{"report_id":"1d98e69e-0401-4b3c-a9d0-77e5980d410c","version":6,"status":"done","tags":[],"date":"2026-03-27T13:44:11Z","url":{"schema":"http","addr":"phmexotc.krako.cc","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":0,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/#/","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"title":"Aurex","dom":{"size":253703,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (40760), with CRLF, LF line terminators","md5":"8542817757e3d805101ed3bef4029ff9","sha1":"a81da908fcc950a3f8b8f8bd85146ec936ed0641","sha256":"de1d557fba9488fa7928f97c60244f0ed269034619d34282cbbc084c72b05262","sha512":"a2b5901888e22d1cdaf3044285de297df0bedfc56cd4a699bd1fafe62b8b23ccfbb69cd880e196426a44890fe45ac0e235cda99820a12f35889d4b94dcd196d1","ssdeep":"3072:6sp0NVr7fnaM/51fuPlIHGvXNWPf1f4yH9sUnbauJ9BxEuMa8Qc1tblK1mklU5Qg:yrr7fnF4w8TwCc5MPwPuL2q","tlshash":"5e44f922f689286ea93bc885e0997b7db91f6e71c3064ed6f72133258fc26d3215131d","dom_hash":"domhashdb9883fbc115c3f544c5e966dbcdbc98","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"phmexotc.krako.cc","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":0,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-01T13:44:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"phmexotc.krako.cc","ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"domain_registered":"2025-08-08","domain_rank":0,"first_seen":"2026-03-27T13:11:47.418532Z","last_seen":"2026-03-27T13:11:47.418532Z","alert_count":117,"request_count":39,"received_data":3113536,"sent_data":32890,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"124.220.205.65","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-03-25T20:42:33.284631Z","alert_count":0,"request_count":1,"received_data":578,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/index.27afeffc.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c5ae151bde3ff0e95752780184e22ab","sha1":"0433a71ad6852328590e2591accac8ab2c601523","sha256":"f14faadd5ea0ecdf64f0b6c248437568101100acaf1a9e3fbc49f3be0a6cd47a","sha512":"59c9100a2eb6619b6b2413e05126e9932fcc84e4639f076bfddb51264ace1efc145f7a5873ce5a8bfcde3bd78b8412a4a4f08468c1b38b0de40f34a3a10f3b19","ssdeep":"12288:b9PGmoqbzRDJDPatvI22uG+H3j25NEwOP5mwBb/OWMKGn58aoCwyJJQCOsMCmOUM:b8QRDJDPatvI2nFcEwOXBb/OWNGnw2EC","tlshash":"c8f49e5775c904bd56829202f04bbb4c21fe1ce8aa4af4d692dc4a3463f6d46e03bf79","size":781589,"data":"","first_seen":"2026-03-27T13:11:51.175031Z","last_seen":"2026-03-27T19:13:03.159742Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/chunk-vendors.60ff50c5.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"26c23048a54d3ed3b67e60f88a4bd649","sha1":"18bdb51f12e111301db139ac32e312c09220c0b7","sha256":"b9645c345e2081c45a523bcff0c6fba2098cb3339332d5537824a95601878a1a","sha512":"97de2b27c4a8d38479290280b2c3e95cde0b8ecf324ddc290af71eadfb2710389004c8df233c3c849a3c4763916a9bc807feb3f9d65c56edb62886adb43fc9db","ssdeep":"24576:2oHsZh165jGNNT9W6TsqYCrwRB2SJ4Y/qz:2oHsZh80NT9W6TsqYCrwRBv4Y/qz","tlshash":"9b453a8d3286f0a647e321f5003f220bb23a2e68680e9454f6a5e5d1ad79d9d5337f7c","size":1240807,"data":"","first_seen":"2026-03-27T13:11:51.177133Z","last_seen":"2026-03-27T19:13:03.191763Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-index-index~pages-publication-details~pages-verification-kyc.977e242e.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c49d3ab8312a0c96b6025373070ab297","sha1":"3206ac11dacdc825df9baedfb20fd1a020a6ea30","sha256":"bbe8ec5df1c7a253f4e7646098bf9210f551b1c395006678f90d1102ba75a825","sha512":"29e247fe8675f551d036c63a752c17fa7d9729f0873130838ab5dad682bddedf162e6b59d8948807de58b84ab204e35142ac14987f415626a84acf3cd4fd466d","ssdeep":"384:tjr3YYR5LGbUcGTnVtTxZl9qZaAEZUSAZ:tjr3LR5LGbCj98abZZa","tlshash":"6d72f888f4c6f056068361b6806fa305013eaad975275b9c77baf6e14e5998c3363b3c","size":16065,"data":"","first_seen":"2026-03-27T13:11:51.148613Z","last_seen":"2026-03-27T19:13:03.176619Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-assets-deposit-charge~pages-assets-deposit-udun-charge~pages-assets-flash-index~pages-assets-i~b1c56da3.f5cb0a46.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"a69ed18f55296f2c8e9b7e491aed000c","sha1":"104f6853e000f86611439730b2b6a9c9a2cfdd0a","sha256":"6d4d5437f7e0d3f1091fc1f5d3cc34a0e72bb2f2f526d469f863e5568551e029","sha512":"b51e2123bf1dfad4fa3c35236f0a9ba353047b5ca41b084f65a50a6c535ccfdef6e4a97d783031008d4d7a84ddd6a1f332d47992e00f96b33c0a622d60fa8eea","ssdeep":"1536:1usYId0FHoMqu7NdEAaM2Ol51hwJX2RcJZHYpN7xCIx/+eJF4cL3nnisGQaOmvfk:1usp0NVr7fnaMj51hwJX2RcJZHYpN7xv","tlshash":"7543fae6e10c1cd17f7bcc8f6240235f6549ff62d9968dd8f126264c8de27a021a973a","size":55424,"data":"","first_seen":"2026-03-27T13:11:51.15779Z","last_seen":"2026-03-27T19:13:03.165862Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-assets-index~pages-index-index~pages-trade-index.3a48efec.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"afe0820f43243ad25c3b678a3481c68a","sha1":"851663212713cddaf87eb26c22337fe7c3c0e51d","sha256":"bc552870351b8c6ec978d4b0f1fbf305cd2e4896c5f8090d736e924173720b6c","sha512":"e3d617c9fd4b415f8a8d6be9cdc9cef19a5925e138e69f0a0f3ca7d1c01c6e518465dc38c8e05618da386ddf335569730acef63939deae94d8c4f3d624c1bab5","ssdeep":"384:EhrGq03mGHTql29soFykl19j9y1fRda9IFquJOW:EhrGq0WGR0i9KqKOW","tlshash":"8462e768b0caf0371a4be125209f3e04512b7d95c818ffb4f3b5f0e44ba918d225bb5a","size":15110,"data":"","first_seen":"2026-03-27T13:11:51.170215Z","last_seen":"2026-03-27T19:13:03.192181Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-index-index.05ad4463.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b74290dfd9de61f67087922d2b40223","sha1":"09bd3be34154bc652c293bac1ffbf660c3a103ba","sha256":"9aace768821bd16cc701bfa831de4c87230a9dc6576876fa18dd8771ee7545f6","sha512":"a5b197afeced7d41161b7d2605663663422a4425db7db7f0665abb7e7668ffe589f61a890a9a81d11d621a8d598ebe2d038ea456a3f2c30815d5982304dea41d","ssdeep":"1536:27KUmJGaxKbh1MbRT+R7MqsxNecFKZOsBlUtv/f45f8cmCyT6BmL:4T0qsxNeS6O8qfGj86u","tlshash":"9a934d18f14bf06fa85bd028206f3d1620362e65d406afedf376e5948d9eb9e1163b1c","size":97181,"data":"","first_seen":"2026-03-27T13:11:51.122714Z","last_seen":"2026-03-27T19:13:03.174713Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"93368157fb131b56a45d6f60f8b40342","sha1":"ea2a25edb7b00c3e0a06650f02fded5bd87dfa20","sha256":"c48d4859bc082aa591168f7d7230bef438ecc2b3074e707c83864e11ec1a891f","sha512":"366c90d022f7fd6718d76460de51a154cf6cf8bf8e3aefa2e0e736cbba24ec53506485331abd3c3c2a7e6ae00c9a3b957a9aa675ecdd389afca7863ad8365908","ssdeep":"","tlshash":"c8e068c260a6294c02208016304ac1031bb608729ec149613c4c67a58fb9f4bc46e859","size":352,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-04-21T22:26:14.393286Z","times_seen":3546,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"a7e6744472214345935f24