{"report_id":"415e3105-12fa-4918-9fb6-2c324eab9fef","version":6,"status":"done","tags":[],"date":"2026-05-12T11:11:41Z","url":{"schema":"http","addr":"tokencitrea.xyz","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"172.67.211.99","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"title":"Airdrop | Citrea","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tokencitrea.xyz","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"172.67.211.99","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-16T11:11:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-12T11:11:16Z","timestamp":1778584276,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":55024,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI","source":"{\"timestamp\":\"2026-05-12T11:11:16.918418+0000\",\"flow_id\":87621809530588,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":55024,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2051768,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_03_22\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Cloudflare_Workers\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Cloudflare_Workers\"],\"updated_at\":[\"2024_03_22\"]}},\"tls\":{\"sni\":\"billowing-scene-308e.buildsbob.workers.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":944,\"bytes_toclient\":1654,\"start\":\"2026-05-12T11:11:16.911068+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"tokencitrea.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"billowing-scene-308e.buildsbob.workers.dev","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-01T04:58:40.646729Z","last_seen":"2026-05-12T11:05:29.140387Z","alert_count":0,"request_count":2,"received_data":3876674,"sent_data":901,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"tokencitrea.xyz","ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":4,"received_data":1035045,"sent_data":1754,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"billowing-scene-308e.buildsbob.workers.dev/","fqdn":"billowing-scene-308e.buildsbob.workers.dev","domain":"buildsbob.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"73dac882bc559b2bb8a8b9cd151b504c","sha1":"f6c4477708795aa1df1f71ec208c67a9f902eaf5","sha256":"b32cd74e94e4d976fa878f5ba23605c5b4bb32b0973f07293319f5b8fee090c9","sha512":"5613573e46a26ada2e3c67d2afb0d3582edba57dc3d7a709134570de34a4282b92931b416f64b15f502720c4bdafd11bfff051a029666f3bc3f1d42a0c0c75fc","ssdeep":"3072:++zyEWhiBuVKxoKuQEhWYQle2ImSc+3VD6ILaXp:NBUVhpQEhWYOeQX+3VnLaXp","tlshash":"84c4538a5ac211a9be4d47aeccd15c4094084d237f48e4e7eedafe50606ae21d1db39f","size":573738,"data":"","first_seen":"2026-05-12T11:11:47.103791Z","last_seen":"2026-05-12T11:13:11.646564Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bcb2917876a0a963ffa98153952545b9","sha1":"f67a73325e86adbec2cda58d7c17e1ba9a304b86","sha256":"4f92b9523239620bbce2b85ac8eac4f1775b515c076bfbf4af083b3295c7d156","sha512":"d00c2e2ce79678d21b115248f88c9ec930b94e0526c47f1e760d69d6b4f2050d43c50d91091979ee54a1877d1461af38d99bc835795ae2eb78cb0228dee66f2f","ssdeep":"3072:cpYCIa3IXD0769ypQKVENHesQtOawOKEuz1JMqvas:rCF4d9ZGExesqOkHuz1tvas","tlshash":"6d84a355db83409ccd9c06ab94a2b940c5148d23cb5878f7de1fdec1266af7252cb2af","size":394607,"data":"","first_seen":"2026-05-12T11:11:47.109235Z","last_seen":"2026-05-12T11:13:11.64884Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f9787aeba343646af18c0ca0f200096a","sha1":"7225f1e71350309f333f71b9d3cd7a7306ecb01a","sha256":"6645942617470bc030a0bba539adc97e300439e72f92a95994f0772854038ec4","sha512":"4a563b5d2399caed367ea79f314ae6fe89b664ae0f6baa4d17382190a463489fde3bde855eacfec528378ff547b0955e6283a84df257eb50e2514c3e05073fae","ssdeep":"","tlshash":"8b113826122632653c8ef0ee59b6dd4d7a7f100be90960a0b59ed08d7930b5544f76dc","