{"report_id":"a1363f6a-e497-4e3a-ae3e-1c51419b9a75","version":6,"status":"done","tags":[],"date":"2026-03-14T12:34:40Z","url":{"schema":"http","addr":"webmail.456558coinbase.com","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"104.21.1.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"webmail.456558coinbase.com/","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"title":"Roundcube Webmail :: Welcome to Roundcube Webmail","dom":{"size":5848,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1329)","md5":"a2585f4663e288a533bc8c33f68c1375","sha1":"18bfc4fe25bd5357cb6f3f70bdfb687fb9f65faf","sha256":"4125d6c3806351409dba2689176b1afa26b913b0cbe18028efdc188c8e331f84","sha512":"9df651aa855ba3a94205dc2a88e118cccb7fba33984da2d798a07ef03dbfe26ce224a74f43b131b153f547219cc5d040089b64a513bf286f183eea3c204af0ff","ssdeep":"96:BzUHP9G0AUtENUJoZ0P1wNDGFA1OMJgkvAd3tUfD:aHP9KU6KJoSP1wNDGFAoMJgdtUfD","tlshash":"2cc1e9613c14cf3702b205e8b8cafa8d58fd8128da50ac58b8fc816d1fa5f9555f27b4","dom_hash":"domhashecc3fa4e00942ea22695c5f933a8be6c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"webmail.456558coinbase.com","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"104.21.1.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-18T12:34:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"webmail.456558coinbase.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-30","domain_rank":0,"first_seen":"2026-03-14T12:34:41.69175Z","last_seen":"2026-03-14T12:34:41.69175Z","alert_count":32,"request_count":16,"received_data":1219919,"sent_data":8725,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"RoundCube","description":"RoundCube is free and open-source web-based IMAP email client.","website":"https://roundcube.net","common_platform_enumeration":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","icon":"RoundCube.png","categories":["Webmail"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:8.3.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/common.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01066f1cc46b059ad28b87558bacc03f","sha1":"91ccde7be0285350041d941354bfff69ed55f169","sha256":"e452689c329fe371a98239d4620cde8fde1405261fe866d43089206377752752","sha512":"f3840b1cf2d7d56f7ccef81a1b13d4803753770b87210630aba0b7770b2785811e5c3f5f05c59b2e952899b6deecb257d9b3a03a95a17afa9938597097146394","ssdeep":"192:KB5Inw2doswR6NATbL+Ies8VkVLWitRBDYJ1+1tjUKLd+g1FyT6ks4/:KBenw2doswRoA/6IeVVunYJ16t51qn9/","tlshash":"99422acf3295647102696aa7267b028fb13685b86c7710bcf664cce4bc28c59552fff8","size":12745,"data":"","first_seen":"2025-02-13T23:56:52.984601Z","last_seen":"2026-06-07T19:00:59.929262Z","times_seen":1262,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"36ee42d5534d0bd0a7e22f0050c34377","sha1":"ae4b70d4885bfd3f1ed687df9931cad205728ce3","sha256":"eafc7d6b2ea95256dc03f090a33bdc5cdcdeabe63bc13b22f68ab9d11eb01709","sha512":"9eaf06eaedd80e199e587c54038c5c2d45365b294e55ed18517c71ffcc41abb1be967ff6a5ab7cef31eba504bee05efab3cd5025e97fedb6b82f305ef6ef0b82","ssdeep":"","tlshash":"bfd05eb5a95c943f6a3a060ebd39cfdc783e25b255a93d04ee3c36b58535e97004ace0","size":271,"data":"","first_seen":"2023-03-07T12:12:02Z","last_seen":"2026-06-06T23:39:18.91582Z","times_seen":1109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/plugins/jqueryui/js/jquery-ui.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01b00dc27e3831f4f8093fc111890e6e","sha1":"b9b8f114c58d3ea37f75216550a0f6c5022885f9","sha256":"45b30930d5752603cdff2d24aa942b5bbae3168f62e74e092cd9405ff10127f7","sha512":"eedee6ecfc17cf804088b0d5f5d7ae995ce0cccacd0d91bc7eebb0f53e26c9bd0d3010a971acd855d2b4f803d8951d87a11c978463a2760e1e19017b931d838e","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAo0MY:uNdIVWjNS9cdzAo0MY","tlshash":"6f44084d72403a3295dfa1a5103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","size":262502,"data":"","first_seen":"2023-09-22T15:52:32Z","last_seen":"2026-06-08T02:15:24.320628Z","times_seen":1699,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/jquery.