{"report_id":"596c4fa8-1c68-42ca-8d51-e3158b9b74ef","version":6,"status":"done","tags":[],"date":"2026-01-27T12:21:19Z","url":{"schema":"http","addr":"cbpwa-coinbase.com","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"final":{"url":{"schema":"https","addr":"cbpwa-coinbase.com/","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"title":"Checking Connection - Please Wait","dom":{"size":5952,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"1a098823f61cf03db9fa3871b4fcb058","sha1":"2b2460f0d73612fcd549552979214037336e4631","sha256":"fbf037321f24e22240bb3a759c03e211c3625cf913a877da11749da8c6963182","sha512":"1576c2df747e08823881a05bfcd1077c34d13ef441b37f4ef0aea03d5fb6544dc953807429494d6e0cd7db9c0a47ebc6f3b7bab8208afcb4aba59773bf07d343","ssdeep":"96:KAV9+UHZx1a5MtVc+4TYA1zvUhfeZsPG2CsLZ2pb8XgZyTwPUtMINb:148Zx45MtPAxUEuPLZ2pIayEAM4","tlshash":"54c183ab3673002a675750945747a3023135a80722cbc8297bac4358cfe5799eab37ed","dom_hash":"domhashbb4c1be3855ed7068cd4082fb57f04fa","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cbpwa-coinbase.com","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-03T12:21:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-27T12:20:58Z","timestamp":1769516458,"ip_dst":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59628,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-01-27T12:20:58.796208+0000\",\"flow_id\":456489217691982,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.45\",\"src_port\":59628,\"dest_ip\":\"172.67.74.152\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3439,\"start\":\"2026-01-27T12:20:58.790862+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cbpwa-coinbase.com","ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":27,"request_count":9,"received_data":13798,"sent_data":5066,"comment":"","tags":null,"fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"api.ipify.org","ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-01-05","domain_rank":8166,"first_seen":"2014-10-06T12:38:43Z","last_seen":"2026-01-26T08:28:51.266566Z","alert_count":0,"request_count":1,"received_data":271,"sent_data":411,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ipwho.is","ip":{"addr":"138.199.37.230","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2022-01-29","domain_rank":18239,"first_seen":"2020-06-08T11:52:47Z","last_seen":"2026-01-23T07:01:04.314418Z","alert_count":0,"request_count":1,"received_data":1179,"sent_data":406,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cbpwa-coinbase.com/","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"introduction_type":"scriptElement","is_inline":true,"md5":"f606861c34f5495b9af5ea8f053dc5df","sha1":"b5f17589298fb2cad81401cf4d32726444e84526","sha256":"6e1663988c88d28ee6f62ffba7c1d34231db87d536c77846b330f00f5599c446","sha512":"d5caf6b8d17f7e2fbd34fc0e622de425ca97e64abd8dfb60718b210c46ea7b18cdc3ade1edb9ad39ea5f00cfff01e0dc44ab8a021e7a4d7b2f2f02d9d21244e3","ssdeep":"","tlshash":"6171446a3a771139476b20a54707a1053436a04b36c3d81c7b6c4210cfe6b6df673bee","size":3660,"data":"","first_seen":"2025-10-20T22:18:07.378583Z","last_seen":"2026-03-03T21:59:58.35226Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cbpwa-coinbase.com/","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-27T12:20:58.