{"report_id":"ac879ce5-a498-436d-a288-3f4abda6a750","version":0,"status":"done","tags":[],"date":"2026-06-25T00:50:07Z","url":{"schema":"http","addr":"fakebinance.com","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"fakebinance.com/","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"title":"FakeBinance Alert","dom":{"size":34294,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"3b770c96d2c4a0a45c815270ff51bfda","sha1":"2b06cf7bfdd74261cdc926135b8f78e98cfb64ee","sha256":"1c6c76803bdcd9026655bae36cc8d57cb9853920720579bba1b9c4dfd03f02f6","sha512":"789c41212f3c36f1c711c615ccb932de630f301f72a12bc9c65df20a95744122531ed6a6b461055f3d69e0d09131e94282873aa35a1da14b2f668fbf1cf73dac","ssdeep":"384:BrdCaQO+JSPScP9H0gerGViJCC+xp0WlmgB6+uBp:/CjDJXY50brR/06+0p","tlshash":"eaf25469b8f117b701a346c76a956b6b3fd0a20bc5d5000132af47a80faedc1b563d2e","dom_hash":"domhash099709cfe48d2457df7fb241e7fa8a2c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"fakebinance.com","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-30T00:50:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fakebinance.com","ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-25T00:47:10.878352Z","last_seen":"2026-06-25T00:47:10.878352Z","alert_count":12,"request_count":6,"received_data":4456522,"sent_data":2933,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fakebinance.com/script.js","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"53b8c698384b5f5d28c7e816734ca1f2","sha1":"86d7f8d99a9ba306a14255c4a16e15962fc81c65","sha256":"03bd6fe06d07a69206c5fe2aa4686f0e9802880c4ae034f389a54b1214f8ad0b","sha512":"63f8a35335104b065eba4a948981ae4150ece2eddcebdd4a995cb81790417851ce6b272b945cca8828757d0219c19aaa7912725eef952062548370429236bd07","ssdeep":"384:V5LGTJMUo6O/D01Hxbp0TzLJuqi7QS2dpVA1oupMOl9hlPC:8J9oL/D0hdeUz7QS2dpVA1oGFC","tlshash":"c492299d1ab21665091701a26baa0780353c5a47cddabc6cbf5cc7280f9ca4fd4f3e6d","size":20271,"data":"","first_seen":"2026-06-25T00:47:18.863239Z","last_seen":"2026-06-25T00:50:08.645867Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fakebinance.com/assets/brand-mark-clean.png?v=1","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fakebinance.com/","date":"2026-06-25T00:49:43.864Z","timestamp":1782348583864,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fakebinance.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 15:14:34 GMT","end":"Sat, 19 Sep 2026 16:14:30 GMT"},"fingerprint":{"sha1":"7B:4C:4B:98:35:5D:D2:5A:52:1A:D6:86:34:CC:94:BB:6C:1C:8C:A5","sha256":"10:C0:A9:7A:F5:F9:8B:72:D0:CE:77:14:57:69:0B:D8:8D:AD:0A:1A:CB:1F:C6:18:33:C3:2D:32:62:5D:0A:4C"}}},"request":{"raw":"GET /assets/brand-mark-clean.png?v=1 HTTP/1.1\r\nHost: fakebinance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fakebinance.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:49:43 GMT\r\npriority: u=6,i=?0\r\ncontent-type: image/png\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"82f827475ebe4f391f8e72ed5da9a9e9\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AXAYBdcQbov47B6yaUnKZ3vJ7fEe8FZTR0moAKtDO219LBCJz3MbCS3hbNyT8qB1eGnHv1QNMQzHJ%2BSFPN%2FcwhIuxPqAxpyGmLQmSlsxeoDTrc5gObo9vVKe39HQFy5lwKM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 2186509\r\ncf-ray: a10ff95929cf5694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2186509,"size_decoded":2187172,"mime_type":"image/png","magic":"PNG image data, 1536 x 1536, 8-bit/color