{"report_id":"db5fd0ee-ad9b-4a28-8d60-c41fb75d9b08","version":6,"status":"done","tags":[],"date":"2026-03-27T23:17:41Z","url":{"schema":"http","addr":"coinbase.com-clientid-567333ff44.xyz","fqdn":"coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":0,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"final":{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"title":"Coinbase – .","dom":{"size":25097,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11055)","md5":"e75c33d3cccd1a7d16c074efaa79ba07","sha1":"e030213e36b45ec0abd9c47a9cc3dfea0562c905","sha256":"5467570bbc7f58d2fbb0d3369dc5fffa84e2ef1026aece863c72803f93c1c7ef","sha512":"da5b97c57bc5ef08cb2dcd03a64b861dd3f7ab3ffc6993bee7bb56483e8c6fafa27b59427fd1a25e44339b072a481b03d9e003e760fd7a1a4c2a3e40d9ea8784","ssdeep":"384:fjWr/ZdSZUaAIkWAgGp+JnknveJ14lFZ2TwaLuLE0sl9SE:rGZdypjDu+hqveJieuo0sCE","tlshash":"edb20a72a1b510963b6e97fdc1e1f329e95c99129a42fb7a70fd30188a54af700b330d","dom_hash":"domhash574d46425312200537c793d2b5e1c7bd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"coinbase.com-clientid-567333ff44.xyz","fqdn":"coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":0,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-01T23:17:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"coinbase.com-clientid-567333ff44.xyz","ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2026-03-27","domain_rank":0,"first_seen":"2026-03-27T23:17:42.103337Z","last_seen":"2026-03-27T23:17:42.103337Z","alert_count":3,"request_count":1,"received_data":25490,"sent_data":505,"comment":"","tags":null,"fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-22T22:20:05.651051Z","alert_count":0,"request_count":1,"received_data":36770,"sent_data":527,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.coinbase.com-clientid-567333ff44.xyz","ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2026-03-27","domain_rank":0,"first_seen":"2026-03-27T23:17:42.101872Z","last_seen":"2026-03-27T23:17:42.101872Z","alert_count":42,"request_count":14,"received_data":359972,"sent_data":7393,"comment":"","tags":null,"fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"use.fontawesome.com","ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":6983,"first_seen":"2017-01-30T04:43:25Z","last_seen":"2026-03-23T00:22:53.0388Z","alert_count":0,"request_count":2,"received_data":98346,"sent_data":1063,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/wp-emoji-loader.min.js","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7dcee605bd7953d8d61c774715aeee3e","sha1":"1e03d2c1c455a1207712551745daa35f2fb2ff8b","sha256":"57f12b915cf9a24d5ccbb7660cbb7f6a96ca6837c566355351ff4cc6bd359248","sha512":"eed483763797669fc9fdb2033a3e058358dac49bdbca70cfc08889d1ddfee25a3a0ea8e5c3a6b86c5ae3ad10fb74be7def8cafa54dbe1767bc900e93b7ab9f60","ssdeep":"","tlshash":"0b61b79ae7763cdbb2f900f2697a4e47eb614435d6c8d038c9bda3141cb5893c274a46","size":3227,"data":"","first_seen":"2026-03-27T23:17:46.215382Z","last_seen":"2026-03-27T23:28:38.326816Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/plugins/form-maker/booster/assets/js/global.js?ver=1.0.0","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"0acd85d22ed4596bd15b48234d4bae31","sha1":"8e87508aa264feeceadb5ceca1907401d8f64ed6","sha256":"d23633501bdcbc8d5572aa7e61b69fb39fabb4656dcc9e4bfb665d5d112da13f","sha512":"58ede0bc5dfa84dff7b1e1f1618beb8eb27f29cea021fd1947940badb31a5300fc343ccae67d5e2bf33caf9d361d0e92969d8d11fd564e02f3ddfe94ca438ded","ssdeep":"192:WrnMxcLdjIz3Zp4zB5BQn6nAZR2vcE7UiVKRbGZ2JQMgDgcWizkpg6yNXCawfuJo:Wrp43Zp4zB5BQ6UR3LiVebGZqgD6iLX4","tlshash":"d912f09d2c9205f2817b1490f23fb22033526927fa8e8d003f9dd1f46f675a056b2a5e","size":9451,"data":"","first_seen":"2023-03-08T16:45:52Z","last_seen":"2026-04-10T14:04:52.08558Z","times_seen":1472,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/plugins/form-maker/booster/assets/js/circle-progress.js?ver=1.2.2","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"3fb461c1b082f494c9e0eaaafcf8bd72","sha1":"55ff6230e8ec9d8c5b38657707d2f0bf5605ba0f","sha256":"3e6e949591faad693c28eed80090b54c666ddb12dbb20af284acedb9f3b70834","sha512":"f2d1e1bcd204c098b0eb0403095a1bee10abc1f1022a49e6b5901d3fc25da99710e8e1007f569a12b240cd300be6d418adcac93a1a92d8fde5680bb0938f9ee6","ssdeep":"384:REuDKgwblE9ka3S5zl8l69pfJY3s7mmom9v:HKRy9I7zfW3ommom9v","tlshash":"3a62515a5ef705a39417d839479f2181eb62520f6a1aad9c3c6c52b80f58b3103bebf4","size":15370,"data":"","first_seen":"2023-03-07T01:36:38Z","last_seen":"2026-04-10T18:36:36.572848Z","times_seen":3629,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-10T19:55:44.436675Z","times_seen":652996,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-10T19:55:48.696538Z","times_seen":701349,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"e0a792af61959df608d13c00f10f9278","sha1":"3709d49d66abc53966cd219000f2197bd43a1945","sha256":"617485ef7f219dd408ff87b7a7bee206680c05f79c84bd55aa99b07afd1ae2e7","sha512":"25f9d6c9d3b292076484c6acc44859952a0d42ca1b19ccde5c22a50728ccf9b3079897860730ed5b94ae37eaedc214c387ef838466ccd8897768eaf38ff268c3","ssdeep":"","tlshash":"51014cbb1da99ed112b03bddd0a0f37b485f456274c2fc566c1d84cc46002e23906246","size":673,"data":"","first_seen":"2026-03-27T23:17:46.218005Z","last_seen":"2026-03-27T23:28:38.325299Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/wp-emoji-release.min.js?ver=7b1911136e756ff265aa49c3d7923ba7","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","size":22762,"data":"","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-04-10T19:55:48.80866Z","times_seen":140838,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/twb-global-js-extra","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"031bf89834ba310dc8cf390805dfe3a9","sha1":"d31ca3b782fa784bb7f3742d9aa77d5550638f31","sha256":"a8a051d8505b9ebeae08aab33d6158862d2db403b9c9dbbb66c64db8e1f0e3aa","sha512":"bbd5a6efa335cbf0ae046d2fc3d48419b83ff750cdfbf745768854c293d8efd25516f75539df5e8a988fec7adf15a819b020b76f44f778d2091b1b3cbaaa4af9","ssdeep":"","tlshash":"8c014cbbdda99ed112b03bfdd0a0f37b485f4562f4c2fc566c1d84cc46002e23906246","size":740,"data":"","first_seen":"2026-03-27T23:17:46.220591Z","last_seen":"2026-03-27T23:28:38.326142Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/css/dist/block-library/style.min.css?ver=7b1911136e756ff265aa49c3d7923ba7","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-includes/css/dist/block-library/style.min.css?ver=7b1911136e756ff265aa49c3d7923ba7 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 29 Jan 2026 21:37:52 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119358,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55871)","md5":"b592e353685f2eabaf8f935e377a95a0","sha1":"30d4a0ff9561f9c96a0a29cce379dfbde9749a65","sha256":"3b44e208bba827e614cf1e36e639e3c7cfb849771fb17e99bb38e14022d30d16","sha512":"193686fe6c1766b540e311015484745ad2ceddb9ffc3f883ac3ae66f1d29e32bca94ba11d40f3d0f6689c306f7760ae167d8af73a22778aba93a772e076a9cd4","ssdeep":"3072:WoeJBCCUQg5MG7x+qehvP0xdclkWwbFpPu:CfUQg5MG7x+qehvP0xdclkWiF0","tlshash":"cfc3621417b4dcf935ffa73a5e4ee258a107aa41c68a67e6e066d190718ca490cf3f0f","first_seen":"2026-02-03T19:45:02.649878Z","last_seen":"2026-04-10T20:15:18.182902Z","times_seen":17738,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/plugins/widget-options/assets/css/widget-options.css?ver=4.2.