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nset-cookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; path=/; secure\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:20:58 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":6126,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"672abd55aaf3f09a4ae98f7d56876781","sha1":"4a283b0cc8c226f2e3210ec20fd95ef0814acf69","sha256":"ef406b54fe43327ec3ea136aa693a84c945019af021b2813102599a240c29181","sha512":"f4c2298e1add65d76285182a9f9201aeae1ea65fad693e5170ee54dc8c59f57eb418cbad0e611ea8b062801f72e8560101954ed934fe70147a77ab38421edc7f","ssdeep":"96:WM8CxB1f8MYjua5A1RkphdXMdIt2hsLATRf0Fnju5yu:WM8CxBJ8MaAvOyZGLATiJyIu","tlshash":"b0c181aa7625102a537792b497539301f835a45b23c381297bbc43448ff2749eba3fed","first_seen":"2025-11-21T21:37:23.594546Z","last_seen":"2026-02-18T12:34:39.716591Z","times_seen":14,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":238,"dns":100,"connect":65,"send":0,"wait":77,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/?format=json","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:20:58.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 12:15:50 GMT","end":"Wed, 01 Apr 2026 13:15:39 GMT"},"fingerprint":{"sha1":"E8:04:3F:4D:91:E2:52:D3:E0:EA:F7:1A:C8:8C:94:50:7C:2E:FF:FF","sha256":"A1:8E:F1:BF:52:25:E4:EE:2D:91:8B:1E:0B:E7:A1:C3:B9:7D:DF:7D:D1:57:11:6A:14:CF:F2:A6:DF:D1:B0:18"}}},"request":{"raw":"GET /?format=json HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cbpwa-coinbase.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 27 Jan 2026 12:20:58 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9c48350b9e364c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7d69c71af0f191e9a72db6153f8018d1","sha1":"f67c5f2887bc05654b47f76e9621e53a4091aed1","sha256":"5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65","sha512":"fdf43a8f3d843fe9008949d6709c8e2a5cd640f6101522319745f0a829f21dc8f4bd4d70ff3e2f6e1fd53ca0d2dd872bf3588c593a403071102ab28763cbdba5","ssdeep":"","tlshash":"b8700022000000208c80800eca0a032223a0000ac20a00088e800b2288a0b380282032","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-07T07:51:18.251001Z","times_seen":93313,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":43,"dns":22,"connect":1,"send":0,"wait":109,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipwho.is/91.90.42.154","fqdn":"ipwho.is","domain":"ipwho.is","tld":"is"},"ip":{"addr":"138.199.37.230","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:20:58.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipwho.is","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Mar 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A1:1B:17:6A:78:6C:D5:99:94:5A:7F:7C:C6:26:EF:8E:49:5C:8E:FF","sha256":"05:EE:0E:25:74:AA:B9:DA:0E:25:B7:DF:43:93:02:F2:C7:4F:DE:33:3A:75:61:9F:45:D9:B2:50:BD:76:DA:05"}}},"request":{"raw":"GET /91.90.42.154 HTTP/1.1\r\nHost: ipwho.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cbpwa-coinbase.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 27 Jan 2026 12:20:59 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-DE1-864\r\ncdn-pullzone: 4617583\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-origin: *\r\napi-success: 1\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 01/27/2026 12:20:59\r\ncdn-edgestorageid: 874\r\ncdn-requestid: 0bd65cdd670a5e15b54bddaedc498361\r\ncdn-cache: BYPASS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":648,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f227dd40442f2327179f85d2de8abb64","sha1":"4de1e52185ee3fc63d1ba0ef4038c6584bb529cc","sha256":"bd593d239f8b38237154b4dd3fa055642def60e36be68d631b98c7c1cb955332","sha512":"760520c435cc636a2384670b20c2d778a1548d364dd7320b86caf1a104609fecc3deea53cd0e81a41f6e7a89fe1635343e67e767ee6b1579690a08e7c3a1266c","ssdeep":"","tlshash":"99f0232602adad0d896f4389004efe4e27bcb007e28a59caceec1f94c1c06ed308110f","first_seen":"2026-01-27T12:21:23.695343Z","last_seen":"2026-01-27T12:21:23.695343Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":96,"dns":19,"connect":22,"send":0,"wait":26,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/log_visitor.php","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:20:59.