981736b998","sha1":"b048bb247a24c90fbc9b34c7a79606373d3aa2b2","sha256":"aaed0c2cb7776b4d5cdd92b43ab28b031bc033590e4635efe5956e6c5698b929","sha512":"96c6b5667b4296f86983cda32f4eb5b616e80569db94c2afebde014df557cec491c8f8531cdc1ccfed41ecfa631870cc2e12cafeba1161c999e015248807181d","ssdeep":"","tlshash":"1e31ef1083b5f779c3d930edba57cc29423a0c19b6e5a7c89907dc10a944837f2156eb","size":1729,"data":"","first_seen":"2026-03-14T00:42:39.039312Z","last_seen":"2026-04-19T18:12:49.56485Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3d5272693eb411e5b8b13a243f76c720","sha1":"6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c","sha256":"9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8","sha512":"03fc5614f48fc9a2e3c4a30626fdbacde74c1fda09ffa9d1cde0393d31cd5fe1588e270c241f4cedb473c6e5cc224ff16c141468a29519ea6159accf3e3a18f1","ssdeep":"","tlshash":"a4c08c8350e2080c8210861b848880050b8808b04f9308a22cd85b7ecc9ae88c8f804c","size":148,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-04-22T01:43:05.180948Z","times_seen":14707,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/chunk-vendors.60ff50c5.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:51.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/js/chunk-vendors.60ff50c5.js HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-12ef55\"\r\nexpires: Sat, 28 Mar 2026 01:43:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1240917,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10511)","md5":"12d851984172f44a3083739a4f63ac39","sha1":"89b3436885d759455f57b784fcb7994842aefe6b","sha256":"ed4f6d5409c30447a741f702055b861934f331a2631e642dcb67df03dee0bad5","sha512":"3674328b74a0d0d5f1bca3849f71965c06bb7dc579478efa1ae44b17fcbb6ef142cd629969cddbf81c64140716eb151f997285fb0c8d2f94ff3d27744e886387","ssdeep":"12288:EpVp0lZh1Gz5jAlCfFRV9I36RRsqYC2zs5rr3iRB28:2p0lZh165jGCNT9W6TsqYCrwRB28","tlshash":"d0353ac93286f0a647d321f5003f220bb23a6a68680e9418f6a5e4d5bd79d9d5337f7c","first_seen":"2026-03-27T13:44:15.190334Z","last_seen":"2026-03-27T19:13:03.176037Z","times_seen":3,"resource_available":false,"data":null}},"time_used":634,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":634,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/icon_gesture_avera_dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/icon_gesture_avera_dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-315e\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12638,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 168 x 168, 8-bit/color RGBA, non-interlaced","md5":"f5b2864919dd2ff0b2ddef076a5e47d0","sha1":"01683748192e622c2345e9bff81aab3485567fa3","sha256":"c6fac2bdcac5ed71bc1582e59814b4522b09763139300ff3326104850f7593aa","sha512":"da88985a9a6a61ffe4d70aa67a79fe2562be2b3bd5082cfa68c736ed6e1c1d179642068656db75a718908019e42d0347932031a478afd52bf267fd55be90197d","ssdeep":"384:856+z0KN7HyHYFvUgmTXMH/hOUmjk76xI6f:856Q2RSH/Cjk2S6f","tlshash":"9242d064e3258495cf5d66f4057bd143e5f2cd05b48ab0a1802bd0ee5b303bb9a09de5","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-13T11:40:12.369829Z","times_seen":107,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/lm_5.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/lm_5.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-615\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1557,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 29, 8-bit/color RGBA, non-interlaced","md5":"7045dfb26a5920ae530b250d26167e2e","sha1":"924eaa15ece9d75817c3008a9deb198871a85f38","sha256":"96e893a98d7c621f83902a037ebba8d22e3e8e920af91aae576dbfe60d2b9223","sha512":"b6e7fbe774e3e5ff27a5eb20f88b4e5d8e39df8886ae40f3567626621245b5109be59a886ddb25dd33ca938ddc5f09c904cda921d90a9a6c4584dbce5e14301b","ssdeep":"","tlshash":"df31d787fa40aaa11109ef4125f28522dd778c94f9d0be20d4d768570970afb8c1b7e7","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.350464Z","times_seen":109,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":449,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/index.ed4a2d2b.css","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:51.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/index.ed4a2d2b.css HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-1794e\"\r\nexpires: Sat, 28 Mar 2026 01:43:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96590,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d2c05a28c7f2113821d909b7b5b918a3","sha1":"ccac94311f6ac6f580b64f47f7705318f1d226a3","sha256":"695bdbeea38a126c139158967cdd4f3a435e9936b9dff5b002e5f20a10fc7907","sha512":"3b96fbd1a89be8ae0b7479705cd4a2958ffe7f2f3f57ec23f407ad51ed8b447b9960728d77502e8fd8b2b19bf0971682030117559df250ea11c9bc1802364c3c","ssdeep":"1536:qlIApuK7hmVmb2RS1Wu3xdynGJ7eh/nrhlvbc:hApuK7hmVrS1Wu3iG41nrPI","tlshash":"4493f73719012e39e52bcd26b6c1ab5a1e61c033e15307adfba47628cbcf9c9167b345","first_seen":"2025-10-16T12:28:28.877032Z","last_seen":"2026-04-21T18:11:39.347309Z","times_seen":1012,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":615,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-assets-index~pages-index-index~pages-trade-index.3a48efec.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/js/pages-assets-index~pages-index-index~pages-trade-index.3a48efec.js HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-3b06\"\r\nexpires: Sat, 28 Mar 2026 01:43:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15110,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15077), with no line terminators","md5":"06a47ef8bc81ff8cbd79cde4abd42ef7","sha1":"af463ab3956f137e5aebc28c2b91e866471215e1","sha256":"3d23a65b3bc6ba8333a420fe207234dd9cdc2726e3ed1dd31ca9471c9d809c09","sha512":"2709a2ab59eac0c320bac113495c3d707acddc51b6aa0556edcdfe763960cacf8f0ce5fe81d8894b7f993646efc4c81a825308a3d8b322cf0d7342bf25077b88","ssdeep":"384:EhrGq03mGHTql29soFykl19j9y1fRCaVI4quJOW:EhrGq0WGR0i9QqKOW","tlshash":"8562d768b0caf0375a8be125209f3e04512b7d95c418fef4f7b5f0e44ba918d225bb5a","first_seen":"2026-03-27T13:11:51.130949Z","last_seen":"2026-03-27T19:13:03.184728Z","times_seen":7,"resource_available":false,"data":null}},"time_used":332,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":332,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/fonts/DIN-Regular-2.otf","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/fonts/DIN-Regular-2.otf HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 20676\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\netag: \"698ca8aa-50c4\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20676,"size_decoded":0,"mime_type":"application/octet-stream","magic":"OpenType font data","md5":"cefc4e9f0d6e7416521f230e0bd690cb","sha1":"503f919cbd521f8a417d82eb90c680874c2ed666","sha256":"a8ac9cfacec43dd23fe2dd61e2ca64f62e9635c47b43915a6f534e5993bc5cc2","sha512":"36e0a692e16f6940714dbe5d18dbbad48bed2215e6eef718e36f2e56f868799830bfcb4b175489561ce14821257864a842d3fabde69b95d5ca8d684410926e21","ssdeep":"384:siBLb1kb+bmaXoAdekq0dtjtI66/WbQVWmT7RfiSKHW:siBv6a3skq0tjtXUVxTcSd","tlshash":"0f928e5b9c941b08c5afb33302226244d6b0a8b893faf4d7dd4422fb34ad9575d7ca93","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.348922Z","times_seen":138,"resource_available":false,"data":null}},"time_used":455,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":452,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/lm_3.