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/plugins/widget-options/assets/css/widget-options.css?ver=4.2.1 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 19 Mar 2026 18:07:26 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2647,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"47c53c6ddea8675d3514d99fe66dd2e6","sha1":"d7cc91ad2d403ae8d09ffcb362e077188a4f0a80","sha256":"abb0f964c9209344eba89cb789ed800a211da042d8341fbe4144f254d16e0458","sha512":"21ba52c87ce6d6687e9bc844df7870b60d24f9120d594592f72472f044fa403694395ad83f6522837cf23f980421ba7f608a2b85668f80a3aa8907f73e38a9db","ssdeep":"","tlshash":"cc51240986526b074470e33987cbd3a5ee33615b1fca57b23dc86c94baea904512cee0","first_seen":"2023-08-02T13:55:58Z","last_seen":"2026-04-10T20:27:56.995412Z","times_seen":2469,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/themes/hello-biz/assets/css/theme.css?ver=1.2.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/themes/hello-biz/assets/css/theme.css?ver=1.2.1 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 19 Mar 2026 18:28:15 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":11616,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (11609)","md5":"7f7609d2c822e88a28487bdc7954c14e","sha1":"05b522bd0510c463182bc0e337fdb3cf4b107eb2","sha256":"58173a5b4149a6179aed984a28e8eb7d5f3574f3e6a309112f857310bea19dd8","sha512":"826446a1693629c98339e6c7e7b72efff6121ad68c6b244777bff3978f599406bf1622211066635633d47d48a55e1f325697aa30e8024e90e706b52bf80dee27","ssdeep":"192:vDFHoyHNuL86+hKZBG9HUXhz/a84yDhgGbMrM6cg78pwLUNFpqwc:LloyHM4GQ1aWnOTNFpqb","tlshash":"0932ca539ad0316c653bc6253ac17fc935255315c6234bf4eb269bb8c6cf6221e3278d","first_seen":"2025-09-22T16:24:49.078243Z","last_seen":"2026-04-10T14:04:52.080905Z","times_seen":431,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Mon, 28 Aug 2023 14:14:24 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-10T19:55:48.696538Z","times_seen":701349,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/plugins/form-maker/booster/assets/js/circle-progress.js?ver=1.2.2","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/plugins/form-maker/booster/assets/js/circle-progress.js?ver=1.2.2 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 20 Mar 2026 16:22:41 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15370,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"3fb461c1b082f494c9e0eaaafcf8bd72","sha1":"55ff6230e8ec9d8c5b38657707d2f0bf5605ba0f","sha256":"3e6e949591faad693c28eed80090b54c666ddb12dbb20af284acedb9f3b70834","sha512":"f2d1e1bcd204c098b0eb0403095a1bee10abc1f1022a49e6b5901d3fc25da99710e8e1007f569a12b240cd300be6d418adcac93a1a92d8fde5680bb0938f9ee6","ssdeep":"384:REuDKgwblE9ka3S5zl8l69pfJY3s7mmom9v:HKRy9I7zfW3ommom9v","tlshash":"3a62515a5ef705a39417d839479f2181eb62520f6a1aad9c3c6c52b80f58b3103bebf4","first_seen":"2023-03-07T01:36:38Z","last_seen":"2026-04-10T18:36:36.572848Z","times_seen":3629,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v7.2.0/css/v4-shims.css","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"use.fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 03:44:58 GMT","end":"Sun, 24 May 2026 04:44:53 GMT"},"fingerprint":{"sha1":"0C:5A:E2:01:10:8C:15:2B:47:73:4B:2D:0B:04:A9:CB:C4:D5:87:DE","sha256":"8A:BA:58:86:7D:78:23:12:27:76:D9:DA:25:26:4E:8B:3B:98:BF:CB:D1:33:A9:B0:4F:4C:17:B3:6C:58:38:24"}}},"request":{"raw":"GET /releases/v7.2.0/css/v4-shims.css HTTP/1.1\r\nHost: use.