size":958,"data":"","first_seen":"2026-04-26T13:27:23.267957Z","last_seen":"2026-05-12T11:13:11.651016Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f32f6845887004ab74a44ecc4fe6e35e","sha1":"a8bc6bcb5eca298cf8e93a2847bf1e7f9253c601","sha256":"21153f3bed46801647edab81d036ce1d272286d128c2643f54689ecfa7b9ad31","sha512":"3eb9bd764b553cda967e6c8999b8c2cd41020b36b6fc1886fa26dd568d5474138fd2e527a1715b7959c09ad06c9785341e89ceedede7c880c89c740c65a8bd34","ssdeep":"","tlshash":"0d1136343219147a921e2ac3d78037e898aea255b75398da4c1c5d4818cd8265befcf5","size":932,"data":"","first_seen":"2026-05-12T11:11:47.112333Z","last_seen":"2026-05-12T11:13:11.652239Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"965f697e0ced0273a06547f666a879a4","sha1":"cb1c761eb98f687a5ecfac739d94bca47642a15b","sha256":"ac6417fffc79c9cbd1268046c031de3fc42c43fb0d20a3d1426c72929406a81e","sha512":"a323b832004907e5807f079c907d4d25d9163dff41556f60d464e68c8651a6479870249f1f5b9f62851d03f475953934d88599ec850ab513803caa66caac9c44","ssdeep":"768:lKEd0A6BPcsKo1/c2/2c7XyrcqNahJXIOpacIcWcJcicIcscjc+c8cqu34cc6ckr:o9AmPc3qK8JXILuGPC","tlshash":"704340d0aa5bd0e49e5611eed037ec01e0281967ceacf593b92ddec2742df22858753b","size":59340,"data":"","first_seen":"2026-05-12T11:11:47.113505Z","last_seen":"2026-05-12T11:13:11.65412Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"billowing-scene-308e.buildsbob.workers.dev/?m=2964307","fqdn":"billowing-scene-308e.buildsbob.workers.dev","domain":"buildsbob.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://tokencitrea.xyz/","date":"2026-05-12T11:11:17.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buildsbob.workers.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 11 Apr 2026 19:31:36 GMT","end":"Fri, 10 Jul 2026 20:31:23 GMT"},"fingerprint":{"sha1":"E7:D1:72:C1:21:25:4A:B7:44:E0:56:25:8B:E2:38:58:2B:50:14:C2","sha256":"C5:52:35:1C:FF:46:25:2E:F4:33:9D:8C:93:D5:0E:77:09:3A:58:0B:0C:18:CD:AF:D6:A2:3B:10:C1:2C:7D:0A"}}},"request":{"raw":"GET /?m=2964307 HTTP/1.1\r\nHost: billowing-scene-308e.buildsbob.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tokencitrea.xyz/\r\nOrigin: https://tokencitrea.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 12 May 2026 11:11:17 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HcYYg7WyVuaUw3LYnikU99ZGlAxzrHZK0rQnzVqb8chCWt3dYj%2FkxKnw6%2F5e73lioP5vXWwsWImCijzod%2FGz0ojHgC0CmBTH4DyZ%2B0dt2q6nENCvNhht0I3ioTDOeRuhqTw4k5PH8kcFvkAFYojo%2FEf5yEdFU5NB5Cq1YSA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fa8fb56de980b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3301484,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"088f072ef4901bc1a7f709dfbeabc82b","sha1":"67c2e08e8804526779ac49e9dd2380df14204258","sha256":"1883bbdd6f3b6257c92186de8f1d17216f9738b32cc7e1f624ceea7005d3960d","sha512":"33c68bbf8008eb63027ab0f7c15e07367866f1d1cb7e61947d644c1794ef0c6d6e36ad25bd0dcb8d46f26efa6d49edef9485442d2b31726975e9e10abbcfb609","ssdeep":"24576:6b/YWmLkwsOukzMSPbg+lsVo5/Cr0OSzcfUjegBCwSG9:4GkwdNZngkvX9","tlshash":"33252392ff6eb43c8f2c0998717b2e0fac454c2390c592bda696f88636c875051e7d78","first_seen":"2026-05-12T11:05:41.298122Z","last_seen":"2026-05-12T11:13:11.641133Z","times_seen":4,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":18,"dns":1,"connect":0,"send":0,"wait":105,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-12T11:11:16.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tokencitrea.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 May 2026 16:59:15 GMT","end":"Sun, 09 Aug 2026 17:59:07 GMT"},"fingerprint":{"sha1":"AE:30:1C:1C:9A:AA:10:92:79:C2:C6:23:90:36:E5:54:A2:B9:98:BE","sha256":"2F:E1:B7:87:1B:3F:E5:FC:19:C4:0A:47:BD:26:80:7E:D6:F2:08:98:C9:31:A2:A5:EE:98:08:20:07:EC:71:DD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tokencitrea.