{"report_id":"f4f62193-e8a1-45fd-b552-5c112c9d1d6a","version":6,"status":"done","tags":[],"date":"2026-01-07T08:11:39Z","url":{"schema":"https","addr":"cowswap.org","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"172.67.212.70","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cowswap.org/","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"title":"Swap - CoW Swap | The smartest way to trade cryptocurrencies","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"cowswap.org","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"172.67.212.70","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-11T08:11:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cowswap.org","ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-15","domain_rank":0,"first_seen":"2025-12-30T09:20:34.16932Z","last_seen":"2025-12-30T09:20:34.16932Z","alert_count":12,"request_count":4,"received_data":5938189,"sent_data":1854,"comment":"","tags":null,"fingerprints":[{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cowswap.org/bce45dbe-020d-44c0-adc6-e4bdef6dd3e9","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec26a722169cb2cef03353fcf8dd144a","sha1":"6eec6673abcde3d29547796a38361256d9efde1c","sha256":"01861fcd47bc63bb7be76c480bad4c6cc987c8996ab0e023a4e692b68c94b05c","sha512":"c885e5d94bd96fa4a573524356e0ca7398b1489f5a39fc1120cf7f4e469950630ad3e9f48dd0392acd36da390c27a4be1e81da943d1d9ecd48890d1691e416cf","ssdeep":"6144:Ufg7z90bnvLZqnWTI9esVTMuyEvtzXNglxQP92L:VzBe6kEdOxQoL","tlshash":"bf740980b261b07247da24e10477540af339e96c744a40acf6a8d8fb7dbd589957ff38","size":357754,"data":"","first_seen":"2025-07-12T22:38:09.13306Z","last_seen":"2026-05-13T03:42:14.185593Z","times_seen":5084,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cowswap.org/","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f6b8ba3f5fcc1f216af8fc13e386de43","sha1":"42998e30b4d142386f953775ab269c6d27e5a348","sha256":"004de0c9b1572bf0f9563bc474a3ecce260a14795ac4bf28f470fb1c82de6223","sha512":"8291078fc909c129bb371dd46ccb51c1b1c36c8b53603f479e9dfa9760de1ee1de4d5236233352e95b976a4d8e812f96b63538a888be9b338bbcff2336ab26f2","ssdeep":"768:dKvhkc5QRv5Rv5Y5QfoVLA+ZKGzgLLXmJRO5CECEEmcycMrcasCscgchIwcAcCcm:XzAi6Lj82AC1axUZf9yqAJETaqs","tlshash":"db9351d4591bd4e58e5251cee473e905e8680963cdadf1a3b62cdec0741ef22c88b63b","size":90076,"data":"","first_seen":"2025-12-30T09:20:37.537117Z","last_seen":"2026-01-07T08:11:51.398806Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cowswap.org/","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"261fa5f948bd99fdf005f80595805744","sha1":"51d57156b1974322b3ba8542f48893082199d5e1","sha256":"1dcf3b0e1f92d593867169c5ee26771d2f3b77f552eee6c73beba961b91d61b7","sha512":"532ff30dfdd593068e7afc5f98cb1bc72408e594f297911c0a7c590c97a2ed6be6b91981322dfe3b3e90f21241404ae8692139732372f119279dbdf29f3ae429","ssdeep":"","tlshash":"a6015927222233707ce9d5dca8b6dd8e39bb501ae40a0090a09f944d1834bc644f7bec","size":847,"data":"","first_seen":"2023-03-07T01:03:07Z","last_seen":"2026-05-30T05:35:57.82419Z","times_seen":3552,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cowswap.org/parsley-2.9.2.min.js","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"813858556458f4c704c2ed5d90cb39f5","sha1":"60c1bca240a4c73859c2fab163b21170bf1e1be1","sha256":"b69d19f225d2203fecaaea8d44b276870e806ffee837201cf463c2c5fe775d99","sha512":"2c8f420a18e1f8dfb24a701e6c72eb1f617a89dd696d2405108529de06f99a7d33dd2f7f4d2d9634941e778c1eb06c62cd0681bfda80dbaaf4029c2323985b7c","ssdeep":"768:8GPhocrYRvZRvUh/ywGLk0p191dWwaSzO8SY6ccYc0VcosiockchIwc8cCcDc+cd:6zCzyksM8SLmpUZfJiAoJETKuM","tlshash":"ab9373d6590ad0d98e5111cee477e809e8680993cdadf193fa2cddc6741ef26c84b23b","size":93612,"data":"","first_seen":"2025-12-30T09:20:37.530094Z","last_seen":"2026-01-07T08:11:51.390343Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cowswap.org/","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-07T08:11:14.