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/lm_3.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-631\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1585,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 29 x 26, 8-bit/color RGBA, non-interlaced","md5":"7e5274c84ee7d974cdba7500c76a1b2e","sha1":"4d0760d8ec261e132cec3dc399724d24e7d28a38","sha256":"79303baa446dcbd527ac1ff610fabd8f92c50daf5ff54bbe847ec90582cc5e44","sha512":"d0b462d43ad57f0e1ff22a4a50f12d2fea626cc840b38b18ab0b9c3700087e140b8c1515954f22ad9f50f0a3fa5ce3b8c8937c978ce60d396c65458a3db36581","ssdeep":"","tlshash":"1e31e7d8f623c481cacdb9e118fa8117b50b8c91669aa45d29cbc0291821af708748ef","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.342172Z","times_seen":119,"resource_available":false,"data":null}},"time_used":452,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":452,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/currency/quotation_new","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:44:01.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/currency/quotation_new HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IkdTb0RsUGRCZDVtcUp3Vk5FWXJFU2c9PSIsInZhbHVlIjoiMDliTUxJMXFhNFJxTEh0XC9zM0V3XC9vNElKeHc5ODVzV2Z3RnZ1T1NmRFZJMXhSbllwdk1vQVFzV1RxZTg5MlY0OGxsMFNxdHlZSEZwRFMzaVVLZGttZHVYTkVxelM4VnRtekxaZDM3V1A5TkhKeU9NbFJneThNbzdQTG8zXC8wRHMiLCJtYWMiOiIwOTgyOGY5MzhkZDBiNGY3YWE3ODNhMzEzYTQ1ZDNmZjY5OTkzY2I2MDI1Y2JjZTBjMmU5ZDgxNDkzY2VkM2NkIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:44:02 GMT\r\nset-cookie: phemex_session=eyJpdiI6ImxcL1BCdmRyV0Q5RFwvOEQ3U3ZibHhVUT09IiwidmFsdWUiOiIrdmxcL1RaQ2h3cXJSckU4T3d3ODdlRFZwXC8zUGg3eHJpMmNnV29PcThpdStjdkRSSUJrSVdGd3h5SUszM3Y2M0NXbjUrRlpHNnV6TUtaNURLZXk3ZUlaT0JVTFwvVHdFdlE3aENJY1RzS1labG9oajExXC9RNHg3RTliWE5yTWt5QjMiLCJtYWMiOiI2NjVkMzllZjgyM2YzYzMyN2EzOGIyYzBlZjQxYzY4Y2ZlNWVjOWY4YzUxZjE3MjdjOTM4N2NlMzJiNzdjNmJkIn0%3D; expires=Fri, 27-Mar-2026 15:44:02 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13228,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"29c67791aeb0a50af928cbe6a2bd4314","sha1":"b4512f383ec6aaeeeba4c0df7a4ec2db9d983207","sha256":"c2b40b7f5b0481abfbeae37178022e1d7cbf7d3464631a41e50ee614380664b6","sha512":"22381d1175b1d3df48acf38d34e2578a4e120592dacc20f6a2345ab837dde8c0265c076c30132dc38dddd462fb128732acef33245481a89fdf54bde089a13e50","ssdeep":"192:1taPdADAbWn5kSyAEdEUHA+E2LAmEJ2AmEsd79AmEAnAmE+lAmEG4AmEWjAmeVgb:rgAASGHsyjXjMxoL8WZHqwNWfKNLCv","tlshash":"3f52ad8d361c9a78c6f26ec2deeb36a93555b00bedc24f41c3ed5f88028563be50b512","first_seen":"2026-03-27T13:44:15.199741Z","last_seen":"2026-03-27T13:44:15.199741Z","times_seen":1,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":586,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/tabbar/tabbar-finance-dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/tabbar/tabbar-finance-dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-4e1\"\r\nexpires: Sun, 26 Apr 2026 13:43:53 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced","md5":"74998f930e5eb1775b098dcd943dc82b","sha1":"54f838dd64459d458926d0bb2bfdf780bfc03106","sha256":"72dff01c24b60f5209ba72970165eb47d2ab9787c762610536d3bab0a4e41392","sha512":"d90cace9a466fcbfadffd92c9ff77fedc758cf92105a0f2a3c6eba0ceec3df30b4c4dfc78d61e39c844b61aee8b3501d4968dd93d9aa492f5441bb6e7d1a5445","ssdeep":"","tlshash":"6a218489fe486d41caa5f58260f95033d93b4881969894aee8cfd43e99721fc805e9cf","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-13T11:40:12.347856Z","times_seen":71,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/currency/quotation_new","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/currency/quotation_new HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\nset-cookie: phemex_session=eyJpdiI6ImpVNGlyTkNXYkx2Z1dSTWFtZXAwUXc9PSIsInZhbHVlIjoiOEdsb2hXZGg0OHdFZFhONUxVNk9TSkhYZnZRXC9JcURoSTVcLzdaRURUYUpaTW02b1Nsa2NucllPaEZrTWlNS0o2cXVKcEc1TlN2dXpMTnFwUnpsZzczXC9uZ3FxSmQ4RWJ3ZE44eEFGdW5qSUZDblwvdHJSOGhxNWVZRzVOeGVhRnVsIiwibWFjIjoiNjY4OGQ0ZWMxN2VkNDRkMzYxM2U4MDNhNzAwOTFmMjgwZDdjZGZmOGEyN2FjMjNkZDcyYWY5MDc2NzIxOWIxMCJ9; expires=Fri, 27-Mar-2026 15:43:54 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13231,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"cad3cba44796620e212e5e30bd08bdcf","sha1":"160ee4a21df4131ac2a652040f05a26758671ec9","sha256":"0dac44a9dbc4cd1d501494a4537480e748e5059d8b2c3a857141ae2202c4a477","sha512":"0fdefeda5ab046d814e0254ecf9ec23a9b6cb6c92e193b9fb54c0b589f524bafaf706f2069684441045c99efac628a3b3c370a3ec096fc6fff9a14297d88963d","ssdeep":"192:1taPdADAbWnCSyAEdEkHA+EQLAmE32AmEsF79AmE9nAmEYlAmE24AmEqjAmeVgd/:rgA8SmrOq2pvIx6L8WZHqwhWfKNLCv","tlshash":"5f529e8d361c9d78c6f26ec2deeb36a93555b00badc24f41c3ed5f88028563be50b552","first_seen":"2026-03-27T13:44:15.203048Z","last_seen":"2026-03-27T13:44:15.203048Z","times_seen":1,"resource_available":false,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/news/list","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"POST /api/news/list HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nContent-Length: 14\r\nOrigin: https://phmexotc.krako.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":14,"data":"c_id=5\u0026lang=en"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\nset-cookie: phemex_session=eyJpdiI6IkduNUxKQnVLTUdGQjVXeDRVWVNUUGc9PSIsInZhbHVlIjoiRVYyRDNWRzkzcm0ybE5ubTNrRUs2Wmp4MnQwUVwvWmp0M1phVEZZS2pLT0ZpbjVEK2hsOG9aZ0Z0UXE0d0ZwXC9MMUZUT1pPVkNhcjFibmJsR05hbUpZK2UwQm5NZTgzcHJvTXpxTFp5cUZBQm1jNXNxWGdvVmNDTEIxa0FaejB3VyIsIm1hYyI6IjRkYjgyMDg0ZjEzMzNjZDExMjdkYTc1OTYzNTc0MjliMDZlYzkwZWJkOGQ1MmEzNGE5YjdlZmFjYmI1ZDFjMzMifQ%3D%3D; expires=Fri, 27-Mar-2026 15:43:54 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":710,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"74fc73d9e3143a3a31cda4386ff02141","sha1":"8d336dde29955fa5010db0adf6612cb71213fe12","sha256":"f0f9a68cfabb62997244ad5520649e7201fd12662fec541d0a89046f4d4c279c","sha512":"7e7a2e9d4ed5910cf98a39feedad97260db5537b24711d4aeddf38c1434994142bd4eb94c1614df56ea628e8494225be93be4471905ebfc53023230a151f0656","ssdeep":"","tlshash":"c4014cee19c8166ae5c453c31803b518578b52a3bac0094537c8adf48e3d3e561ef5b3","first_seen":"2026-03-27T13:11:51.144483Z","last_seen":"2026-03-27T19:13:03.171422Z","times_seen":7,"resource_available":false,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/currency/quotation_new","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:56.