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"POST /log_visitor.php HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nContent-Type: application/json\r\nContent-Length: 224\r\nOrigin: https://cbpwa-coinbase.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":224,"data":"{\"connection_id\":\"2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\",\"ip\":\"91.90.42.154\",\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"city\":\"Oslo\",\"region\":\"Unknown\",\"country\":\"Norway\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: Content-Type\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:20:59 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":56,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a518312fcd8e029960260cb425787c9d","sha1":"70243a61e561cead0e19dc59da47d66472c41676","sha256":"17863842e2b733b828e2ed24e51bf0300fa77cea0faa3d9cdafb97c8dc32f87a","sha512":"45687db0e83bf665f322226cd21488cdbe825095dd34cc2623b9da492815a1ace652043ec81343730bd6c1042924f182ba8530cbb7133739b349bb216045fc82","ssdeep":"","tlshash":"ea900227050468f69642171574353f4934d551d390c07015a01e901eab1a81332e722a","first_seen":"2025-05-05T15:41:10.547713Z","last_seen":"2026-03-03T21:59:58.350195Z","times_seen":34,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:21:08.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:21:08 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6c2899bb01c7306947b98df4122dfbe","sha1":"d35ea1559102d6777ea5920b0084f17197c44ae5","sha256":"a839711b15b8e9862282ec0ed1034f134efb54b5d9969e66ea285babef923d4a","sha512":"82437bee130f7a7680b7b047b16a07065170b31bb204daff6005536ef11829d678583007f6df147c67802fe6f9af70e8861d39eab8d2787d20bc48be24bc1478","ssdeep":"","tlshash":"30700022280800000ac80800e0000230baa08a80002ba0c0200c00288820880e008000","first_seen":"2024-08-20T12:53:41.601958Z","last_seen":"2026-06-08T13:10:14.290697Z","times_seen":2106,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:21:17.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:21:17 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6c2899bb01c7306947b98df4122dfbe","sha1":"d35ea1559102d6777ea5920b0084f17197c44ae5","sha256":"a839711b15b8e9862282ec0ed1034f134efb54b5d9969e66ea285babef923d4a","sha512":"82437bee130f7a7680b7b047b16a07065170b31bb204daff6005536ef11829d678583007f6df147c67802fe6f9af70e8861d39eab8d2787d20bc48be24bc1478","ssdeep":"","tlshash":"30700022280800000ac80800e0000230baa08a80002ba0c0200c00288820880e008000","first_seen":"2024-08-20T12:53:41.601958Z","last_seen":"2026-06-08T13:10:14.290697Z","times_seen":2106,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/favicon.ico","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:20:58.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 03 Feb 2026 12:20:58 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Mon, 26 Jan 2026 17:51:25 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4286\r\ndate: Tue, 27 Jan 2026 12:20:58 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"59fa7b2430edc250c1b0ea17abea16b6","sha1":"e25d35dc9a0a8c8540e6ad00896e509f73970918","sha256":"b590c8c8a13a839331c0d7f640d1c30266a96418f3458f1073f68a7887da77c3","sha512":"ccddbd84a828b35cbe63a280ce112fc2456ce3f3b434996ef5017e7a0e6eb2ba4885e5ddb054ce02c2b137d1ac1106d48c9ff8108049eff539adbbbcc87d2e2c","ssdeep":"48:VCd0O9+JOuaWP99Xed9snYBv+tX9lg3vrymxAaG:M0YuZ9ud94qCU/","tlshash":"999125d60f10847bf209bb7c1537c54e22af2f9468b4a2071a21b4e26ff2c9426f6c46","first_seen":"2025-08-03T10:28:53.204904Z","last_seen":"2026-03-03T21:59:58.350756Z","times_seen":37,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:21:02.