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.coinbase.com-clientid-567333ff44.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\nlast-modified: Thu, 05 Feb 2026 01:41:53 GMT\r\nvary: Origin\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xbiPo3FsYZV6qcFPAgltIurzsX%2Fw2JFwGpsJfoTZfRTHC5He5AJwvji100by93sSpRSyxMWoP844T9M54JUmP0ccY%2BhLlpxZdoQCCQQ1546gcfBe3VoMrZcFEDFNDbb4Tq2WKsBq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"a61a77866459681bd40d55d4728ef81c\"\r\ncontent-encoding: br\r\ncf-ray: 9e321ba7ca8b0883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21210,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (20991)","md5":"a61a77866459681bd40d55d4728ef81c","sha1":"1b6f8b56d6e2a99996757b6eecbd27c23de2213b","sha256":"8d5bc5d0334036785b129a072742987fa5be8f2198c122602e09ac9855342fa3","sha512":"3fedadbbb72071bdf0d70850f1a43a292c1486f6198134bc14f0211c16d48974d2dee3bf47be2c302f7d1dc453487000bb1158b96d6733329ca7b73d677861bc","ssdeep":"384:dXp6xAnfZduPleIl2u4f2PxHet0lzAm1eO:dZ6e0lr4f2PxHe7mb","tlshash":"a79238111b1c6093b0dc3c6bb4417ea42b76278919d64d91e3273c84aef789b32efb65","first_seen":"2026-02-19T08:46:51.486056Z","last_seen":"2026-04-10T19:17:33.119765Z","times_seen":40,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":20,"dns":2,"connect":4,"send":0,"wait":113,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 09 Jun 2023 02:49:24 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-10T19:55:44.436675Z","times_seen":652996,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coinbase.com-clientid-567333ff44.xyz/","fqdn":"coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T23:17:20.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nx-redirect-by: WordPress\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: EXPIRED\r\nx-server-powered-by: Engintron\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25102,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T19:55:54.878555Z","times_seen":13591856,"resource_available":true,"data":null}},"time_used":944,"timings":{"blocked":209,"dns":95,"connect":54,"send":0,"wait":525,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T23:17:20.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlink: \u003chttps://www.coinbase.com-clientid-567333ff44.xyz/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: HIT\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":25102,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (11055), with CRLF, LF line terminators","md5":"5fe5dbdade177e8c6b7689aec56f5037","sha1":"00e0bd83abea70df1c956806720058ffed7aeb7d","sha256":"659ce7cc8edae972c931f0eda134cef2d3a5e2bc29b8945867ce03f88bf874e1","sha512":"eb743472f6c2cc4bb75f3bddc16d57be7f39ba266c417851f36433612e44d0419306578ac70e3af8a290b59e4752874221cbc59858f636bf53d94054d95f2ce2","ssdeep":"384:voZQr/ZdSZUaAIkWCMgGp+JnknvDsUbCFZ2TwaLuLE0sl9SE:wZQZdypjCvu+hqvDsheuo0sCE","tlshash":"39b20a72e1b540a63b6e87fdc1e1b329f95899119b42f77a70f930184a549f710b370d","first_seen":"2026-03-27T23:17:46.201414Z","last_seen":"2026-03-27T23:28:38.312063Z","times_seen":2,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C500%2C600%2C700%2C800\u0026display=swap\u0026ver=6.9.4","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:40 GMT","end":"Mon, 01 Jun 2026 08:37:39 