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 12 May 2026 11:11:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EALQkn%2F%2FlFh4g90Fbc6EbGSEHqrXueGzrQnK3Hdyw9PqHayWpfdCmhALZrcyHB%2BuME99wNii5xPvuZMLjckRc%2F9ARIs7UojgZ36LH5Lhk0jNd1YZUe4rS5EYWtPrCJ7iel0%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9fa8fb50bcdeb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":515970,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (5753)","md5":"27bed54ad09e1626af0f20a9c650b977","sha1":"f626624670cf5d16ac0348385af6168a3bc3fd64","sha256":"ffb1d89c018d7f7afae66ed1aca243f4b40afb5686ca714b64001684bdb053f0","sha512":"71e753c45f4a6da6d0921215bc25036c65998216db32e91e33202f62a12bdb5c6282880389a74759b7a271fb6e9bbec42064f1c9c3a7cf099401fc40b0ffbc4a","ssdeep":"6144:j6v3luNBqSEydDIUiv0Esz1qzqu0LKrRpmJKYawzTS5oA+Sb3:fNRIUivIqzqrLKrRpw3S5MO3","tlshash":"f6b4392aa9b29a666d13727da2ef610c3236f107dc1dce987edc3154cf883b4ac51758","first_seen":"2026-05-12T11:11:47.099947Z","last_seen":"2026-05-12T11:13:11.644081Z","times_seen":2,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":36,"dns":15,"connect":1,"send":0,"wait":136,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"tokencitrea.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"billowing-scene-308e.buildsbob.workers.dev/","fqdn":"billowing-scene-308e.buildsbob.workers.dev","domain":"buildsbob.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tokencitrea.xyz/","date":"2026-05-12T11:11:16.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buildsbob.workers.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 11 Apr 2026 19:31:36 GMT","end":"Fri, 10 Jul 2026 20:31:23 GMT"},"fingerprint":{"sha1":"E7:D1:72:C1:21:25:4A:B7:44:E0:56:25:8B:E2:38:58:2B:50:14:C2","sha256":"C5:52:35:1C:FF:46:25:2E:F4:33:9D:8C:93:D5:0E:77:09:3A:58:0B:0C:18:CD:AF:D6:A2:3B:10:C1:2C:7D:0A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: billowing-scene-308e.buildsbob.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tokencitrea.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 12 May 2026 11:11:17 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=3600\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E6d%2BMxsreNNTXoEwxkZxCdXhvPHPfzuuZubirgFnpYmEThfEHeh%2FuO%2FWy7Ib8xhzPCDWMESguaQ92znOXtrpY9Znm5uKCKBXKTKJgM6DgLbBmYoeNEe%2BwwoMv9iyh1vQc0pcI%2BJerrWN7Xzxegyn%2FPCeX5xfPsQI%2BjXmkeg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fa8fb52cad04e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":573738,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"73dac882bc559b2bb8a8b9cd151b504c","sha1":"f6c4477708795aa1df1f71ec208c67a9f902eaf5","sha256":"b32cd74e94e4d976fa878f5ba23605c5b4bb32b0973f07293319f5b8fee090c9","sha512":"5613573e46a26ada2e3c67d2afb0d3582edba57dc3d7a709134570de34a4282b92931b416f64b15f502720c4bdafd11bfff051a029666f3bc3f1d42a0c0c75fc","ssdeep":"3072:++zyEWhiBuVKxoKuQEhWYQle2ImSc+3VD6ILaXp:NBUVhpQEhWYOeQX+3VnLaXp","tlshash":"84c4538a5ac211a9be4d47aeccd15c4094084d237f48e4e7eedafe50606ae21d1db39f","first_seen":"2026-05-12T11:11:47.103791Z","last_seen":"2026-05-12T11:13:11.646564Z","times_seen":2,"resource_available":true,"data":null}},"time_used":511,"timings":{"blocked":63,"dns":47,"connect":1,"send":0,"wait":383,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tokencitrea.xyz/","date":"2026-05-12T11:11:16.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tokencitrea.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 May 2026 16:59:15 GMT","end":"Sun, 09 Aug 2026 17:59:07 GMT"},"fingerprint":{"sha1":"AE:30:1C:1C:9A:AA:10:92:79:C2:C6:23:90:36:E5:54:A2:B9:98:BE","sha256":"2F:E1:B7:87:1B:3F:E5:FC:19:C4:0A:47:BD:26:80:7E:D6:F2:08:98:C9:31:A2:A5:EE:98:08:20:07:EC:71:DD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tokencitrea.