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:21:02 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6c2899bb01c7306947b98df4122dfbe","sha1":"d35ea1559102d6777ea5920b0084f17197c44ae5","sha256":"a839711b15b8e9862282ec0ed1034f134efb54b5d9969e66ea285babef923d4a","sha512":"82437bee130f7a7680b7b047b16a07065170b31bb204daff6005536ef11829d678583007f6df147c67802fe6f9af70e8861d39eab8d2787d20bc48be24bc1478","ssdeep":"","tlshash":"30700022280800000ac80800e0000230baa08a80002ba0c0200c00288820880e008000","first_seen":"2024-08-20T12:53:41.601958Z","last_seen":"2026-06-08T13:10:14.290697Z","times_seen":2106,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:21:05.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:21:05 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6c2899bb01c7306947b98df4122dfbe","sha1":"d35ea1559102d6777ea5920b0084f17197c44ae5","sha256":"a839711b15b8e9862282ec0ed1034f134efb54b5d9969e66ea285babef923d4a","sha512":"82437bee130f7a7680b7b047b16a07065170b31bb204daff6005536ef11829d678583007f6df147c67802fe6f9af70e8861d39eab8d2787d20bc48be24bc1478","ssdeep":"","tlshash":"30700022280800000ac80800e0000230baa08a80002ba0c0200c00288820880e008000","first_seen":"2024-08-20T12:53:41.601958Z","last_seen":"2026-06-08T13:10:14.290697Z","times_seen":2106,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:21:11.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:21:11 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6c2899bb01c7306947b98df4122dfbe","sha1":"d35ea1559102d6777ea5920b0084f17197c44ae5","sha256":"a839711b15b8e9862282ec0ed1034f134efb54b5d9969e66ea285babef923d4a","sha512":"82437bee130f7a7680b7b047b16a07065170b31bb204daff6005536ef11829d678583007f6df147c67802fe6f9af70e8861d39eab8d2787d20bc48be24bc1478","ssdeep":"","tlshash":"30700022280800000ac80800e0000230baa08a80002ba0c0200c00288820880e008000","first_seen":"2024-08-20T12:53:41.601958Z","last_seen":"2026-06-08T13:10:14.290697Z","times_seen":2106,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbpwa-coinbase.com/check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E","fqdn":"cbpwa-coinbase.com","domain":"cbpwa-coinbase.com","tld":"com"},"ip":{"addr":"91.92.241.15","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cbpwa-coinbase.com/","date":"2026-01-27T12:21:14.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbpwa-coinbase.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 19:49:55 GMT","end":"Sun, 26 Apr 2026 19:49:54 GMT"},"fingerprint":{"sha1":"C5:0C:DA:D1:48:88:06:ED:7A:B5:B5:3C:85:0C:2B:D4:A9:CC:52:DA","sha256":"48:87:80:4D:5B:C7:F9:EF:15:23:2B:24:2D:40:54:BD:C1:F7:77:0A:F6:90:2D:46:0B:28:15:6B:EA:05:B8:62"}}},"request":{"raw":"GET /check_status.php?connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E HTTP/1.1\r\nHost: cbpwa-coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cbpwa-coinbase.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=6b7a08b17ac1700fea2f851c77f8c668; connection_id=2FBDF559-5CB9-4D98-A08D-DB883EF9F27E\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Tue, 27 Jan 2026 12:21:14 GMT\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f6c2899bb01c7306947b98df4122dfbe","sha1":"d35ea1559102d6777ea5920b0084f17197c44ae5","sha256":"a839711b15b8e9862282ec0ed1034f134efb54b5d9969e66ea285babef923d4a","sha512":"82437bee130f7a7680b7b047b16a07065170b31bb204daff6005536ef11829d678583007f6df147c67802fe6f9af70e8861d39eab8d2787d20bc48be24bc1478","ssdeep":"","tlshash":"30700022280800000ac80800e0000230baa08a80002ba0c0200c00288820880e008000","first_seen":"2024-08-20T12:53:41.601958Z","last_seen":"2026-06-08T13:10:14.290697Z","times_seen":2106,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-27","alert":"Phishing Block","trigger":"cbpwa-coinbase.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"cbpwa-coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}