RGBA, non-interlaced","md5":"b7b1ad41409071865c0b932968b63d17","sha1":"f2e02b112ee12a165fd537b6876e7baae298ce03","sha256":"87c8b13be39a1d932f680b2f8bcb376ebe81ed3694a4a71bdc4aa4782108ba7b","sha512":"334ae78087e5f930eda23013d07140c6288fec43399ca6d661a9f62a2661bec6b60b307244ffd9c496c2ee3c4a8aee75b3c5c5b8878f32709dae59b7543c5fe7","ssdeep":"24576:yK7o2ox1EGKJyBLDGLeOvfLAtTC4Urp/2kmHRgKpzId7Y9din:bbtJuLDGLRfLUTyrpOniIv8","tlshash":"2425338473f91bc098fcf9589ba9da984a7915dc45a908abf5b3d3c08d4ec70bc875c8","first_seen":"2026-06-25T00:47:18.864361Z","last_seen":"2026-06-25T00:50:08.643212Z","times_seen":2,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":156,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fakebinance.com/assets/favicon-64.png?v=1","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fakebinance.com/","date":"2026-06-25T00:49:43.866Z","timestamp":1782348583866,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fakebinance.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 15:14:34 GMT","end":"Sat, 19 Sep 2026 16:14:30 GMT"},"fingerprint":{"sha1":"7B:4C:4B:98:35:5D:D2:5A:52:1A:D6:86:34:CC:94:BB:6C:1C:8C:A5","sha256":"10:C0:A9:7A:F5:F9:8B:72:D0:CE:77:14:57:69:0B:D8:8D:AD:0A:1A:CB:1F:C6:18:33:C3:2D:32:62:5D:0A:4C"}}},"request":{"raw":"GET /assets/favicon-64.png?v=1 HTTP/1.1\r\nHost: fakebinance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fakebinance.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:49:43 GMT\r\npriority: u=6,i=?0\r\ncontent-type: image/png\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"117c0fbc54c64288dd3a2daab0c63e27\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KBXeBkjQP7xZKwjjI8h2%2BjFK1Mebla3vwBkiIAh8H9HX%2BaRblKhqL7px5oaw1KtSGQsx5DBOTXZYI%2B7hMEOOWg9CaNyfSXYg6V3l9VdxA8qphqWX%2FzZG%2F7fiIp8bQSwWSIA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 5338\r\ncf-ray: a10ff95929d05694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5338,"size_decoded":6004,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"5a8eeb36a7a2de3c7247bff902f9d0f2","sha1":"6c45c4164d7fb55938dcc3fbcf4fc1efecdeb3ec","sha256":"6b99638510f215de88f59a5fdb12e376c188e48b828418cf05cef4f0a57e15d1","sha512":"0b707c7c5a870f59e9052c21fa8f837d69801deb4758d5bb3d75fd2f0c9dd70dd5552d2191cedc983b3aa2ecec8059bf64f3284a2f78cafbb4c7b101330e33da","ssdeep":"96:MPC1kPb8RxS4boM0qEggx4J6iKhD2et33vjXpfBw3mS2OoRKIzf/XcLWM6A:MagY+45EgKMpKhDTHvXW2zz32Db","tlshash":"41b17d922d6d671b113d230f37c1c049e9bf688687c68c2738cac7713e5a70345aa958","first_seen":"2026-06-25T00:47:18.865414Z","last_seen":"2026-06-25T00:50:08.644005Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fakebinance.com/","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T00:49:43.309Z","timestamp":1782348583309,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fakebinance.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 15:14:34 GMT","end":"Sat, 19 Sep 2026 16:14:30 GMT"},"fingerprint":{"sha1":"7B:4C:4B:98:35:5D:D2:5A:52:1A:D6:86:34:CC:94:BB:6C:1C:8C:A5","sha256":"10:C0:A9:7A:F5:F9:8B:72:D0:CE:77:14:57:69:0B:D8:8D:AD:0A:1A:CB:1F:C6:18:33:C3:2D:32:62:5D:0A:4C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fakebinance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:49:43 GMT\r\ncontent-encoding: zstd\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\ncache-control: public, max-age=0, must-revalidate\r\npriority: u=0,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZCoCnXh8jFp1l6ivGgGaAO5Ee2psTxvEYhpKupDcQvwMo0oRxSnL00XcHmD%2Fz%2F2yh1V91ogD6UuaDE%2F28mbyUXIrJm8tjqxwy7mYu0k5SR9QyvEqUHnolPSLdvyFwBbFRDY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a10ff95629b45694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25931,"size_decoded":8160,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"d75ee25c678fa5761470ee9f013fae5c","sha1":"21148d8206b3a5fa509cdd03a582771838ed373a","sha256":"8aa87c3beaea87f3ca10526fd9b87c852e84b4d7c6b24f83652c24ed6c280f13","sha512":"b82411aa77dedd0f97f7eba2d43f0fe9b86a4d8e03e08d81d90975ae3c58acc21e40c8cb1896530a523dc7723f501ece7ab8060b6e8c5d465da8dc2028e7a75b","ssdeep":"384:vr17CamsOGJIPSU3LMgerGViJCC+xp0WlmgB6HuBt:p7CqVJBIMbrR/06H0t","tlshash":"28c28529bcf117b301c30ac6aa9577166f91e60bc6da140031af47e80f6ade1b567d2f","first_seen":"2026-06-25T00:47:18.86116Z","last_seen":"2026-06-25T00:50:08.644692Z","times_seen":2,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":57,"connect":18,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fakebinance.com/styles.css","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fakebinance.com/","date":"2026-06-25T00:49:43.721Z","timestamp":1782348583721,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fakebinance.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 15:14:34 GMT","end":"Sat, 19 Sep 2026 16:14:30 GMT"},"fingerprint":{"sha1":"7B:4C:4B:98:35:5D:D2:5A:52:1A:D6:86:34:CC:94:BB:6C:1C:8C:A5","sha256":"10:C0:A9:7A:F5:F9:8B:72:D0:CE:77:14:57:69:0B:D8:8D:AD:0A:1A:CB:1F:C6:18:33:C3:2D:32:62:5D:0A:4C"}}},"request":{"raw":"GET /styles.css HTTP/1.1\r\nHost: fakebinance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fakebinance.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:49:43 GMT\r\netag: W/\"01d785e1fd8510a22076d952e7bc6d79\"\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\ncache-control: public, max-age=0, must-revalidate\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WaxzsFyUz6np6OuPMREN2H4fxPk4%2B5magFBDH0MqzG7ZJFbj5LM55ba5O9K3VhHRPtknX604PSRwVmVZ7TKwXIZemry6YTuJgiVxsPl1uTP1AnQ%2BghYHvCqMe%2Fsd0owVDQQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ncf-ray: a10ff95849c25694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27017,"size_decoded":7033,"mime_type":"text/css","magic":"ASCII text","md5":"065996e68fbb14ca235302a6c0411e3e","sha1":"d2f7561bf4b8332bc2377738f9b12cfe26bde4a0","sha256":"170421f88264e758271abc7c58578dfaf8e9a72e4a4498e1ebabcbba1339e817","sha512":"7ee5e29d002d5bdbcce6a3856a00343cf19911d17e9fbd4851308016728bc839f5a6daf7ca8b6ba643c188c3b8c43f4a9705487e9bbb388e27131e6a9c84ed31","ssdeep":"384:fDk5qCkLyIQXKClP9N1ebVhsDSF+48vYY/b9tHw:I5qCkWFJlDkbFCwY/b9tQ","tlshash":"91c2a7d156a12b14b83fe4a96983af47b368d053c50fdd7c6bea300caf8a1dd5272b05","first_seen":"2026-06-25T00:47:18.862126Z","last_seen":"2026-06-25T00:50:08.645278Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fakebinance.com/script.js","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fakebinance.com/","date":"2026-06-25T00:49:43.726Z","timestamp":1782348583726,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fakebinance.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 15:14:34 GMT","end":"Sat, 19 Sep 2026 16:14:30 GMT"},"fingerprint":{"sha1":"7B:4C:4B:98:35:5D:D2:5A:52:1A:D6:86:34:CC:94:BB:6C:1C:8C:A5","sha256":"10:C0:A9:7A:F5:F9:8B:72:D0:CE:77:14:57:69:0B:D8:8D:AD:0A:1A:CB:1F:C6:18:33:C3:2D:32:62:5D:0A:4C"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: fakebinance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fakebinance.