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cowswap.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:32:30 GMT","end":"Fri, 20 Mar 2026 11:31:18 GMT"},"fingerprint":{"sha1":"14:8D:E9:CA:F8:27:95:87:FC:04:98:ED:5E:5B:EE:E2:A5:4D:83:43","sha256":"A5:86:1C:1F:68:8A:E3:E9:5F:64:53:6E:7A:B5:D4:E2:3C:5D:08:5D:C6:C9:DA:06:F9:74:13:0B:1C:22:58:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cowswap.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 08:11:14 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Sat, 20 Dec 2025 13:28:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FxQv4ekPXOOLdCtHA3Wl7dP7rbBXCiKYWqVV06Mi6seBspAPsjHF1MzKXO3kyApu1FaBSehOvbmXXygjm1ZGH9fO5r7NqaviI0u%2B\"}]}\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9ba1fbb6df405fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":547241,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (51587)","md5":"24d397a46ac18fb676892751b84bb322","sha1":"35f3ce9d207246b51bbc112e7f6508d445f37481","sha256":"fa1f853f03828cf43cc54f70a8463911eaab40aed8dc1feff6bc4217d067e63a","sha512":"d538a513caa89dc7fe9c10be214c2559d1bc08fcbb60f346b21c189e4711829a4a6391f7246936dd67021d5c0833e9b23c973083c743a2d0e5c3d71191a2352f","ssdeep":"6144:e+RYDyZPyYH5Ihr0Ej5J0cXr7wxQ2595aYwNfTFHmWC/CoZVnPH4q3IVnPH4q3g:ZRYqXH5kHXr0xBXjwtTxfmfvIvg","tlshash":"dec4bf76190c279d36230eadeb52623c265bb0eeb70551ef64ef70d8c38f9e48522d94","first_seen":"2025-12-30T09:20:37.524574Z","last_seen":"2026-01-07T08:11:51.386668Z","times_seen":4,"resource_available":false,"data":null}},"time_used":512,"timings":{"blocked":56,"dns":38,"connect":1,"send":0,"wait":394,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cowswap.org/parsley-2.9.2.min.js","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cowswap.org/","date":"2026-01-07T08:11:15.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cowswap.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:32:30 GMT","end":"Fri, 20 Mar 2026 11:31:18 GMT"},"fingerprint":{"sha1":"14:8D:E9:CA:F8:27:95:87:FC:04:98:ED:5E:5B:EE:E2:A5:4D:83:43","sha256":"A5:86:1C:1F:68:8A:E3:E9:5F:64:53:6E:7A:B5:D4:E2:3C:5D:08:5D:C6:C9:DA:06:F9:74:13:0B:1C:22:58:2F"}}},"request":{"raw":"GET /parsley-2.9.2.min.js HTTP/1.1\r\nHost: cowswap.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cowswap.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 08:11:15 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Sat, 20 Dec 2025 13:28:14 GMT\r\netag: W/\"16dac-19b3bf2516f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KoR386ylO%2BP6YHXQGY0YG7KjtK7wm%2B%2FBVHbtl9q8LzO1dQHPL0995UcflcXGdCtN4RdCNkXmq69oWRr%2BvWAhJ1leE%2BZYgBht%2Bw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ba1fbbad84756aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":93612,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"813858556458f4c704c2ed5d90cb39f5","sha1":"60c1bca240a4c73859c2fab163b21170bf1e1be1","sha256":"b69d19f225d2203fecaaea8d44b276870e806ffee837201cf463c2c5fe775d99","sha512":"2c8f420a18e1f8dfb24a701e6c72eb1f617a89dd696d2405108529de06f99a7d33dd2f7f4d2d9634941e778c1eb06c62cd0681bfda80dbaaf4029c2323985b7c","ssdeep":"768:8GPhocrYRvZRvUh/ywGLk0p191dWwaSzO8SY6ccYc0VcosiockchIwc8cCcDc+cd:6zCzyksM8SLmpUZfJiAoJETKuM","tlshash":"ab9373d6590ad0d98e5111cee477e809e8680993cdadf193fa2cddc6741ef26c84b23b","first_seen":"2025-12-30T09:20:37.530094Z","last_seen":"2026-01-07T08:11:51.390343Z","times_seen":4,"resource_available":true,"data":null}},"time_used":434,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":395,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cowswap.org/","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cowswap.org/","date":"2026-01-07T08:11:15.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cowswap.