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"82229fca667f868f77759d78edaaecaf","sha1":"12f2612174d39a99b21379af57b5374ab4efdb55","sha256":"5641ed21773230a8110279658abac57bb5b4abc7bf4091946c5e61e8f0021f55","sha512":"c5f584e0aef951de09031dc54d381b534a32ffc6480420a4af369a6f0c50bad2cfd6d5743982cc498030abdfdb78ff772b710bce8b843305e4bf6e533c936594","ssdeep":"1536:jZAjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvz:iYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"209308ddb2c6702257a721ba007f510bf236199d6c4d8450f129e8e9bc78a4e827bf7d","size":90926,"data":"","first_seen":"2023-03-07T12:08:25Z","last_seen":"2026-06-07T19:00:59.923055Z","times_seen":2554,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"28c7261d616297162c3868ea05228d53","sha1":"fa36a801b153d3c7ff477ade94ae158f28b1d613","sha256":"da2616f64c1243ce9f263e16a9c271259a109601eb67fbfb915140adec0c82d3","sha512":"8a6986259c713e8e07cd639ea6f27ec14f608c9e749a0f5e5709a53e6ec6c266a7bbfa8830335dff9caa6b11b2e54e2906d9a7bf4a042c77c9d9f81edefcedff","ssdeep":"","tlshash":"c341c59639028f3b06a60ac535cf71861bec436b21641d89fd9ed11c2f85b3297e31f8","size":2137,"data":"","first_seen":"2026-03-14T12:34:43.338982Z","last_seen":"2026-03-14T12:34:43.338982Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/jstz.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5ee3ce2023c717fff34cfe5d3b82599","sha1":"36f532887c2bf6bc7bdd06e68e96eafe2051a5f7","sha256":"716ece8deb8412f7ec95ab395c92f6515bb8d8b792fd7480c014cdc6f063452a","sha512":"71a59366516e9d2142bdfaaf6ea3de1b8cec832f15cd8cbb7a3cd22870715544dea0df6f8a5211a73682f856a0d0089163708b0306c27c787a058c4a3e3587d7","ssdeep":"384:r+PkZoDTmE6BZTvHWKGVa3v1NH9kaIvrHgrz:r+8ZoQ+RV4fkRDm","tlshash":"0c52a3df152c90bb06a556f93c09fb85ac1ed418ac8adfc12ab5f1a924d0cd7bfe0548","size":13835,"data":"","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-06-07T23:30:38.828992Z","times_seen":3302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/app.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ee9b6e742b5827482293efef9c3169e4","sha1":"285910429e91990bb62b15507767542382fb1621","sha256":"46bf631919d8c1f7654f17ce915f8d5ceed5573283a272d72f055a7f10e473ed","sha512":"ceee987e7feec6f0a96dbb00127fe1fc5bffe2bf62b5ba9ae6df36008272ce9fecb9d21b477f11f1c0e8509f737205b378670fd22f60548d77a2416fbbbd3543","ssdeep":"3072:rMpaZOj29X13C0wHYdTxXgz1HVSF3D9hi:rMpaZOqj3CPHYdTxXgz1VSFD+","tlshash":"fdf3d69a32a4ed2105e79763746f31016133b609e804980db96cd9eb4e78f4a3367f7e","size":171803,"data":"","first_seen":"2025-12-16T08:07:51.191722Z","last_seen":"2026-06-07T12:12:36.968977Z","times_seen":186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/ui.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"94fb4229e588ef68534606fa89ce88dd","sha1":"8499141536f46de95f87517d3e33267ca581ebdb","sha256":"9330f7d58c98a24ba9b77d03fc17ca836eaeb7954aefe3ddb1cf897eec4d0f9b","sha512":"3c542238e920fa36eff04dc394722ea829a05e91d54cabce1fabe5d229034752a1fa76da4b45f7a3c81ef73c6a75abe8c71106994874262e559214abcf03080b","ssdeep":"768:yOyiEHYQp49PXugVy/S5ra01ujdFxRb6tp3S1gVYwAHkfa1hkRZdjW3v58ipzpp6:Ti2js/SbCdFLyVq12ZxW3+J","tlshash":"a053b5ec726135b612bf226720afe10661334569cd119840b26d94ea1efce8532b7f7f","size":61312,"data":"","first_seen":"2025-02-13T23:56:52.992243Z","last_seen":"2026-06-07T19:00:59.943682Z","times_seen":806,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/deps/bootstrap.bundle.