GMT"},"fingerprint":{"sha1":"5F:99:6E:26:2A:3A:DA:FF:7F:0D:EE:C5:8B:2A:01:AE:28:26:AD:C4","sha256":"2B:88:E7:79:70:E5:E9:DE:0E:A9:0A:B8:F1:F5:C6:D6:10:77:F0:C9:0F:E6:2A:13:A3:D6:08:F9:89:A3:60:E8"}}},"request":{"raw":"GET /css?family=Open+Sans%3A300%2C400%2C500%2C600%2C700%2C800\u0026display=swap\u0026ver=6.9.4 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 27 Mar 2026 23:17:21 GMT\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36084,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"cc2beaccab2e9c95cf050c32a2182303","sha1":"cae047a322b4b912cf9b7166b6f8b6271234c35b","sha256":"b4ad8b68013dccac7e87402537212362409cf01504b098a002882df404af891a","sha512":"84ee39c594a4ace0b05a38f75c104a9fc98b5903f19762037a47c38b73a4f19572b5e0b4aa4f1786ee42da51cb70bce60904af20c9e4f8873d125a59b867c1f0","ssdeep":"384:6SqqY49t5qY4tMgqY45f/qY45uOqY4VptqY46:l+6hnwYzFCuVh","tlshash":"a3f21ba000171850ab435de633ce7e34ee0f92666044d07a6bfd8b9bdedad6963b431d","first_seen":"2025-09-17T17:21:53.905298Z","last_seen":"2026-04-10T19:15:41.608134Z","times_seen":4222,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":203,"dns":1,"connect":25,"send":0,"wait":36,"receive":0,"ssl":177},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/plugins/form-maker/booster/assets/css/global.css?ver=1.0.0","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/plugins/form-maker/booster/assets/css/global.css?ver=1.0.0 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 20 Mar 2026 16:22:41 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":20797,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"d7ff7ecd9a9f7f9f789af10f702a8ed9","sha1":"d9d8e11f890ed8cb6e1d293546314cc2f03b415e","sha256":"e5b898918de54e6ae3c8d31379ada1e2105615bd0edfda0036ed70a09c32788f","sha512":"0c915060f37d03946fc9af1c8e43984385821a51aae977a1167a708b1656a4db6cff9bf64757c49ba2153959c1294bbd6c07583085265ecf28a16945ca2dd310","ssdeep":"384:isPx5yPIBYS49Am6YQ7/NTI3mAzr5LagWQL1fFZJTjpvjLR2L:iIBYT96YQ/NMWA35rL1fFZxjp4L","tlshash":"4f9221d26eba2e04757a88d57593f77263184403e44ecdbdbbf064bcbc8a196187334a","first_seen":"2023-04-06T15:11:57Z","last_seen":"2026-04-10T14:04:52.092289Z","times_seen":1114,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v7.2.0/css/all.css","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"172.67.142.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"use.fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 03:44:58 GMT","end":"Sun, 24 May 2026 04:44:53 GMT"},"fingerprint":{"sha1":"0C:5A:E2:01:10:8C:15:2B:47:73:4B:2D:0B:04:A9:CB:C4:D5:87:DE","sha256":"8A:BA:58:86:7D:78:23:12:27:76:D9:DA:25:26:4E:8B:3B:98:BF:CB:D1:33:A9:B0:4F:4C:17:B3:6C:58:38:24"}}},"request":{"raw":"GET /releases/v7.2.0/css/all.css HTTP/1.1\r\nHost: use.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.coinbase.com-clientid-567333ff44.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\nlast-modified: Thu, 05 Feb 2026 01:41:52 GMT\r\nvary: Origin\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rzpdxt8q0sbefXfnc%2FsB3cke1EExD3fgUwaOjyqUdRlj%2FkwDVO7dXhjv7WHarwem5KxetAASGac%2BsVIIkCk3Eqx5YNBPN1xB72cDpZdMToY0ncC6Vdj22RBul5NVUDxy7u4wKZ8h\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"07a04d43d67adc55c158f590a82769b8\"\r\ncontent-encoding: br\r\ncf-ray: 