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tokencitrea.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ndate: Tue, 12 May 2026 11:11:16 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=15dZYRVI33NTmj%2BSMrF%2Bocc6%2Bb%2Fffk4LiFk%2FKzsS4V%2FT0xXeGcOPZScHFltlPpehcYpozq841xPyzr%2BKtslz%2FhsBdSHa8LbYfibrMKhnDuNYE376QF2z1FzW1vqRsoQpEtI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9fa8fb527d488be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":515970,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (5753)","md5":"27bed54ad09e1626af0f20a9c650b977","sha1":"f626624670cf5d16ac0348385af6168a3bc3fd64","sha256":"ffb1d89c018d7f7afae66ed1aca243f4b40afb5686ca714b64001684bdb053f0","sha512":"71e753c45f4a6da6d0921215bc25036c65998216db32e91e33202f62a12bdb5c6282880389a74759b7a271fb6e9bbec42064f1c9c3a7cf099401fc40b0ffbc4a","ssdeep":"6144:j6v3luNBqSEydDIUiv0Esz1qzqu0LKrRpmJKYawzTS5oA+Sb3:fNRIUivIqzqrLKrRpw3S5MO3","tlshash":"f6b4392aa9b29a666d13727da2ef610c3236f107dc1dce987edc3154cf883b4ac51758","first_seen":"2026-05-12T11:11:47.099947Z","last_seen":"2026-05-12T11:13:11.644081Z","times_seen":2,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"tokencitrea.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tokencitrea.xyz/","date":"2026-05-12T11:11:16.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tokencitrea.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 May 2026 16:59:15 GMT","end":"Sun, 09 Aug 2026 17:59:07 GMT"},"fingerprint":{"sha1":"AE:30:1C:1C:9A:AA:10:92:79:C2:C6:23:90:36:E5:54:A2:B9:98:BE","sha256":"2F:E1:B7:87:1B:3F:E5:FC:19:C4:0A:47:BD:26:80:7E:D6:F2:08:98:C9:31:A2:A5:EE:98:08:20:07:EC:71:DD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tokencitrea.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tokencitrea.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ndate: Tue, 12 May 2026 11:11:16 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VgSv775X07vHAe9cfWibcjdl5VqJm0YZTkxLpUO8a64TN%2F3%2FSSnQCiMYVMiRoYvV%2FKTmxlTy1RIjObqEx818GWZBh6ft0W9PCYbsaaETt3XWGpCoRRxBHueQp8PDhGvYuMg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9fa8fb528d508be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T17:59:11.912499Z","times_seen":15179480,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"tokencitrea.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tokencitrea.xyz/","fqdn":"tokencitrea.xyz","domain":"tokencitrea.xyz","tld":"xyz"},"ip":{"addr":"104.21.91.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tokencitrea.xyz/","date":"2026-05-12T11:11:16.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tokencitrea.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 May 2026 16:59:15 GMT","end":"Sun, 09 Aug 2026 17:59:07 GMT"},"fingerprint":{"sha1":"AE:30:1C:1C:9A:AA:10:92:79:C2:C6:23:90:36:E5:54:A2:B9:98:BE","sha256":"2F:E1:B7:87:1B:3F:E5:FC:19:C4:0A:47:BD:26:80:7E:D6:F2:08:98:C9:31:A2:A5:EE:98:08:20:07:EC:71:DD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tokencitrea.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tokencitrea.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ndate: Tue, 12 May 2026 11:11:16 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BngB4ltlKJ7Wg21Av%2Fi5w89qgQB0Z48I%2Fi5khaUaHOnP%2FMY49WmxgymcG4HwFRJQO1zGrDN7OGdXyjYVTBJgIokJH0ZZ4Z7zzNzidOCPp83WrgB0rwJhp0srvMA28Zb71lY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9fa8fb528d518be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T17:59:11.912499Z","times_seen":15179480,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":48,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-12","alert":"Sinkholed","trigger":"tokencitrea.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}