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3fb9784331ba8d606ca6e0877b9466a3","sha1":"2c8dde7ea3cee76f061c06bb64f9f00497f893f3","sha256":"19b51730c10082760e6d9b82c1342e60855f98d2666c64e4eb758d26b1a0c840","sha512":"a34c44d07455be21ca911be580524a6dc5c4d4cb91f46030c26c4d258ae9a46334e65a27a57aeb987c1801238919e6ffac280bbb5542899a8956c5577e7f0c40","ssdeep":"768:du/iPy7+zZHVPVBNpwV7BTUB6/YLF/fB+4ed4MMAja+t+QnXLb1+uaR+orWieOJ9:deiayUYLZ83dPD3GAP6f2jX+i/QB","tlshash":"8a83834972a0b472069f61a6807b4a0bf2372c5da107b01cbad9d4ed1f7cd893167f7a","size":84104,"data":"","first_seen":"2023-03-07T12:08:25Z","last_seen":"2026-06-08T16:28:45.070143Z","times_seen":2714,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d0c5b963f8165f56493874746adedf97","sha1":"e09c78d91814eebbd23a7080b6e90e06f4c84de1","sha256":"1a1f1580c0b8e2a2101cf9e01c596bcee15c2e38657b69ec8bd9ee4a526fd168","sha512":"eef06f1b999cf008c8ef5957c5b2961d9e664deca82f96e0a2a4438772046ce2f181af3cc0a2764a4fc3a74f2ee50052b3dcc2c5137d92dd447ef9ef2858e56f","ssdeep":"","tlshash":"9580008cb88f38320032302c22fb808cbc3b20803e3a300002cc00c30f22bbc322282e","size":35,"data":"","first_seen":"2023-03-07T12:03:00Z","last_seen":"2026-06-06T23:39:18.917744Z","times_seen":2273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/fonts/fa-solid-900.woff2","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.984Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/fonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/skins/elastic/styles/styles.min.css?s=1771934064\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:20 GMT\r\ncontent-type: font/woff2\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=81dJZ%2BnHDERK5z85TZrfFaFQCGeBPgftW3z0NDjoTWcl95r6edh%2F9KuvBo0BwVBhXqQ%2F8DV%2BhqahN9turPNKSkVcptlv4FJlA4472z67hXoLOmvXhpPvAzok\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\netag: W/\"126b0-64b908c733c00-gzip\"\r\ncf-ray: 9dc34fdaed8f51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75440,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 75440, version 329.-1049","md5":"b5cf8ae26748570d8fb95a47f46b69e1","sha1":"07bed153d47f9129a944ee54dd72952deed074c8","sha256":"cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0","sha512":"f08b9289695cf530094f076b2df4d2b0e1a1daedd00190d123b4179b2c1a1b5e8b2bb988d86fc6dc9eee117d88a58dd5b6dfe7689586c17068f5d2da01904d76","ssdeep":"1536:1Zq/f5ldhNurIqp+jqNT5Fm653lqWppat1Wa4W8TeodjxNrqM:1kvdS7ppFm6JhpgkrW6bGM","tlshash":"6f73028e1719f192f5d6cd177edc20be38f1a7121008f839e2eda6dd5085ab639a3825","first_seen":"2023-04-05T08:48:24Z","last_seen":"2026-06-08T20:52:26.10452Z","times_seen":21799,"resource_available":false,"data":null}},"time_used":499,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":311,"receive":188,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/images/favicon.ico?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:20.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/images/favicon.ico?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:20 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 1693\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"423e-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mvNgLGZjvjCiqKRHx4tpHi4QVLyWy5mtFRceJ8Ovgup1dLZBViNVIlv0bGKzjYThLb2h%2F9DiA4Bwz%2BJwdVWEc96rxpfXy0nOfxsXpdemIBSKneO%2BmInQ0hU0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fdc69a651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16958,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"924a68d347c80d0e502157e83812bb23","sha1":"1622a7caa5a0cfa28a96cf10043d6e7b63b491e3","sha256":"7b30e499996ec4631848d3509d803d9311f5d71999212f2f4c1ca7af8f24eb69","sha512":"f366ac7f1b54471f7222d5425bbb08da8ea971f175fe96d1b551020cf85184f2e76bb49d270c711cf6f7937d809d6446cf5e2c0e4f4c2baadb5925eb97ef146b","ssdeep":"48:hJzQ0zzz0TzzzzicUzzzzzzqzzzzzzzzhzzzzzzzzzz3zzzzzzzzzzzVzzzzzzzg:hxjDtJo/S5Pb","tlshash":"2d7268443bbfb848f1ed56f2af41b71011212c7a42e41786aa91ab2957223d3bf3c84c","first_seen":"2023-04-21T21:19:20Z","last_seen":"2026-06-08T20:50:28.569125Z","times_seen":1813,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":314,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-14T12:34:18.