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/currency/quotation_new HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImpVNGlyTkNXYkx2Z1dSTWFtZXAwUXc9PSIsInZhbHVlIjoiOEdsb2hXZGg0OHdFZFhONUxVNk9TSkhYZnZRXC9JcURoSTVcLzdaRURUYUpaTW02b1Nsa2NucllPaEZrTWlNS0o2cXVKcEc1TlN2dXpMTnFwUnpsZzczXC9uZ3FxSmQ4RWJ3ZE44eEFGdW5qSUZDblwvdHJSOGhxNWVZRzVOeGVhRnVsIiwibWFjIjoiNjY4OGQ0ZWMxN2VkNDRkMzYxM2U4MDNhNzAwOTFmMjgwZDdjZGZmOGEyN2FjMjNkZDcyYWY5MDc2NzIxOWIxMCJ9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:57 GMT\r\nset-cookie: phemex_session=eyJpdiI6Im9tSkRpR21yUllyTTg0dTF4eGV0T0E9PSIsInZhbHVlIjoiMWhxM0lcL0FwRUY2c3lKYnB5R0JIVHdQUjZNSXlCVE5CNnZxWGM2WVE5eWphRERxREJrM0RpKzdUY1FUYm1PbzUwZHlhWlB2UUdIMUNQa2Fpc0xaaEVMak5oQkx1Q3NSOXNZRExuNEVodm8xMlBCb1BEVEZxOVFndUZaSjFtS1RjIiwibWFjIjoiNzMxN2FkYzgxMjBmNDNhMDY5MjE4ODNkMjQ5NmQ5MjVlZThmNzhhODE0M2NhMmRmYzQyZjA3MjUxZDNiNTVkZSJ9; expires=Fri, 27-Mar-2026 15:43:57 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13212,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"95abd599e00ee0930a4c977b229a98a8","sha1":"b3520e1cf78715a4f1b1456f72ba758422b9ceb0","sha256":"345d989c9937970dfcb86a9dac7bf0538be61a0cc1811ab15cd25d3e6dccf182","sha512":"8652ff0664dd330ea74f29b34f707ccc23dcaba03cc73b504409762730a21a89911cdb1aaf97c19e8e0390ca4eb3b413979837308a4ef39a497c40670182c2d7","ssdeep":"192:1taPdADAbWnpSyAEdECKHA+EhLAmEb2AmEs/79AmEznAmE8lAmElB4AmEqjAme+r:rgAbSUKCa8C9qYllT8WZH9wUWfvNLCv","tlshash":"01529d8d361c9978c6f27ec2deeb36a93555700badc24f41c3ed5f88028963be50b652","first_seen":"2026-03-27T13:44:15.205098Z","last_seen":"2026-03-27T13:44:15.205098Z","times_seen":1,"resource_available":false,"data":null}},"time_used":558,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":558,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T13:43:48.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://phmexotc.krako.cc/h5\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:50 GMT\r\nset-cookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D; expires=Fri, 27-Mar-2026 15:43:50 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2536,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T02:09:27.812438Z","times_seen":14041081,"resource_available":true,"data":null}},"time_used":3623,"timings":{"blocked":1635,"dns":1013,"connect":306,"send":0,"wait":353,"receive":0,"ssl":312},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-index-index.05ad4463.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/js/pages-index-index.05ad4463.js HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 27 Feb 2026 09:33:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a164ef-17b9d\"\r\nexpires: Sat, 28 Mar 2026 01:43:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":97181,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65322), with no line terminators","md5":"5b74290dfd9de61f67087922d2b40223","sha1":"09bd3be34154bc652c293bac1ffbf660c3a103ba","sha256":"9aace768821bd16cc701bfa831de4c87230a9dc6576876fa18dd8771ee7545f6","sha512":"a5b197afeced7d41161b7d2605663663422a4425db7db7f0665abb7e7668ffe589f61a890a9a81d11d621a8d598ebe2d038ea456a3f2c30815d5982304dea41d","ssdeep":"1536:27KUmJGaxKbh1MbRT+R7MqsxNecFKZOsBlUtv/f45f8cmCyT6BmL:4T0qsxNeS6O8qfGj86u","tlshash":"9a934d18f14bf06fa85bd028206f3d1620362e65d406afedf376e5948d9eb9e1163b1c","first_seen":"2026-03-27T13:11:51.122714Z","last_seen":"2026-03-27T19:13:03.174713Z","times_seen":7,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/lh/send/get_recommend","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/lh/send/get_recommend HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\nserver: nginx\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":418001,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2282)","md5":"798de936f98a52c1422bfe1fdbbf33e2","sha1":"22f2e4483eb45112e4530b7893594fe1dfde6acd","sha256":"c7b25e993ae07a37f1cf7b3058950da58963732c84318921ac0eb5b6ebe9d215","sha512":"471141ba7e678400193e4816c25e1a8426fd446fcdb607824cb5885aaf41192cbe7381af497dbe091779d75d5a663cccdc86dbab0eec14d142e536fa1cf7d7ee","ssdeep":"12288:iFZg6pivbJr+0DcA93hb5E/DTe8gHFNstN7dSLNIB:ZJxNIB","tlshash":"3d943091abe255b7023780e242d69b29b1f99207f5d0014173fce7a89f8ce60f5e2d76","first_seen":"2026-03-27T13:44:15.211047Z","last_seen":"2026-03-27T13:44:15.211047Z","times_seen":1,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":454,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/upload/1754231143970233.jpg","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /upload/1754231143970233.jpg HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IkduNUxKQnVLTUdGQjVXeDRVWVNUUGc9PSIsInZhbHVlIjoiRVYyRDNWRzkzcm0ybE5ubTNrRUs2Wmp4MnQwUVwvWmp0M1phVEZZS2pLT0ZpbjVEK2hsOG9aZ0Z0UXE0d0ZwXC9MMUZUT1pPVkNhcjFibmJsR05hbUpZK2UwQm5NZTgzcHJvTXpxTFp5cUZBQm1jNXNxWGdvVmNDTEIxa0FaejB3VyIsIm1hYyI6IjRkYjgyMDg0ZjEzMzNjZDExMjdkYTc1OTYzNTc0MjliMDZlYzkwZWJkOGQ1MmEzNGE5YjdlZmFjYmI1ZDFjMzMifQ%3D%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 03 Aug 2025 14:25:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f7167-68d6\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26838,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 768x280, components 3","md5":"a32bb2bf98df930d09da0f42089c66ed","sha1":"c273c67dac7cb40e514c68c6958c12b7e5619fed","sha256":"9f69a9934ea43d3c9da05108106c660c3695989b0e90dd6023705c73e333eb4a","sha512":"384f543345dc9b06194721b9830989bd9409207739259fe57ec6980492027d1a24546dac22d7dea3fa77ff89cb18b27ba80e5c6c56946c8b5e54bbce51f871a7","ssdeep":"768:ixYW1zxBMM0xwUK8sM24q8dnPZrXJ3myUgYaxAHyQ:ijh3MM0sb2dnPZLJ3OH4AH","tlshash":"2fc2c00eba5911d3f89687b97d898669604d6f808d22816ff04dd0aa53fe7b04bbc1c7","first_seen":"2026-03-27T13:11:51.114742Z","last_seen":"2026-03-27T19:13:03.162767Z","times_seen":7,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/currency/quotation_new","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:44:04.