwgbBV5EchMYHBQ/UFYbZxNTMz0VCxZ2DxB3JEUQETgVGhwxURBEZxNZIQcVGzMmXERcOWFCNyMVFwN2DxB3JBMccDkDKR81W0ZWJnRkARxSQ1UaWhAVaVhDAjgRFwM7WH1PLkNWPj8HW012e10bZxNDNz4ULR45UBADegYCamBCSEJnAU8=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-manage-manage-checker.ru
api.web3modal.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
cloudflare-eth.com
fonts.googleapis.com
ipfs.io
ipfs.tech
withdrawal.rebate-ftx.com
api.web3modal.com
fonts.googleapis.com
withdrawal.rebate-ftx.com
104.17.24.14
104.18.11.112
104.18.12.145
104.18.28.72
151.101.193.229
169.150.247.36
209.94.90.1
45.12.229.112
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
1f979f4a6ccfa3e082b4840ec477acb30d2fd2a5152f2dbf33fdd7128310c3b7
268fc6f1f944b25ac9e9eccf2a766573e4b55703885b6b71954349a42ee2e6d9
3457317dd30b5da56a84c62342b66e60acaaa1641b210916f6c23216b558b4cd
460a7dd2c92807ec0b2a350609b24766725c2f53352254c676c0684be747ba44
51a9d01a957faa1e3776f1dc2887eadd99527d86ca9d573ca16a59a8357c8ced
769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc
84c733b55ba8c2a952391013ce80772d11acab1840b420dfa6c775c9593b3a4c
8a23f92a25922d13437d67f25ba2269b64080b5ec030f5cba982e0261abbfe04
94a9fefbbe42310c03ff1e52c1f753c21038805f632867ea78930a52c445a456
95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618
979475e288bffd76a188f8b7a2e7b8f98f973f77c289f8aa58f5cf7fb210350d
ad210c53d6d3b61146779594a306e0d0f48272ebf884284700613baa05919c74
c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460
c5c6ce270425f052c0b2b2b64b9dfbcfba8616c515676677b8e433d948c4e11c
d02ed2193ae427ef93ca24295af13b07ae867d9a185acd55499a31871cb423c9
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
ea794648e6cfcdfe31005c8a4280eb430c28ed0052a9e1c529880a4cd81793c5
f4f2ea8a9fae0fe006897e4d5907c3677086ab3d476e308e2a6a43f43ca8ffaf

withdrawal.rebate-ftx.com Open in urlscan Pro 45.12.229.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

36 %HTTPS

0 %IPv6

9 Domains

9 Subdomains

9 IPs

4 Countries

2507 kBTransfer

9050 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

withdrawal.rebate-ftx.com Open in urlscan Pro
45.12.229.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

36 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

9
IPs

4
Countries

2507 kB
Transfer

9050 kB
Size

2
Cookies

61 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!