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nx-powered-by: PHP/8.3.30\r\nexpires: Sat, 14 Mar 2026 12:34:19 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nx-frame-options: sameorigin\r\ncontent-language: en\r\nset-cookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1; path=/; secure; HttpOnly\r\nlast-modified: Sat, 14 Mar 2026 12:34:19 GMT\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kK0Z3aNK4iUIGyyPM9YfAWb9bF87RcNd0Qxe5XGyVto6CcGVHDCWKBkL%2BWCCIl5n574ChuX0aBFFGy5gj%2BLYnSLPbh6Lezp4OuiCSB7htgnejNYVsus14%2FAD\"}]}\r\nx-robots-tag: noindex, nofollow\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dc34fd3092df3c7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"RoundCube","description":"RoundCube is free and open-source web-based IMAP email client.","website":"https://roundcube.net","common_platform_enumeration":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","icon":"RoundCube.png","categories":["Webmail"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:8.3.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}],"data":{"size":5326,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (841)","md5":"95488668fbf4c840a807992b755c8517","sha1":"310adf0e42d8e1cf011579105349b998a0ead883","sha256":"8f02b3e557d9f71abf5738434a0ed31de9843c233aed457583739f6a96524ba7","sha512":"b5e20b12f49fc15860665df21d8bcce1fc4dfb9a43ff986091cfeae0407bb1ba20665533995653f340fe9a05e2bcfc56b9453eec2fe886a8f15f1b13503736af","ssdeep":"96:zUHP9G0AUtENUJoZ0P1wNDGFA1OMJgkvsa/5tUfRz:4HP9KU6KJoSP1wNDGFAoMJg9MtUfRz","tlshash":"b8b1b7923c05cf37036200d8b8caf58c55fc8229e650ac58f8fd926e5f64fa845a27b4","first_seen":"2026-03-14T12:34:43.329264Z","last_seen":"2026-03-14T12:34:43.329264Z","times_seen":1,"resource_available":false,"data":null}},"time_used":524,"timings":{"blocked":51,"dns":19,"connect":8,"send":0,"wait":422,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/styles/styles.min.css?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/styles/styles.min.css?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: text/css\r\ncontent-length: 22377\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"1da97-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZUmw5PA71MxePP8q1yU7gg1bIO8crLQNRwsciXH7poxsE0JfZP5N5RKbYf0DqhXC89hYT%2Bv7HYrNIardSWQfgJIHmhBtZgsEUXet1t%2ByCxVvGuTBiWl3HWak\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6dc8f51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":121495,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e0b16bf42bd71951f3c7f1d188833714","sha1":"7ce8a20a878323376dad505bf3de8b11418a2ba5","sha256":"9ba91b5750e5ed8d4f139279879d2f4486974315ea204de05adde69f0728d5df","sha512":"0664a41d64ed501f5a90efc57e5a4e264d9f5cd37b9f4a17dbb9d4cce94f89bad118b851689f50c4cf53404a1e8d326b3ee52b9161f129b8d016bbbeb085a24f","ssdeep":"1536:XHT+N/E06N+L4tS9WHc7QzujA8SgWFPaT9kmCI:XH6N/E06N+L4yqc7QzY9kmCI","tlshash":"c0c3c5b6e06839ad3733c2177ac4bb98a25ed1a0c4517e7af52b728d85ca21c3173f15","first_seen":"2025-07-14T13:41:26.416247Z","last_seen":"2026-06-07T19:00:59.945721Z","times_seen":1022,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/plugins/jqueryui/themes/elastic/jquery-ui.min.css?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /plugins/jqueryui/themes/elastic/jquery-ui.min.css?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: text/css\r\ncontent-length: 7377\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"727d-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hQ8zLipyd5dIsrDaajDVWeeZukOVotE5346Y2qFhyeTmR8dxWl08OQ8mFExl53hEkP2QAosbqoodFy1w4o3HRM0V9bawTHQ2wOylGYKv%2B25VOuJBGF3FZupj\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6ec9451e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29309,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (26371)","md5":"7e848d774e13122792027c11b994c19c","sha1":"276df81de919d3614fbb970a6dbdbb7a0570e40c","sha256":"aad541bcbd68b5ea0300c91b804637a2706e983a46d93546b109e6f322869107","sha512":"9e277ee3e4af841c5e6c82df943ff2ed33b4cbc47d3573b8990b3ccc24a9a5a5878e3b42896836bbb356d4107b728d9c0da3d5e73cb42d66e1891d9e60f097a5","ssdeep":"384:OCwiEt7/rpc5CN14/1ejUEzy9pDFkM7nfPBV5T:tlEtTN14EUEzQpDhBVB","tlshash":"65d23230a5c2243dfe33d23061e15ef4523ac246dda61fbda09af65953ea8e4c47b871","first_seen":"2023-11-08T04:46:40Z","last_seen":"2026-06-08T02:15:24.317156Z","times_seen":1586,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":336,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/app.