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/currency/quotation_new HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxcL1BCdmRyV0Q5RFwvOEQ3U3ZibHhVUT09IiwidmFsdWUiOiIrdmxcL1RaQ2h3cXJSckU4T3d3ODdlRFZwXC8zUGg3eHJpMmNnV29PcThpdStjdkRSSUJrSVdGd3h5SUszM3Y2M0NXbjUrRlpHNnV6TUtaNURLZXk3ZUlaT0JVTFwvVHdFdlE3aENJY1RzS1labG9oajExXC9RNHg3RTliWE5yTWt5QjMiLCJtYWMiOiI2NjVkMzllZjgyM2YzYzMyN2EzOGIyYzBlZjQxYzY4Y2ZlNWVjOWY4YzUxZjE3MjdjOTM4N2NlMzJiNzdjNmJkIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:44:04 GMT\r\nset-cookie: phemex_session=eyJpdiI6IlNnT1ZNaGg3YVZEUDEwZ3VIRTQzOGc9PSIsInZhbHVlIjoiWlB3SVhrZmFTZldHdHFmZmZ6Nk1tb3VCc0NVSENjRFV1bUFSRmExM1FJNWZyc2pWcllaNWZcL2Z5cmlkTDltM2VBMWdhdGg1YVUyZlVwSTdKSTlZYUVuVTF5dVdcL0FsN1RrZmNZekFJZHBiK1FLRkNybTI0ekVlc2xnek52SE5hdSIsIm1hYyI6ImM0MWQzM2E3N2UwZWFhNTgyOTNlYjQ5ZWRkM2I3M2VhMGMzNjM2ODlmYWYyYTMxODNkM2YzMzExYzA5Nzc2ZTYifQ%3D%3D; expires=Fri, 27-Mar-2026 15:44:05 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13230,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"75a9023287c626b4d327b4c4154955b0","sha1":"7ba7562cfbc555b89ab1fe68d922253a015f4231","sha256":"4de9c44ae098bd537f3b02802f13a588fc84a3f2167bb0382a00eab1cab5ade0","sha512":"4044b4cb2f562ad40f986eccf8672436e7f9a5f24a9d8a08274413fc815d4c8816d37a1a31a789efb44fee0a244b0fcffb6dcfad5e84da4434460c4ca43762dc","ssdeep":"192:1taPdADAbWnaSyAEdEUHA+EHLAmEp2AmEsz79AmEAnAmEllAmEjx4AmE5jAme7d6:rgA4SGe8Yjoax/QoE8WZHqwNWfKNLinv","tlshash":"65529e8d361c9e78c6f26ec2deeb36a93555b00badc24f41c3ed5f88028563be50b552","first_seen":"2026-03-27T13:44:15.219594Z","last_seen":"2026-03-27T13:44:15.219594Z","times_seen":1,"resource_available":false,"data":null}},"time_used":610,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":610,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T13:43:50.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5 HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:50 GMT\r\ncontent-type: text/html\r\ncontent-length: 162\r\nlocation: https://phmexotc.krako.cc/h5/\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2536,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T02:09:27.812438Z","times_seen":14041081,"resource_available":true,"data":null}},"time_used":306,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-assets-deposit-charge~pages-assets-deposit-udun-charge~pages-assets-flash-index~pages-assets-i~b1c56da3.f5cb0a46.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/js/pages-assets-deposit-charge~pages-assets-deposit-udun-charge~pages-assets-flash-index~pages-assets-i~b1c56da3.f5cb0a46.js HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-d880\"\r\nexpires: Sat, 28 Mar 2026 01:43:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55424,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (55308), with no line terminators","md5":"a69ed18f55296f2c8e9b7e491aed000c","sha1":"104f6853e000f86611439730b2b6a9c9a2cfdd0a","sha256":"6d4d5437f7e0d3f1091fc1f5d3cc34a0e72bb2f2f526d469f863e5568551e029","sha512":"b51e2123bf1dfad4fa3c35236f0a9ba353047b5ca41b084f65a50a6c535ccfdef6e4a97d783031008d4d7a84ddd6a1f332d47992e00f96b33c0a622d60fa8eea","ssdeep":"1536:1usYId0FHoMqu7NdEAaM2Ol51hwJX2RcJZHYpN7xCIx/+eJF4cL3nnisGQaOmvfk:1usp0NVr7fnaMj51hwJX2RcJZHYpN7xv","tlshash":"7543fae6e10c1cd17f7bcc8f6240235f6549ff62d9968dd8f126264c8de27a021a973a","first_seen":"2026-03-27T13:11:51.15779Z","last_seen":"2026-03-27T19:13:03.165862Z","times_seen":7,"resource_available":true,"data":null}},"time_used":318,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":318,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/tabbar/tabbar-trade-dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/tabbar/tabbar-trade-dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-6f7\"\r\nexpires: Sun, 26 Apr 2026 13:43:53 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1783,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced","md5":"924774de89f690148969766739d185fb","sha1":"695a4e9b8b3153d44cb80b41f0dbc6b260d584ed","sha256":"e3cffa48f57b5da551c2e0431279d16f59ad01702f974caaaa0ca641ce4257c5","sha512":"93212cbc0f0dafbd23973dabb6f2cc289a6ca2ee6ed520d333b300663900a812faa9afed7d2c49f340a6968a28fd0080790ff34cc25b78601f1e202f8c1327b2","ssdeep":"","tlshash":"a4310b9bf9907481dd95e99004f7b5265b394940c3c09218b4ef58232c712fe987e1df","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.360658Z","times_seen":118,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/tabbar/tabbar-option-dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/tabbar/tabbar-option-dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-646\"\r\nexpires: Sun, 26 Apr 2026 13:43:53 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1606,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced","md5":"aebdd7fcf282bc311c63aff7dfe05e8d","sha1":"5ce7c85bf972b2f6c3a72e60b8bf86d6810c33f3","sha256":"7213f978329cfcb949eeecb1f59a84f6f24ad6d88ee0de15a2ded298aeb9df09","sha512":"a28aaaa24352ba84b58ec7023b2790a5772530986413444a5ab2cc24071bdf69bb09dc089ad4b79a4cb8f7e75de9d2570cc648b3a392f07dacf847a0a0c7f4ee","ssdeep":"","tlshash":"6631c85bee58bc006689eac210f7352789228584df40e1b5a4e7c86d6db20fb040d6d7","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.285211Z","times_seen":122,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/news/list","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"POST /api/news/list HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nContent-Length: 14\r\nOrigin: https://phmexotc.krako.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":14,"data":"c_id=4\u0026lang=en"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\nset-cookie: phemex_session=eyJpdiI6InRTR05pQjhoQURDWlVtWU82MDBKUFE9PSIsInZhbHVlIjoiOWFORlVndnNXbDhwTFlSMFgzbmVWME93dVwvVExsWm52Z2N3S3B5XC9xaDB6NjE5SDFQUUgrNnVqazdrT28yWHdqWHRJaWgwK1YwcTcyeDJlNmxUTitzZTdvNE5yMDJKQnI2V05wTk56ZXdyajBnZVowOVpZb2pMbFVKVzVGZitRWCIsIm1hYyI6Ijk4OWY5YTVkMWJmZDNlNDgxNTIxNTc0MzEyOWEzMTA3NjI1MzgyOTI5MDRjMjllNDc5YzcwNjZjZmYxMDE0MGMifQ%3D%3D; expires=Fri, 27-Mar-2026 15:43:54 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bace47e4713844c973de88e19678c6e0","sha1":"570e51227d00a907a45f9f546ffb472fa5f0f7da","sha256":"42692ab1be49a1606270fb6a6e639cb4eb95db75580cd4645b64d8ed88b3073e","sha512":"461b0fc2193876a9e6cf68eb09d070c01736b653b92c47690ab586575fcbc894ce6e14a941aa224ab2602100c055516a006cd9444b582fa40b658211720e97f1","ssdeep":"","tlshash":"1ba0222020000cba8b0a22e2300b30a2888c20808f0383000ac0a00cc38c0ac2822a3f","first_seen":"2023-08-27T03:45:08Z","last_seen":"2026-04-17T00:36:21.36253Z","times_seen":120,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":336,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/lm_6.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/lm_6.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-6c7\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1735,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced","md5":"fb7c1ab1476b2b6be4d49a6cb35fb25b","sha1":"986fbfc4d865ce4e0043049603073670161ed6ed","sha256":"57d4a342ec3e59be5d2fad45490700adeccd84a0b3cb16c94f788dbe8b7718a2","sha512":"4ed1530275ce8eb6963dd15c89d38b443fdf4938282927e3dc4233296efa4cc53edde8ed364e457fb766a4e1e2b22dc419a694842a1a5294a05e98d5fa67d7af","ssdeep":"","tlshash":"e931850eb551ba4252ede68129f7417ada079c408bd4b0a174cfd06299223b4856b3cb","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.3117Z","times_seen":122,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"124.220.205.65","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:55.