9e321ba7ca700883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75736,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (50617)","md5":"07a04d43d67adc55c158f590a82769b8","sha1":"2d705ec01abd15d4e089244c19d9354215967c00","sha256":"315a2999dc82dad613889f30964b5fd2e874bf83604febcd7725457a98bb4347","sha512":"9cc26342e75be9130caf4f2863a6127cd9445a5d65f175aea0ec0dbed597aeb815b3c30247c019041d6d1003bea20888f77817b46d573e683e6c03f90e872148","ssdeep":"1536:dBM1MvMaMfM0teX0pEbpNG2eLZy8lkv/erkh7:yteXoEfGc8mWrk9","tlshash":"a2730d02ad84019bb4568d7f3885bf34a6f2eb28aad14595e4344d847ef28fd314fb72","first_seen":"2026-02-11T07:20:24.324566Z","last_seen":"2026-04-10T19:17:33.145339Z","times_seen":145,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":18,"dns":0,"connect":1,"send":0,"wait":119,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/uploads/2026/03/cropped-Coinbase_Icon-32x32.png","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/uploads/2026/03/cropped-Coinbase_Icon-32x32.png HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 976\r\nlast-modified: Fri, 20 Mar 2026 16:23:40 GMT\r\nexpires: Tue, 26 May 2026 23:17:21 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":976,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"4a249fea292574f30802d610ddd35c43","sha1":"6214c4da339eaacbeec2a8f6e012a7c7c0da07c9","sha256":"baccc4c201e10ea65fecd4fd4becd44666e385eb10fc4ea89e6a3e3f79ffd214","sha512":"8a2721d65eff6ebf66bfae41930354481bc6e9272e8ac3378fa2ca15f20bf06273bac6911ddb0ede579e4351e8f18f8b09cba06c0a8103601b31690831e17bb5","ssdeep":"","tlshash":"1f1194d3632b8724634c890511a9d9e356f8c0fb1bba1e5eb15eb3302be5519e0c4563","first_seen":"2026-03-20T23:08:16.893085Z","last_seen":"2026-04-10T14:04:52.088129Z","times_seen":5,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/uploads/2026/03/cropped-Coinbase_Icon-192x192.png","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/uploads/2026/03/cropped-Coinbase_Icon-192x192.png HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 6472\r\nlast-modified: Fri, 20 Mar 2026 16:23:40 GMT\r\nexpires: Tue, 26 May 2026 23:17:21 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6472,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"50964cc51a398ef5776ed8d7a5295842","sha1":"8952522e58dd6e529f4583c7dad28d629bb231c6","sha256":"da4a03dc633b5acde77bd1f2ef0c376be36f2592d9cd6237f24147b7a42763e6","sha512":"244f5bd88d8a83135078580de2ef187208c8c01a7f06fc4240c99981be379403fe212feed94b435a78691c1ce6ee8857ed7f5ae58b807e76113c74858f8df54c","ssdeep":"192:owQxwOPdlC4o/Inoz80hJfibPpE297EUSH:zafa/yoQeJ6d9QUG","tlshash":"09d19edf217604ee9302526a220b23c449dbefadcc55dbbf9001b99604c24f9b3b895b","first_seen":"2026-03-20T23:08:16.891241Z","last_seen":"2026-04-10T14:04:52.095319Z","times_seen":5,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/uploads/font-awesome/v7.2.0/css/svg-with-js.css","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/uploads/font-awesome/v7.2.0/css/svg-with-js.css HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 03 Mar 2026 17:52:55 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11259,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11040)","md5":"3de9926d56424f075927a6a1ab69897f","sha1":"9b08ba4eb713e64aa18b0c5b84b92b518edafeb5","sha256":"8c4eddfd54f187e36767d36dd1d1874a86a060cb7ec15bb4342f6afc85574c5f","sha512":"bc21398a5452582f0c43cc2cdcf37ae3e61ef8040e77d793d4f7088133efac2f818325f69164778c0ea20b2f846d672ec4f4667e6139439d148c9d5ffd251786","ssdeep":"192:+P6ctwHPuY/0XPjS7e1fpvHCJ+7vM1MvMaMfMbuda9:dctwHvCM1MvMaMfMida9","tlshash":"e23253c9a25160684d979a2346cc495ca8346ff24852199ff523652d3ecebfd33f332a","first_seen":"2026-02-19T08:46:51.424422Z","last_seen":"2026-04-10T19:17:33.09662Z","times_seen":38,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/themes/hello-biz/assets/css/header-footer.css?ver=1.2.1","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/themes/hello-biz/assets/css/header-footer.css?ver=1.2.1 