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /program/js/app.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 48052\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"29f1b-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2ByL7R8RNONsTnUfrH3qyckftHpaWm1ETzMc9BepCDb4aJDeuS53mGYpOFrVhLuqUWavNSWrYRQctGaASCePWAucWmvKERwKR54Ws9xMo6ZuMalLyJxfLV7lY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6fcc251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":171803,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (64152)","md5":"ee9b6e742b5827482293efef9c3169e4","sha1":"285910429e91990bb62b15507767542382fb1621","sha256":"46bf631919d8c1f7654f17ce915f8d5ceed5573283a272d72f055a7f10e473ed","sha512":"ceee987e7feec6f0a96dbb00127fe1fc5bffe2bf62b5ba9ae6df36008272ce9fecb9d21b477f11f1c0e8509f737205b378670fd22f60548d77a2416fbbbd3543","ssdeep":"3072:rMpaZOj29X13C0wHYdTxXgz1HVSF3D9hi:rMpaZOqj3CPHYdTxXgz1VSFD+","tlshash":"fdf3d69a32a4ed2105e79763746f31016133b609e804980db96cd9eb4e78f4a3367f7e","first_seen":"2025-12-16T08:07:51.191722Z","last_seen":"2026-06-07T12:12:36.968977Z","times_seen":186,"resource_available":true,"data":null}},"time_used":483,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":343,"receive":140,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/jquery.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /program/js/jquery.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 31705\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"1632e-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SqpshXxyU8dpEMp5SHMfBa6%2B%2BPsdxZDdnTyUqURoQg4QwbZG%2BXUISbxTgSexXBlBHjyGm4pocDD745oOQaPC%2FjCDi4egTeZ9lOFboZ6itNJtsrzd0WEwplPu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6eca751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":90926,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (64001)","md5":"82229fca667f868f77759d78edaaecaf","sha1":"12f2612174d39a99b21379af57b5374ab4efdb55","sha256":"5641ed21773230a8110279658abac57bb5b4abc7bf4091946c5e61e8f0021f55","sha512":"c5f584e0aef951de09031dc54d381b534a32ffc6480420a4af369a6f0c50bad2cfd6d5743982cc498030abdfdb78ff772b710bce8b843305e4bf6e533c936594","ssdeep":"1536:jZAjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvz:iYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"209308ddb2c6702257a721ba007f510bf236199d6c4d8450f129e8e9bc78a4e827bf7d","first_seen":"2023-03-07T12:08:25Z","last_seen":"2026-06-07T19:00:59.923055Z","times_seen":2554,"resource_available":true,"data":null}},"time_used":448,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/fonts/roboto-v29-regular.woff2","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/fonts/roboto-v29-regular.woff2 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/skins/elastic/styles/styles.min.css?s=1771934064\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:20 GMT\r\ncontent-type: font/woff2\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yzIkLVKpxWKcIBoVkDlno6G5Q3%2BQgS%2Fa1fAFgH39UmNiDxNe8yJ7TnRQkEg7rceddRylUi97MiJ9JCfHL0Nl3fONyhEUf5AEb7qnCx1EmnnH%2BwDtV4Xzn6cy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\netag: W/\"c440-64b908c733c00-gzip\"\r\ncf-ray: 9dc34fdadd6e51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50240,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50240, version 1.0","md5":"184a2a669cf798f8d80bcfba041c3ecf","sha1":"b8dbbf83b27b5e4f5588f997685b2ccfecf97ff6","sha256":"659a8dee04b272c247129ff6513d23c16f4f9c183b5d64e7347815af8861a2a4","sha512":"c882dfc93fe0b07584a21a24b9e89ef8b3b6ce3e07d3f1b822f750a18aff353997cddf11c711aefe90861787068d7e281d23c8cfd5299b883122ad74f3dfa8ec","ssdeep":"768:6bJwA9k86TOHxuA86y3RmDLiszi9Y8Z6TDeNKOVVJL/OaQ+yZ0POddMC198qBhDH:ye/86qubk3zdv9IVJ5Q+U0QBd22","tlshash":"f93301f201bbbff4e44c17b7e202f4260f0d266d8a8e299e504e8afd157c5a1057b92c","first_seen":"2023-04-19T10:40:33Z","last_seen":"2026-06-08T16:42:14.001816Z","times_seen":2846,"resource_available":false,"data":null}},"time_used":502,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":322,"receive":179,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/deps/bootstrap.min.css?