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Fri, 27 Mar 2026 15:43:55 GMT\r\ncache-control: max-age=7200\r\nset-cookie: __uni__uid=rBEQRWnGiZu8/zu8A5pCAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-04-22T01:43:05.160138Z","times_seen":14984,"resource_available":false,"data":null}},"time_used":1773,"timings":{"blocked":760,"dns":48,"connect":249,"send":0,"wait":251,"receive":1,"ssl":461},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/index.27afeffc.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:51.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/js/index.27afeffc.js HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 02 Mar 2026 09:58:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a55f60-bed15\"\r\nexpires: Sat, 28 Mar 2026 01:43:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":781589,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (45566), with no line terminators","md5":"4c5ae151bde3ff0e95752780184e22ab","sha1":"0433a71ad6852328590e2591accac8ab2c601523","sha256":"f14faadd5ea0ecdf64f0b6c248437568101100acaf1a9e3fbc49f3be0a6cd47a","sha512":"59c9100a2eb6619b6b2413e05126e9932fcc84e4639f076bfddb51264ace1efc145f7a5873ce5a8bfcde3bd78b8412a4a4f08468c1b38b0de40f34a3a10f3b19","ssdeep":"12288:b9PGmoqbzRDJDPatvI22uG+H3j25NEwOP5mwBb/OWMKGn58aoCwyJJQCOsMCmOUM:b8QRDJDPatvI2nFcEwOXBb/OWNGnw2EC","tlshash":"c8f49e5775c904bd56829202f04bbb4c21fe1ce8aa4af4d692dc4a3463f6d46e03bf79","first_seen":"2026-03-27T13:11:51.175031Z","last_seen":"2026-03-27T19:13:03.159742Z","times_seen":7,"resource_available":true,"data":null}},"time_used":1228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/set/lang","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"POST /api/set/lang HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nContent-Length: 7\r\nOrigin: https://phmexotc.krako.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":7,"data":"lang=en"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\nset-cookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9; expires=Fri, 27-Mar-2026 15:43:53 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d767a311681c187f7011b4fb2f267cef","sha1":"6140bd201e3c4519743f5b2f8951571d3dad725e","sha256":"8add1ded634f0f2722534548a07e1c048665d2c2e7ad63744e2c29853bb7b942","sha512":"5f79f90e3823b7b9e6a23f8f100fd9a14ca864e416d4fd7da3c1584cb2b0e1b90c2337bb4bbb1582d650e91f5e6a637653f7dae4e757b4bc9ea567bd229d4087","ssdeep":"","tlshash":"a6a011822a202a8c8e020ac8a028008002820080c08aa2000cb88038a22b830b023aaa","first_seen":"2026-03-27T13:44:15.23105Z","last_seen":"2026-03-27T13:44:15.23105Z","times_seen":1,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/tabbar/tabbar-assets-dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/tabbar/tabbar-assets-dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-5bb\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced","md5":"b290e229cb2c59172ddb91e298145bf0","sha1":"3ac1fcba57af7cb85a44ea8b19e902d5a474d830","sha256":"22a95652799432be65d87e0ab15ccfe4b557430fae9e90def9143931df807bce","sha512":"529b6228fd57a00a1e23a4954bac40e2657170b6e8440add96e9f05b1f541dca6332effd437fa4cc77ebdb6d6e9aadbf515acef3c5b82e70d91400f1983e3f8e","ssdeep":"","tlshash":"db31cc43fad07c801a48e9d713e540114e675d80e6d4edb6a4cabc66df710fb545c6cb","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.309891Z","times_seen":121,"resource_available":false,"data":null}},"time_used":579,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":579,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/upload/1754231039336965.jpg","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /upload/1754231039336965.jpg HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IkduNUxKQnVLTUdGQjVXeDRVWVNUUGc9PSIsInZhbHVlIjoiRVYyRDNWRzkzcm0ybE5ubTNrRUs2Wmp4MnQwUVwvWmp0M1phVEZZS2pLT0ZpbjVEK2hsOG9aZ0Z0UXE0d0ZwXC9MMUZUT1pPVkNhcjFibmJsR05hbUpZK2UwQm5NZTgzcHJvTXpxTFp5cUZBQm1jNXNxWGdvVmNDTEIxa0FaejB3VyIsIm1hYyI6IjRkYjgyMDg0ZjEzMzNjZDExMjdkYTc1OTYzNTc0MjliMDZlYzkwZWJkOGQ1MmEzNGE5YjdlZmFjYmI1ZDFjMzMifQ%3D%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 03 Aug 2025 14:23:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f70ff-68d6\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26838,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 768x280, components 3","md5":"a32bb2bf98df930d09da0f42089c66ed","sha1":"c273c67dac7cb40e514c68c6958c12b7e5619fed","sha256":"9f69a9934ea43d3c9da05108106c660c3695989b0e90dd6023705c73e333eb4a","sha512":"384f543345dc9b06194721b9830989bd9409207739259fe57ec6980492027d1a24546dac22d7dea3fa77ff89cb18b27ba80e5c6c56946c8b5e54bbce51f871a7","ssdeep":"768:ixYW1zxBMM0xwUK8sM24q8dnPZrXJ3myUgYaxAHyQ:ijh3MM0sb2dnPZLJ3OH4AH","tlshash":"2fc2c00eba5911d3f89687b97d898669604d6f808d22816ff04dd0aa53fe7b04bbc1c7","first_seen":"2026-03-27T13:11:51.114742Z","last_seen":"2026-03-27T19:13:03.162767Z","times_seen":7,"resource_available":false,"data":null}},"time_used":682,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":682,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/favicon.ico","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:55.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImpVNGlyTkNXYkx2Z1dSTWFtZXAwUXc9PSIsInZhbHVlIjoiOEdsb2hXZGg0OHdFZFhONUxVNk9TSkhYZnZRXC9JcURoSTVcLzdaRURUYUpaTW02b1Nsa2NucllPaEZrTWlNS0o2cXVKcEc1TlN2dXpMTnFwUnpsZzczXC9uZ3FxSmQ4RWJ3ZE44eEFGdW5qSUZDblwvdHJSOGhxNWVZRzVOeGVhRnVsIiwibWFjIjoiNjY4OGQ0ZWMxN2VkNDRkMzYxM2U4MDNhNzAwOTFmMjgwZDdjZGZmOGEyN2FjMjNkZDcyYWY5MDc2NzIxOWIxMCJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:55 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-22T02:01:31.193065Z","times_seen":493251,"resource_available":true,"data":null}},"time_used":435,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/currency/quotation_new","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:44:07.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/currency/quotation_new HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IlNnT1ZNaGg3YVZEUDEwZ3VIRTQzOGc9PSIsInZhbHVlIjoiWlB3SVhrZmFTZldHdHFmZmZ6Nk1tb3VCc0NVSENjRFV1bUFSRmExM1FJNWZyc2pWcllaNWZcL2Z5cmlkTDltM2VBMWdhdGg1YVUyZlVwSTdKSTlZYUVuVTF5dVdcL0FsN1RrZmNZekFJZHBiK1FLRkNybTI0ekVlc2xnek52SE5hdSIsIm1hYyI6ImM0MWQzM2E3N2UwZWFhNTgyOTNlYjQ5ZWRkM2I3M2VhMGMzNjM2ODlmYWYyYTMxODNkM2YzMzExYzA5Nzc2ZTYifQ%3D%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:44:07 GMT\r\nset-cookie: phemex_session=eyJpdiI6Ikc2QitneEpJUjFrYkQ3U2NtajR4T2c9PSIsInZhbHVlIjoicXdVY2diRnY4YkxXbmZzNTg3ZlJwMWdVTnFFalZGVHdTWHp2ZU0zWVNLN1RyWTA1UVBsS3c2MUl0SFlaRzN4ZThVQ1Y4bVJvZURXaTFYc0k5U1VNd2kweUNBTFloSjFVYmNQWXQyVkpUUUl0QkdcL3hmTHZmR3pQOWVrOEtSd0NzIiwibWFjIjoiZDRkYTYwMTljODJjMGY0NzlmYzUwMGY0NDkwOTVlMmI5OGVlNDliYjE1OWY4MDVkYTVhY2YxN2YyNjI2NmVmNiJ9; expires=Fri, 27-Mar-2026 15:44:07 