{"report_id":"3184e039-4b36-491b-a0f0-6e573276e16e","version":6,"status":"done","tags":["malicious","clickfix"],"date":"2026-03-25T17:49:15Z","url":{"schema":"https","addr":"binance-alpha.org/","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"ip":{"addr":"104.21.13.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"binance-alpha.org/","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"title":"Just a moment...","dom":{"size":27737,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (5264)","md5":"58a6db80e7a60c27b8a0c80b8eef89bf","sha1":"876466807714f1e8213ecfc34bf488a087841257","sha256":"b9db05264f072f795dc8a347284f48d74cd82e3e3181dc6b35c5a534510eb129","sha512":"97a50e94f4401bfd4fc7d2b08f7acb9d946853cac62cac542f546b99dc0b2e2fcbc2393a7751bec7c4289ae91c21930c4fd3855f901af3dcaa17d5e26c9caeda","ssdeep":"384:SaFmCGuaFmCQcxhbVf9b+3CDwRcxhbVf9b+3CDNYUaFmC3l1/Yuk8A682zeRdyA:S+wu+Oi7b+3Ri7b+Y+4yA","tlshash":"b9c23b762abb7114a233c42275b11b8930219107e7038a6cbe7e5666cfcaa950df379c","dom_hash":"domhash01764ac256a77534fbbbf7aa4f36be1d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"binance-alpha.org/","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"ip":{"addr":"104.21.13.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T17:49:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"binance-alpha.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null},{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"summary":[{"fqdn":"binance-alpha.org","ip":{"addr":"104.21.13.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-23","domain_rank":0,"first_seen":"2026-03-25T17:49:15.254056Z","last_seen":"2026-03-25T17:49:15.254056Z","alert_count":3,"request_count":2,"received_data":21143,"sent_data":927,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"binance-alpha.org/","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"ip":{"addr":"104.21.13.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1b2a1141fc3ce3d8adcf8afb190d3da9","sha1":"26cefcebc18797429552a60dee7121565b15f8d9","sha256":"4d6e68ff203917ba710bb115e4efa42ade3023ea76ffe2a48f4e1db1bdb2e8da","sha512":"fad99f1d97e7ce8a530bb9315a0e71c9ea7c0e17b181abd4ac06ba1a27be3db70abb46e31828ca359e1a629fa83cba604809c59d2e9ab125925f20e30fe9decb","ssdeep":"","tlshash":"7ef0a35d3c57b06737f93934c2278e7f37950b0175c39524d646cd3578644861856e8d","size":445,"data":"","first_seen":"2026-03-25T17:49:17.99512Z","last_seen":"2026-03-26T01:00:34.06266Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"binance-alpha.org/","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"ip":{"addr":"104.21.13.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"526f637fe3da02d0addf84be99034b13","sha1":"7f76d37c23ac122e083dd9cc71c4ca9971ab3262","sha256":"abbd1511c88b86736000ee0e2cc3abe8905881a9f606e09467a23d2b24148585","sha512":"7e5f6305107e3e36d2ead2fc9a73f22ee9e3d30b46f4e0e6509d1712893fb2dc96edc7f3ba630d77b00074186dbc2a6a7c5af0486fbeddfd10c6dd2685d5b97f","ssdeep":"384:qRcxhbVf9b+3CDNYUaFmC3l1/Yuk8A682zeRdyR:qRi7b+Y+4yR","tlshash":"51723c7a3aff31205263d02777b60b893430a00ba702896c7e7d46999fd9e9449f37d8","size":15987,"data":"","first_seen":"2026-03-25T17:49:17.997678Z","last_seen":"2026-03-26T01:00:34.065176Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"binance-alpha.org/","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"ip":{"addr":"104.21.13.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T17:48:53.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"binance-alpha.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:28:31 GMT","end":"Sun, 21 Jun 2026 11:28:30 GMT"},"fingerprint":{"sha1":"3C:28:81:35:DE:E9:8D:D2:26:2B:82:71:45:48:46:CF:FF:27:07:DB","sha256":"21:1F:ED:FD:8C:CE:3A:86:69:75:7B:5D:3F:51:D6:E5:92:0D:39:1F:5B:A9:B2:77:91:67:71:A9:46:DF:95:25"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: binance-alpha.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 17:48:53 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 23 Mar 2026 12:36:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ezmO94zdXan5eTZjxeo5inTpPFdnm6jllrV%2BFljh39JXrMncpyQarCoN9j6s5oKL6oEl26UAGMac0tZUQhVtVoC2JyTZSig1MDtK7j3actgd\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9e1fbfc1888b4b93-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19792,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (4924), with CRLF line terminators","md5":"88390719ada7e452b7676696b16eaa15","sha1":"f076c9a6538acf9efdcc813157c6589119631cfd","sha256":"c64ed2b2b6e8c7e4e183697dc906b7668454e31a550327ed5d49cad4bed9385f","sha512":"08847449964fd69772edbb5efbfa2bb84b718f4f553991b0f30b5521d676ad540237e320ac61a00440942533d153764b4a98d5ed52b7a39f147a1ca30ddf9658","ssdeep":"384:RaFmCxHxcxhbVf9b+3CDo8PaFmCABKAgqscsFxLGXUEDl:R+fHxi7b+w+kDl","tlshash":"2b92183626b930149273c23276b14b89f434a117a702462cbe7e56679ffa99409f3bdc","first_seen":"2026-03-25T17:49:17.990956Z","last_seen":"2026-03-26T01:00:34.05751Z","times_seen":2,"resource_available":true,"data":null}},"time_used":353,"timings":{"blocked":69,"dns":41,"connect":8,"send":0,"wait":209,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"binance-alpha.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]}},{"url":{"schema":"https","addr":"binance-alpha.org/favicon.ico","fqdn":"binance-alpha.org","domain":"binance-alpha.org","tld":"org"},"ip":{"addr":"104.21.13.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://binance-alpha.org/","date":"2026-03-25T17:48:53.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"binance-alpha.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 11:28:31 GMT","end":"Sun, 21 Jun 2026 11:28:30 GMT"},"fingerprint":{"sha1":"3C:28:81:35:DE:E9:8D:D2:26:2B:82:71:45:48:46:CF:FF:27:07:DB","sha256":"21:1F:ED:FD:8C:CE:3A:86:69:75:7B:5D:3F:51:D6:E5:92:0D:39:1F:5B:A9:B2:77:91:67:71:A9:46:DF:95:25"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: binance-alpha.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://binance-alpha.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Wed, 25 Mar 2026 17:48:53 GMT\r\ncontent-type: text/html\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DQYSYg8DDW7HXAz2Un3ptQ7ECqq5Z9KY3NcSDXpvHNKZXMEqk0ASnna0PAwTW89OqqDs%2F0FswE2xOai8ZuhseTevlGaDCIx0sDISj7i%2Bo%2F9I\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9e1fbfc3f962ea60-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"706a98254456810d3e849c3957af9d01","sha1":"e461d072a6ba8f0082d6f187eba7f053343529c6","sha256":"8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229","sha512":"6fd0837b6c7485fcd783da728d9759a49f48e8a2f4757301a921735f7f41240b890b87672725c90e8295a21d039a369b203246e8bf71596cf1e2f9b543bc0277","ssdeep":"","tlshash":"fec02b2d36137c4cc5a3317432c3b080c0e6933774fa45110440800331cf2998ac7397","first_seen":"2023-03-25T23:23:32Z","last_seen":"2026-04-25T14:54:14.296561Z","times_seen":6545,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"binance-alpha.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}