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/deps/bootstrap.min.css?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: text/css\r\ncontent-length: 23877\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"2725b-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kmWBpO%2BZ7f4MD9R%2FGlforBMQfnoKFvxV4y4gtkqA4odR2js8cy47fQRhIAhCiVpCzrFsr5RMcB23OVaD%2Fzx%2F4NKFqZDZ9KJO%2FGU5Cvp%2FLBAdHCPZoOIlisAW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6dc8b51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":160347,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65326)","md5":"c19c75612682a6fa2491c27dee895acc","sha1":"7344d84f61735eb9653b729e71d81b3431ad803c","sha256":"3cb5b7ae5053d743996378c35733560214d3d896ade5c0de0d8b13a97f43039e","sha512":"5874fc8a3fc032eda3dec8e11b0468b33788349149facf00d67daa9e9cf4699304758fde421e29ea597fb01da228d8465f85a70462ca920325a0fab2d58a6943","ssdeep":"1536:kw7CIJ0T+r+ryEIA1pDEBi8yNcuSEIA1/uypq3SYiLENM6HN26s:H7VKGGq3SYiLENM6HN26s","tlshash":"97f353a6f5a0312de4a7c61964d0bafd152f8245d7224bfbf8273b6447892c70a73e4c","first_seen":"2023-04-06T22:58:11Z","last_seen":"2026-06-08T16:28:45.053428Z","times_seen":2936,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":342,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/common.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /program/js/common.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 4859\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"31c9-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vYVHdwxoxeDzhvrle28uyjArZKBnYVRQRAZ5ZjqrQ%2ByW1ngO7UBelmzT%2BT0PSZSImR%2BTCbZxMGVWIHStCmoAPV3cwf%2BsnCpoG2FfH6965NHTua72pKAsGr9D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6ecb851e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12745,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11609)","md5":"01066f1cc46b059ad28b87558bacc03f","sha1":"91ccde7be0285350041d941354bfff69ed55f169","sha256":"e452689c329fe371a98239d4620cde8fde1405261fe866d43089206377752752","sha512":"f3840b1cf2d7d56f7ccef81a1b13d4803753770b87210630aba0b7770b2785811e5c3f5f05c59b2e952899b6deecb257d9b3a03a95a17afa9938597097146394","ssdeep":"192:KB5Inw2doswR6NATbL+Ies8VkVLWitRBDYJ1+1tjUKLd+g1FyT6ks4/:KBenw2doswRoA/6IeVVunYJ16t51qn9/","tlshash":"99422acf3295647102696aa7267b028fb13685b86c7710bcf664cce4bc28c59552fff8","first_seen":"2025-02-13T23:56:52.984601Z","last_seen":"2026-06-07T19:00:59.929262Z","times_seen":1262,"resource_available":true,"data":null}},"time_used":348,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":348,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/images/logo.svg?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/images/logo.svg?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 395\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"378-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vQDcciZ8T%2B3DO2uobOGSqq2ETzE9HksKojx9JJTyCTMAlRhEB1qzjnlRlwLxn1587rc2rYTSS14OVU7Pt4DQ%2FbX4i1O3o%2FOwa7DhYbZVh3GB5IsLo88dGlGc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6fcd651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":888,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ddeffd34eae92b1b9b9c636636e4b9c8","sha1":"19cb881a5d08d31db933da6440595767d0a02d94","sha256":"2b2d9c7a82f92976268b03e13c61f64ead91a3c63b97c59cef2acbf501f67618","sha512":"a3807dbcbdc74972c7b028261e625edb1eec8f6b31969d6718a46d0402a1b261820f8060f760c9249f88b51076174b53628d152c4c75eeb2c5a3db6c16348f5b","ssdeep":"","tlshash":"f011cc5e56d4a69c440902ffefbe62d231b3a4efc20040a980f1ef30a9149342882af8","first_seen":"2023-05-02T14:07:32Z","last_seen":"2026-06-08T06:46:00.687825Z","times_seen":2691,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/deps/bootstrap.bundle.