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13216,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fe35f1b242ca9a756fe9816497818e74","sha1":"27e14afc24b18c6223ceadf614e603d085bea337","sha256":"c310057705cbb63b61cf3d83e82e7f9a80ffea1b4477082eb7e4bc5c30b0d43d","sha512":"ca904f91d54d0d96342f622f2a41a6d9f665f04ca9488747d1c0a80fd6aa1760d9870345dc6d4a9775f661bfb9e9647b7c803d4bf015c4a7bdf3f4cbf534329b","ssdeep":"192:1taPdADAbWnDSyAEdE+5HA+EGLAmEJ2AmEsf79AmEVnAmEvlAmEM4AmEzjAmefdc:rgA5Sc53sc0+5JEwqg8WZHDwmWffNLUv","tlshash":"1f529d8d361c9a78c6f27ec2deeb36a93555700badc24f41c3ed5f88028563be50b652","first_seen":"2026-03-27T13:44:15.23484Z","last_seen":"2026-03-27T13:44:15.23484Z","times_seen":1,"resource_available":false,"data":null}},"time_used":506,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":506,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"phmexotc.krako.cc/socket.io/?EIO=3\u0026transport=websocket","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://phmexotc.krako.cc\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: cGX+5LzJyhyj6kHoJ0Ox2A==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Fri, 27 Mar 2026 13:43:54 GMT\r\nContent-Length: 0\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Version: 13\r\nSec-WebSocket-Accept: fYx1QkpwDuAGnw33l+p7ipU+u1U=\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T02:09:27.812438Z","times_seen":14041081,"resource_available":true,"data":null}},"time_used":938,"timings":{"blocked":0,"dns":1,"connect":309,"send":0,"wait":310,"receive":0,"ssl":317},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/dark-bg-setting.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/dark-bg-setting.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-12cb4\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76980,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 1344, 8-bit/color RGBA, non-interlaced","md5":"3b228f3d9512fa00dc595c224e159cd3","sha1":"b31ef95165b22656e57542b02f1ae6fe7a4ab006","sha256":"6066de4ee64a6d6eaf1aea82051f163f8e0fb37a0e592209faf70e7bee992536","sha512":"4efa02ba8b089b6ce84b97aef347c9ca4d72be0e2dc59a8ed62f87b8646ad07ad05bf58ecd8b92abbe48554b163213f92af5c8f83126c203b49bbc3ce0cc8060","ssdeep":"1536:+e6a2j5Ca7gYzI/ZBn2suJFfBUd1fq9yZEpQoNpKuxd1lG2U8xSmm+jAFBnAGJ:/ijc/ZBtqdBUdUWEpQo+KmD8xbBjALAm","tlshash":"71730213f4840f3ec64f7a7020364fb26d2b348266cd94bd195a6a59ca443aee485bf6","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-03-27T19:13:03.175321Z","times_seen":49,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/bg_dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/bg_dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-12c39\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76857,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 458 x 238, 8-bit/color RGBA, non-interlaced","md5":"83a93ef276bd4d559bd024bef0f84dd5","sha1":"1a2e3e4675b4fe09899f741b389f3fdb51c4bc40","sha256":"cbb3606ea77f33898c90df41f20bd06a1c4fb22898e22c26e9f34b8f3dc137f0","sha512":"70bb3a4aa3249bad4d1dc0ef0a374b55e676061ad16faa7b68154c45143d865cd9eb4bab5b5926f82dcdca25b234ce213e8e06a4434658cc4af803ff85d5eb5f","ssdeep":"1536:sm52a2JRQSf7ZjZ1I5CvKWZHU+0Gi/HtH0ahddb0+07IJQ0OXMUpOxhUERH:/2au1I5C7RU+0GiPl0aBot7IJCe","tlshash":"e97302552ee1fa4d2578d060b2c9cf3799062d2366e857a8f365c2970fe8e801491bce","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.361685Z","times_seen":111,"resource_available":false,"data":null}},"time_used":381,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":381,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/upload/1754231103261384.jpg","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /upload/1754231103261384.jpg HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IkduNUxKQnVLTUdGQjVXeDRVWVNUUGc9PSIsInZhbHVlIjoiRVYyRDNWRzkzcm0ybE5ubTNrRUs2Wmp4MnQwUVwvWmp0M1phVEZZS2pLT0ZpbjVEK2hsOG9aZ0Z0UXE0d0ZwXC9MMUZUT1pPVkNhcjFibmJsR05hbUpZK2UwQm5NZTgzcHJvTXpxTFp5cUZBQm1jNXNxWGdvVmNDTEIxa0FaejB3VyIsIm1hYyI6IjRkYjgyMDg0ZjEzMzNjZDExMjdkYTc1OTYzNTc0MjliMDZlYzkwZWJkOGQ1MmEzNGE5YjdlZmFjYmI1ZDFjMzMifQ%3D%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 03 Aug 2025 14:25:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"688f713f-6161\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24929,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 474x264, components 3","md5":"7e1008fcf38f22be53a125a7786456a9","sha1":"820e25d5fff8ab778e6d5d0bf16fd46794340b8b","sha256":"f055c172f228521249f5c49141c85bac94fb28c809b94e146abe81cdb5694395","sha512":"43ee75e747f08bbdf5561b3157c4a2cbe9f218d35f972462ac5810a72ca497cabc6beffe993471d8e7aefe1d7e43327d732725843d846381722e4275754f237d","ssdeep":"768:1cUZjborw53v69w5zcxurPn/sIFquNW1qP:1NX3v0KzlrPnkyq9I","tlshash":"42b2d1399f3190ebe67ca0b6236147b605dd96bc75a00387f6cc6de0ed801946e80ece","first_seen":"2026-03-27T13:11:51.106567Z","last_seen":"2026-03-27T19:13:03.155901Z","times_seen":7,"resource_available":false,"data":null}},"time_used":664,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":664,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/api/currency/quotation_new","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:59.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /api/currency/quotation_new HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/x-www-form-urlencoded; charset=UTF-8\r\nlanguage-mark: \r\nAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6Im9tSkRpR21yUllyTTg0dTF4eGV0T0E9PSIsInZhbHVlIjoiMWhxM0lcL0FwRUY2c3lKYnB5R0JIVHdQUjZNSXlCVE5CNnZxWGM2WVE5eWphRERxREJrM0RpKzdUY1FUYm1PbzUwZHlhWlB2UUdIMUNQa2Fpc0xaaEVMak5oQkx1Q3NSOXNZRExuNEVodm8xMlBCb1BEVEZxOVFndUZaSjFtS1RjIiwibWFjIjoiNzMxN2FkYzgxMjBmNDNhMDY5MjE4ODNkMjQ5NmQ5MjVlZThmNzhhODE0M2NhMmRmYzQyZjA3MjUxZDNiNTVkZSJ9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST,GET,OPTIONS,DELETE\r\naccess-control-allow-headers: x-requested-with,content-type,Authorization\r\ncache-control: no-cache, private\r\ndate: Fri, 27 Mar 2026 13:43:59 GMT\r\nset-cookie: phemex_session=eyJpdiI6IkdTb0RsUGRCZDVtcUp3Vk5FWXJFU2c9PSIsInZhbHVlIjoiMDliTUxJMXFhNFJxTEh0XC9zM0V3XC9vNElKeHc5ODVzV2Z3RnZ1T1NmRFZJMXhSbllwdk1vQVFzV1RxZTg5MlY0OGxsMFNxdHlZSEZwRFMzaVVLZGttZHVYTkVxelM4VnRtekxaZDM3V1A5TkhKeU9NbFJneThNbzdQTG8zXC8wRHMiLCJtYWMiOiIwOTgyOGY5MzhkZDBiNGY3YWE3ODNhMzEzYTQ1ZDNmZjY5OTkzY2I2MDI1Y2JjZTBjMmU5ZDgxNDkzY2VkM2NkIn0%3D; expires=Fri, 27-Mar-2026 15:43:59 GMT; Max-Age=7200; path=/; httponly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13223,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"eaa4600aeaceb201ccc031ff8525aa84","sha1":"37d7a4e3c6d0c2dcfa5c75bb27d941aa73d79a95","sha256":"e1daf8f44959e5ee8a0b4b0b1ba7f339509fa88b44723e943f6c2a0ee7db2075","sha512":"3d091b8d0800ea333e79a0df60bb653f00bc1308650e53f9957d7c206cef174469fb0b3fc15f3e25982ef60d2c983e02b1ce2a63fc388af2a3491bd42ac9e5b0","ssdeep":"192:1taPdADAbWn1SyAEdEiHA+ElLAmEp2AmEsX79AmETnAmEGlAmEu4AmEMjAmeJdAs:rgAbSEe8IWn3Ge6L8WZHqwNWfKNLCv","tlshash":"f1529d8d361c9d78c6f26ec2deeb36a93555b00badc24f41c3ed5f88028567be50b612","first_seen":"2026-03-27T13:44:15.247642Z","last_seen":"2026-03-27T13:44:15.247642Z","times_seen":1,"resource_available":false,"data":null}},"time_used":550,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T13:43:50.