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 19 Mar 2026 18:28:15 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7182,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (7179)","md5":"86dbb47955bb9db9c74abc72efb0c6f6","sha1":"66e008f8d28438934133a914efc7a40bd9fbad5e","sha256":"5052c28c33de995612b9c064753ee989d1e7755027e2b80292148728f444ec8d","sha512":"4a17290a195e7ead6048fa07dde958455f508f57d3c147f49cdfd32db655b8bc19e0b476611bca8b1a1a7eaf4df88185a861b74aab65366175701809defd6105","ssdeep":"96:3dOg5c2yhjF8MsobtKv1j3ykM0UfU5nJzyC2sy6ZM3zzirdae64Qf3mfOOeZhYD:F/9j3EU5n1lJy6ZNZaL4nh","tlshash":"88e19f67f8f2317813378223a7d047aea07ac10dd807aba551ebc31b05db45227a7f69","first_seen":"2025-04-10T05:14:02.600959Z","last_seen":"2026-04-10T19:45:54.150373Z","times_seen":27636,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-content/plugins/form-maker/booster/assets/js/global.js?ver=1.0.0","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-content/plugins/form-maker/booster/assets/js/global.js?ver=1.0.0 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 20 Mar 2026 16:22:41 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":9451,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"0acd85d22ed4596bd15b48234d4bae31","sha1":"8e87508aa264feeceadb5ceca1907401d8f64ed6","sha256":"d23633501bdcbc8d5572aa7e61b69fb39fabb4656dcc9e4bfb665d5d112da13f","sha512":"58ede0bc5dfa84dff7b1e1f1618beb8eb27f29cea021fd1947940badb31a5300fc343ccae67d5e2bf33caf9d361d0e92969d8d11fd564e02f3ddfe94ca438ded","ssdeep":"192:WrnMxcLdjIz3Zp4zB5BQn6nAZR2vcE7UiVKRbGZ2JQMgDgcWizkpg6yNXCawfuJo:Wrp43Zp4zB5BQ6UR3LiVebGZqgD6iLX4","tlshash":"d912f09d2c9205f2817b1490f23fb22033526927fa8e8d003f9dd1f46f675a056b2a5e","first_seen":"2023-03-08T16:45:52Z","last_seen":"2026-04-10T14:04:52.08558Z","times_seen":1472,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com-clientid-567333ff44.xyz/wp-includes/js/wp-emoji-release.min.js?ver=7b1911136e756ff265aa49c3d7923ba7","fqdn":"www.coinbase.com-clientid-567333ff44.xyz","domain":"com-clientid-567333ff44.xyz","tld":"xyz"},"ip":{"addr":"195.20.18.202","port":443,"asn":48753,"as":"Ava Host Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.coinbase.com-clientid-567333ff44.xyz/","date":"2026-03-27T23:17:21.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com-clientid-567333ff44.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 18:08:44 GMT","end":"Thu, 25 Jun 2026 18:08:43 GMT"},"fingerprint":{"sha1":"FE:BF:2C:C2:24:2C:07:56:E9:7D:99:E2:A1:D0:7B:12:32:B8:32:20","sha256":"02:82:F1:80:06:58:62:0B:02:5A:82:E1:EA:9B:2C:1A:A1:AF:3C:C8:68:F5:FB:54:7A:46:D1:6A:1D:B1:F5:6C"}}},"request":{"raw":"GET /wp-includes/js/wp-emoji-release.min.js?ver=7b1911136e756ff265aa49c3d7923ba7 HTTP/1.1\r\nHost: www.coinbase.com-clientid-567333ff44.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.coinbase.com-clientid-567333ff44.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 23:17:21 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 07 Nov 2025 12:44:34 GMT\r\nexpires: Sun, 26 Apr 2026 23:17:21 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22762,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19823)","md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-04-10T19:55:48.80866Z","times_seen":140838,"resource_available":true,"data":null}},"time_used":63,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"www.coinbase.com-clientid-567333ff44.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}