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:49:43 GMT\r\netag: W/\"3ff02433f8e6fcef12b90996d2da6990\"\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\ncache-control: public, max-age=0, must-revalidate\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sxy4vL%2Fw0IN%2BRk0wRH%2FtxpENm%2BBrFsc3hWyyUTxM4ZehE8B95vHGzQ6bZaUq7fHt8WnFcAaBt%2FIpqhD7lPXN5wY%2F%2FTjbLmcK0Q2QbKUjq4xP8bzeKF6vEhymx6%2Bua%2FvGyxA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ncf-ray: a10ff95849c35694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21261,"size_decoded":9381,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text","md5":"53b8c698384b5f5d28c7e816734ca1f2","sha1":"86d7f8d99a9ba306a14255c4a16e15962fc81c65","sha256":"03bd6fe06d07a69206c5fe2aa4686f0e9802880c4ae034f389a54b1214f8ad0b","sha512":"63f8a35335104b065eba4a948981ae4150ece2eddcebdd4a995cb81790417851ce6b272b945cca8828757d0219c19aaa7912725eef952062548370429236bd07","ssdeep":"384:V5LGTJMUo6O/D01Hxbp0TzLJuqi7QS2dpVA1oupMOl9hlPC:8J9oL/D0hdeUz7QS2dpVA1oGFC","tlshash":"c492299d1ab21665091701a26baa0780353c5a47cddabc6cbf5cc7280f9ca4fd4f3e6d","first_seen":"2026-06-25T00:47:18.863239Z","last_seen":"2026-06-25T00:50:08.645867Z","times_seen":2,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fakebinance.com/assets/brand-mark-clean.png","fqdn":"fakebinance.com","domain":"fakebinance.com","tld":"com"},"ip":{"addr":"172.67.189.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fakebinance.com/","date":"2026-06-25T00:49:43.735Z","timestamp":1782348583735,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fakebinance.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Jun 2026 15:14:34 GMT","end":"Sat, 19 Sep 2026 16:14:30 GMT"},"fingerprint":{"sha1":"7B:4C:4B:98:35:5D:D2:5A:52:1A:D6:86:34:CC:94:BB:6C:1C:8C:A5","sha256":"10:C0:A9:7A:F5:F9:8B:72:D0:CE:77:14:57:69:0B:D8:8D:AD:0A:1A:CB:1F:C6:18:33:C3:2D:32:62:5D:0A:4C"}}},"request":{"raw":"GET /assets/brand-mark-clean.png HTTP/1.1\r\nHost: fakebinance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fakebinance.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:49:43 GMT\r\npriority: u=5,i\r\ncontent-type: image/png\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"82f827475ebe4f391f8e72ed5da9a9e9\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nLFie3JpxUR04DOfGo52B4VRkq1VnKyLO6ZLvre1By%2BiHj7nswgDiqN%2BttJKbIMEJE4DllNGh4SuVyY7Eu31ixQ1Ya2wNG11se0tVKMnatsMYpcHTGwzWFZfl6Kqpn3z5Iw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 2186509\r\ncf-ray: a10ff95859c45694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2186509,"size_decoded":2187169,"mime_type":"image/png","magic":"PNG image data, 1536 x 1536, 8-bit/color RGBA, non-interlaced","md5":"b7b1ad41409071865c0b932968b63d17","sha1":"f2e02b112ee12a165fd537b6876e7baae298ce03","sha256":"87c8b13be39a1d932f680b2f8bcb376ebe81ed3694a4a71bdc4aa4782108ba7b","sha512":"334ae78087e5f930eda23013d07140c6288fec43399ca6d661a9f62a2661bec6b60b307244ffd9c496c2ee3c4a8aee75b3c5c5b8878f32709dae59b7543c5fe7","ssdeep":"24576:yK7o2ox1EGKJyBLDGLeOvfLAtTC4Urp/2kmHRgKpzId7Y9din:bbtJuLDGLRfLUTyrpOniIv8","tlshash":"2425338473f91bc098fcf9589ba9da984a7915dc45a908abf5b3d3c08d4ec70bc875c8","first_seen":"2026-06-25T00:47:18.864361Z","last_seen":"2026-06-25T00:50:08.643212Z","times_seen":2,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"fakebinance.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}