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/deps/bootstrap.bundle.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 21767\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"14888-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=spZrupzvrj6NLd9kDs8wA5i%2FOevQ6qsvNi5UYDNLDrv92MZC6Q0zkgayf6Cc462M2vTgYFNgY3XLmWff84raL%2Bo1gSZkIFSCH54HOxYeHTw8iswgb%2BXY6huQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6fcda51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84104,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"3fb9784331ba8d606ca6e0877b9466a3","sha1":"2c8dde7ea3cee76f061c06bb64f9f00497f893f3","sha256":"19b51730c10082760e6d9b82c1342e60855f98d2666c64e4eb758d26b1a0c840","sha512":"a34c44d07455be21ca911be580524a6dc5c4d4cb91f46030c26c4d258ae9a46334e65a27a57aeb987c1801238919e6ffac280bbb5542899a8956c5577e7f0c40","ssdeep":"768:du/iPy7+zZHVPVBNpwV7BTUB6/YLF/fB+4ed4MMAja+t+QnXLb1+uaR+orWieOJ9:deiayUYLZ83dPD3GAP6f2jX+i/QB","tlshash":"8a83834972a0b472069f61a6807b4a0bf2372c5da107b01cbad9d4ed1f7cd893167f7a","first_seen":"2023-03-07T12:08:25Z","last_seen":"2026-06-08T16:28:45.070143Z","times_seen":2714,"resource_available":true,"data":null}},"time_used":420,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/fonts/roboto-v29-regular.woff2","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:20.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/fonts/roboto-v29-regular.woff2 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/skins/elastic/styles/styles.min.css?s=1771934064\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:20 GMT\r\ncontent-type: font/woff2\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B6M%2BRRI2UT4RnAie5qZpw49B3JiGgiu2OVck1419Hj6%2FN68P7T4Fad%2FOOQa6TCPREWCnP4Rs5YFujLKrhgNOlpUxxUVGGnj81ZTnqLAvuFPreU6xdYknrGeY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-robots-tag: noindex, nofollow\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\netag: W/\"c440-64b908c733c00-gzip\"\r\ncf-ray: 9dc34fdcca9951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50240,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50240, version 1.0","md5":"184a2a669cf798f8d80bcfba041c3ecf","sha1":"b8dbbf83b27b5e4f5588f997685b2ccfecf97ff6","sha256":"659a8dee04b272c247129ff6513d23c16f4f9c183b5d64e7347815af8861a2a4","sha512":"c882dfc93fe0b07584a21a24b9e89ef8b3b6ce3e07d3f1b822f750a18aff353997cddf11c711aefe90861787068d7e281d23c8cfd5299b883122ad74f3dfa8ec","ssdeep":"768:6bJwA9k86TOHxuA86y3RmDLiszi9Y8Z6TDeNKOVVJL/OaQ+yZ0POddMC198qBhDH:ye/86qubk3zdv9IVJ5Q+U0QBd22","tlshash":"f93301f201bbbff4e44c17b7e202f4260f0d266d8a8e299e504e8afd157c5a1057b92c","first_seen":"2023-04-19T10:40:33Z","last_seen":"2026-06-08T16:42:14.001816Z","times_seen":2846,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":178,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/program/js/jstz.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /program/js/jstz.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 5013\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"360b-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NupN3Cyin3Am9wshqlV%2Bdze7%2FMQJ7hHcZTKP0R2RmxVWrEVU6oQUD6rExMe5eOunl4WRpZ0Q8BCAb%2BJEtbc1tdMZ1XyDpvPid2h9JyqXaI3R%2B9E0O%2Bd8ekyt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6fcc851e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13835,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12309)","md5":"b5ee3ce2023c717fff34cfe5d3b82599","sha1":"36f532887c2bf6bc7bdd06e68e96eafe2051a5f7","sha256":"716ece8deb8412f7ec95ab395c92f6515bb8d8b792fd7480c014cdc6f063452a","sha512":"71a59366516e9d2142bdfaaf6ea3de1b8cec832f15cd8cbb7a3cd22870715544dea0df6f8a5211a73682f856a0d0089163708b0306c27c787a058c4a3e3587d7","ssdeep":"384:r+PkZoDTmE6BZTvHWKGVa3v1NH9kaIvrHgrz:r+8ZoQ+RV4fkRDm","tlshash":"0c52a3df152c90bb06a556f93c09fb85ac1ed418ac8adfc12ab5f1a924d0cd7bfe0548","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-06-07T23:30:38.828992Z","times_seen":3302,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/plugins/jqueryui/js/jquery-ui.