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/ HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:51 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 02 Mar 2026 09:58:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a55f60-9e8\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2536,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2255)","md5":"ab7bf2b0b3b7cdcbc58aa27e2c182b21","sha1":"4649ce56691b0e0d39900b690a85158971923af4","sha256":"2c8b043cb5f963f29bdce9089ee3b1a250436f58c02883ea3e16ad0c5779367a","sha512":"7598b6712f6325de303783d3c922bdcb52e53779cedff337212108169026bfddb9187319a7b6dd526996e264f71a948ebe7528e625f9217583ae531df4878d5e","ssdeep":"","tlshash":"7c5186404771f67c83d430e9b967dc2d423a0c19fae1d7c46c4adc50aa8093bf6199e7","first_seen":"2026-03-27T13:11:51.10352Z","last_seen":"2026-03-27T19:13:03.165245Z","times_seen":7,"resource_available":true,"data":null}},"time_used":322,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":322,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/js/pages-index-index~pages-publication-details~pages-verification-kyc.977e242e.js","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/js/pages-index-index~pages-publication-details~pages-verification-kyc.977e242e.js HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-3ec1\"\r\nexpires: Sat, 28 Mar 2026 01:43:53 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16065,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15987), with no line terminators","md5":"c49d3ab8312a0c96b6025373070ab297","sha1":"3206ac11dacdc825df9baedfb20fd1a020a6ea30","sha256":"bbe8ec5df1c7a253f4e7646098bf9210f551b1c395006678f90d1102ba75a825","sha512":"29e247fe8675f551d036c63a752c17fa7d9729f0873130838ab5dad682bddedf162e6b59d8948807de58b84ab204e35142ac14987f415626a84acf3cd4fd466d","ssdeep":"384:tjr3YYR5LGbUcGTnVtTxZl9qZaAEZUSAZ:tjr3LR5LGbCj98abZZa","tlshash":"6d72f888f4c6f056068361b6806fa305013eaad975275b9c77baf6e14e5998c3363b3c","first_seen":"2026-03-27T13:11:51.148613Z","last_seen":"2026-03-27T19:13:03.176619Z","times_seen":7,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/tabbar/tabbar-home-select-dark.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:53.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/tabbar/tabbar-home-select-dark.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6ImxGRWhZanZTa2JJVzFOKzFkMXVRN0E9PSIsInZhbHVlIjoiVWdBTTRSRmNadk1DMzg1ckI3bFhUc0ZXWm9BWkhDMWh3NGJsZ0RIZFwvV3c2Mkk2R1pEcm9FMXZVWWFtaVowbkpKbjk5bmRGT0x2TWVpXC9qS3NxWG5EUlR2c2FrM2Jod2lIK3RMY2lyYkc3ajFGeUhJMUl1Q1wvOXpPN3pwQnQ3a0IiLCJtYWMiOiJkNjQ1MjdlNzExNGU1OWUwYzZkYjA1Y2IzMzQyZDYyNDg4MmQ0NWExMzAwZjRhMWU0MjI1MGU5NDQzYmI0YTVlIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:53 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-5b9\"\r\nexpires: Sun, 26 Apr 2026 13:43:53 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1465,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced","md5":"934544b5d0cce80e22dbeb07a7cae8d7","sha1":"0ee7dc6f66b4befdb85de689f1d0f1f40884097e","sha256":"48566e7b6ae1c9bf20babc74aa88b7c0798b7463a3f034c59cc2a7b8b47036b6","sha512":"60daa0831b4c111f2f187fb12ba71b88a8f296ddccf0cbcbaaf9e9119231e9980a5596190877887ddb586de0c204e87bac3e3280d6ae55ea945cc4bb3c35d9d4","ssdeep":"","tlshash":"4831c9ccf60539020749d2c100f75527cf568e81cbe4b3daa9c984ea48201f8961e6cf","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.301266Z","times_seen":118,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/lm_1.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/lm_1.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-61e\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1566,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 29 x 22, 8-bit/color RGBA, non-interlaced","md5":"67aa56d5d405bd3d01379013f9e2f382","sha1":"7922fe14b98f32272dbb4d842b84f3591bf91742","sha256":"21e9b6bfb5bb1d0a6adf6d342646e278dc6241aa2d540a59926cca62d4d70904","sha512":"ef702ad83413653c662f87346cf7915911966ad50b24e4d674bb0346c96aabb464613a4389c040e5137ea61ebe9a91d5b5972739bf5f551994e39c156f1214f2","ssdeep":"","tlshash":"cc31ba8af941bad2c644d5943cd90217dc7384a0d9d0d1f52a8ed0578d316f652eebcf","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-13T11:40:12.341092Z","times_seen":67,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":450,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phmexotc.krako.cc/h5/static/images/common/lm_2.png","fqdn":"phmexotc.krako.cc","domain":"krako.cc","tld":"cc"},"ip":{"addr":"103.178.57.38","port":443,"asn":141159,"as":"IncomparableHKNetwork Co., Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://phmexotc.krako.cc/h5/","date":"2026-03-27T13:43:54.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"phmexotc.krako.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 21:04:50 GMT","end":"Wed, 24 Jun 2026 21:04:49 GMT"},"fingerprint":{"sha1":"A8:3B:D4:C9:71:44:35:26:CF:03:8E:12:A3:53:28:5E:E8:BE:AA:A0","sha256":"2D:BE:C3:4B:B6:F4:16:3E:A7:9A:DC:1C:D7:6A:B0:9D:AF:7A:14:6A:0F:06:03:06:7F:32:3B:56:62:91:01:95"}}},"request":{"raw":"GET /h5/static/images/common/lm_2.png HTTP/1.1\r\nHost: phmexotc.krako.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://phmexotc.krako.cc/h5/\r\nCookie: phemex_session=eyJpdiI6IldobHNSY2VFYW4xVGQ1Wjl4WHo4blE9PSIsInZhbHVlIjoiT0tXTHV2UFZjYVUxVU1VZkxCdmZld0FsTGdVemo2YVBvV3I2R1N4SnZ4Rkh4MW8wUmxqcmVSdnZja3kxbFBsSVJROEpxR3Z0dERwRGRRS1lKUkRKUE5uNUtMYXJzQWpJeE8zSGdZRW9tNnd5S2pXK3AxUUZSeVwvU1F6N21HemhpIiwibWFjIjoiMWNiNWY0Y2JlMjNkMTI0MTE1YTQ3NDZmZDBiNzgzNWNmOWFlNDY4MWNjNDkwMzkxY2FmYTYxMmZlOTc0MDY3ZiJ9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:43:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Feb 2026 16:04:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ca8aa-5a5\"\r\nexpires: Sun, 26 Apr 2026 13:43:54 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced","md5":"06a43db0d552cb5a405ca74704a65705","sha1":"cc0890640d6c246c219ef4a93aedf0724a14f71c","sha256":"d857a8c315937da20836c04d2b4cedad4154c9e98726bd89ed00360ca9fd3fe4","sha512":"9bc8169a49a4fa5df08cbbb68af4dcd4372dfb6af0281c2d21e4f05c5a4c690f1cc7f8c148f0e36faead384049c910a36945fc3cc5ad3e2b695231d196ccfc44","ssdeep":"","tlshash":"8b3196dee94114c152ccad9311eb2023e5920c848eb5ba61f4cdd80b5e316f2016b9ef","first_seen":"2023-05-25T05:38:33Z","last_seen":"2026-04-17T00:36:21.28143Z","times_seen":120,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"phmexotc.krako.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"phmexotc.krako.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}