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:32:30 GMT","end":"Fri, 20 Mar 2026 11:31:18 GMT"},"fingerprint":{"sha1":"14:8D:E9:CA:F8:27:95:87:FC:04:98:ED:5E:5B:EE:E2:A5:4D:83:43","sha256":"A5:86:1C:1F:68:8A:E3:E9:5F:64:53:6E:7A:B5:D4:E2:3C:5D:08:5D:C6:C9:DA:06:F9:74:13:0B:1C:22:58:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cowswap.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cowswap.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 08:11:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Sat, 20 Dec 2025 13:28:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\nage: 0\r\ncontent-encoding: br\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eXM1uacSdLUwBHBWbJuD%2BMdiu7Jtgi2DHYrzNMacJdllZNHpSBPYjLu8dF%2BGNLh2ogog7Q5CUE7OfwpOW89Ksv8S%2F2DpXZFVBQ%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9ba1fbbeb85b56aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":547241,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (51587)","md5":"24d397a46ac18fb676892751b84bb322","sha1":"35f3ce9d207246b51bbc112e7f6508d445f37481","sha256":"fa1f853f03828cf43cc54f70a8463911eaab40aed8dc1feff6bc4217d067e63a","sha512":"d538a513caa89dc7fe9c10be214c2559d1bc08fcbb60f346b21c189e4711829a4a6391f7246936dd67021d5c0833e9b23c973083c743a2d0e5c3d71191a2352f","ssdeep":"6144:e+RYDyZPyYH5Ihr0Ej5J0cXr7wxQ2595aYwNfTFHmWC/CoZVnPH4q3IVnPH4q3g:ZRYqXH5kHXr0xBXjwtTxfmfvIvg","tlshash":"dec4bf76190c279d36230eadeb52623c265bb0eeb70551ef64ef70d8c38f9e48522d94","first_seen":"2025-12-30T09:20:37.524574Z","last_seen":"2026-01-07T08:11:51.386668Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cowswap.org/secureproxy?e=jscdn/getFile","fqdn":"cowswap.org","domain":"cowswap.org","tld":"org"},"ip":{"addr":"104.21.35.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cowswap.org/","date":"2026-01-07T08:11:15.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cowswap.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:32:30 GMT","end":"Fri, 20 Mar 2026 11:31:18 GMT"},"fingerprint":{"sha1":"14:8D:E9:CA:F8:27:95:87:FC:04:98:ED:5E:5B:EE:E2:A5:4D:83:43","sha256":"A5:86:1C:1F:68:8A:E3:E9:5F:64:53:6E:7A:B5:D4:E2:3C:5D:08:5D:C6:C9:DA:06:F9:74:13:0B:1C:22:58:2F"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: cowswap.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cowswap.org/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://cowswap.org\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"okyth9clzznclnw3vbwy\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 08:11:16 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncast-mode: default\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: DENY, SAMEORIGIN\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: default-src 'self'\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r9kz1Br7hCrG%2FvKdL16uFPPPfZPiT0114CiduiNtt%2FpwGbUlSC4ClAyBAPpd5j24vQxIrIt5PpK5Pvm%2BUHyAsnB%2FEV9Jb%2BxN3LeT2Cfbuut6Gw%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9ba1fbc0086256aa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4746080,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"51c8a6144f86685cc73a698ea5b27cda","sha1":"232abe31f2d3410e4706a34c2f80f266bae89dd7","sha256":"3bb3831410e0412bf911947c087fa19517148339738bbd3e908c5f16c051baf0","sha512":"003a0e909ffe6e36df5a6172535feafe01cae1e7a0ea2996116fcd5e71212ad037232c83c6bb882052ecc661e01af972937a44b17a41aa8250131cbd8eb4e088","ssdeep":"24576:/kaCRGn5vQMRKR4KNp5W/iZAcd+vvqMLI8L4O/i+gYEFT:8aH+MRq7NDOPs+68LDK1FT","tlshash":"4b2513f7d076e09337641839f4da39d93c74a1ed66ca83311a849da024eb19a85dcef3","first_seen":"2026-01-07T08:11:41.15424Z","last_seen":"2026-01-07T08:11:51.392972Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1601,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":703,"receive":898,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"cowswap.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}