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /plugins/jqueryui/js/jquery-ui.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"40166-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XULOxke0I39bv43EO7AmTpibxng3tC7gs6cpyVSa6rkjOs%2FEJ9lMeywDlWaDIqksp4v%2BNlO0NOiB7P3%2BH9AAvFXpBRgWkZvXhbFeNt%2Fi6Pr1Ecrw%2BxCtktWc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6fcca51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":262502,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64399)","md5":"01b00dc27e3831f4f8093fc111890e6e","sha1":"b9b8f114c58d3ea37f75216550a0f6c5022885f9","sha256":"45b30930d5752603cdff2d24aa942b5bbae3168f62e74e092cd9405ff10127f7","sha512":"eedee6ecfc17cf804088b0d5f5d7ae995ce0cccacd0d91bc7eebb0f53e26c9bd0d3010a971acd855d2b4f803d8951d87a11c978463a2760e1e19017b931d838e","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAo0MY:uNdIVWjNS9cdzAo0MY","tlshash":"6f44084d72403a3295dfa1a5103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","first_seen":"2023-09-22T15:52:32Z","last_seen":"2026-06-08T02:15:24.320628Z","times_seen":1699,"resource_available":true,"data":null}},"time_used":527,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":348,"receive":179,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.456558coinbase.com/skins/elastic/ui.min.js?s=1771934064","fqdn":"webmail.456558coinbase.com","domain":"456558coinbase.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail.456558coinbase.com/","date":"2026-03-14T12:34:19.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"456558coinbase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 16:02:30 GMT","end":"Thu, 04 Jun 2026 16:02:29 GMT"},"fingerprint":{"sha1":"BF:30:85:7A:13:15:6F:34:A0:CF:A0:28:62:48:52:61:86:13:60:15","sha256":"93:8E:4C:64:06:5F:E1:AA:FA:13:2D:83:01:00:D1:B0:F0:9E:CE:3E:88:66:EA:2F:ED:99:07:40:30:93:F7:3F"}}},"request":{"raw":"GET /skins/elastic/ui.min.js?s=1771934064 HTTP/1.1\r\nHost: webmail.456558coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.456558coinbase.com/\r\nCookie: roundcube_sessid=ehv8pmjk83bm95e0rsfdtvb5a1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Mar 2026 12:34:19 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 19678\r\nserver: cloudflare\r\nlast-modified: Tue, 24 Feb 2026 11:54:24 GMT\r\netag: \"ef80-64b908c733c00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-robots-tag: noindex, nofollow\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V4w2D82ZVFa9WXD75wFuHfF5S%2FWujp1JYEXYf3EG9CyYeClL3Iws7Fb%2FGd%2Bx5UL43Tc8AGbiXJE%2FUHvA0X56rKeLCbkXKZeslXlTnGpat1gV7pU1hZDGsSeC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dc34fd6fce051e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61312,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (60824)","md5":"94fb4229e588ef68534606fa89ce88dd","sha1":"8499141536f46de95f87517d3e33267ca581ebdb","sha256":"9330f7d58c98a24ba9b77d03fc17ca836eaeb7954aefe3ddb1cf897eec4d0f9b","sha512":"3c542238e920fa36eff04dc394722ea829a05e91d54cabce1fabe5d229034752a1fa76da4b45f7a3c81ef73c6a75abe8c71106994874262e559214abcf03080b","ssdeep":"768:yOyiEHYQp49PXugVy/S5ra01ujdFxRb6tp3S1gVYwAHkfa1hkRZdjW3v58ipzpp6:Ti2js/SbCdFLyVq12ZxW3+J","tlshash":"a053b5ec726135b612bf226720afe10661334569cd119840b26d94ea1efce8532b7f7f","first_seen":"2025-02-13T23:56:52.992243Z","last_seen":"2026-06-07T19:00:59.943682Z","times_seen":806,"resource_available":true,"data":null}},"time_used":418,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":326,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"webmail.456558coinbase.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}