{"report_id":"4445c155-4762-4f5b-9a64-a1aaa595506e","version":6,"status":"done","tags":[],"date":"2026-01-06T13:55:47Z","url":{"schema":"http","addr":"store.workshopvotesmod.com","fqdn":"store.workshopvotesmod.com","domain":"workshopvotesmod.com","tld":"com"},"ip":{"addr":"172.67.201.36","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"store.workshopvotesmod.com/","fqdn":"store.workshopvotesmod.com","domain":"workshopvotesmod.com","tld":"com"},"title":"Sign In","dom":{"size":425761,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (51410)","md5":"c1c6d417155c4bcc4b2f45c42f993a1f","sha1":"352bb7cb9cd4bd82b1bf6549ab951b0f70554658","sha256":"dfea032cd8338e8fb915007dbd989080062ecd46a2849753a2c50fa4ca5f209a","sha512":"4c41d3dbe8b3f4dd757b38c58988c8585ca118e7e5aadf5c49c70f9b7184ab7f30345c342b15151da1bb27e684ddff3941fda8d44c6106df60543306c47e8975","ssdeep":"6144:MpIzpIcSrLMnwqqFiaWkcuoRCtNhnE4ReENmq/97:M294LBpiancuUd4A0ms","tlshash":"68946930960d29bd772fded2c05316950fa9a403b2277574a29e34fc43cbe68daa7d90","dom_hash":"domhashae88fa88eab5f260f54738e6328448c9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"store.workshopvotesmod.com","fqdn":"store.workshopvotesmod.com","domain":"workshopvotesmod.com","tld":"com"},"ip":{"addr":"172.67.201.36","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-10T13:55:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"store.workshopvotesmod.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":2,"received_data":1231514,"sent_data":937,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hazard.team","ip":{"addr":"80.66.72.44","port":443,"asn":39238,"as":"Okb Progress LLC","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-01T09:35:12.3915Z","last_seen":"2026-01-06T11:23:58.991134Z","alert_count":0,"request_count":4,"received_data":1332,"sent_data":2271,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"store.workshopvotesmod.com/gm6yz6yap690.js","fqdn":"store.workshopvotesmod.com","domain":"workshopvotesmod.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0cdcedf0b4ede9afcb5344b16ed2f80","sha1":"cec716c01951ba2404af6a19abbc67fa71f8385d","sha256":"b827838b65ea1cd29ff7f1fc169194cca40300101416dd678afc4a64fbd25d04","sha512":"7ad53d32a3faf3823476799c5b4f617bea27681d2431d6a1a35db295577f67b90ad029d8a9a3087559eafbd7b5ba7f6da1d5460e97150812dbb74e475d90cf7f","ssdeep":"12288:BX01rgoo6r5Hips//Q5oANOXZxTy79LRoV4LBpiancuUgN91Z7dMPKml6ABRsvvl:5yveIw1cuUG/deG","tlshash":"58451c706f80e2ad07174f2bb72b72d4fd16099fe9584ccbf590fc946899a06e5e81b0","size":1178502,"data":"","first_seen":"2025-12-19T03:37:01.698642Z","last_seen":"2026-02-02T19:36:44.277236Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"store.workshopvotesmod.com/","fqdn":"store.workshopvotesmod.com","domain":"workshopvotesmod.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T13:55:25.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"workshopvotesmod.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 02 Jan 2026 19:42:44 GMT","end":"Thu, 02 Apr 2026 20:40:29 GMT"},"fingerprint":{"sha1":"E2:5E:38:48:A7:D0:3B:A9:2F:8A:9E:D0:B3:5A:32:CE:89:27:7A:64","sha256":"64:CC:A3:29:48:F2:DF:DF:A3:5E:1C:B1:96:A7:E0:2E:01:9B:4A:6F:82:E8:21:59:ED:5E:87:91:1E:F5:55:99"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: store.workshopvotesmod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 06 Jan 2026 13:55:25 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qFMA8c%2BNxPZQ54S6VsbBthYaLrD0mqNJbTl%2Fkuf%2BbE1ICC9GuLjc8MArOl2rjHm9tNyXAVkKPA7HJRmAz4LQUzoeTTzuCOf4r0ql7i%2FUZQ39wO3LzonwBJgs\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9b9bb684e8cda0f0-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51795,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (51411), with CRLF line terminators","md5":"002646d1aa67890e8012e81f17e76819","sha1":"869fcdf9757aac58f7e748d4615859eeee5fbde3","sha256":"dc0eef1254735225d57cd53ed1e28e573910ea5d2317f0be865c8f5b71d7e3c8","sha512":"bfed556f1ed3e769cc232238a06adaef4340cb5f5680017a325cf9943e0f269197197fbc5ad7c21e77ab3a3e4572eaec3d49c5eeb94b49da4734f61ad8e43469","ssdeep":"1536:4G9/ngwT22Cjfr6h1ZDHa5KQyRPBXy1Uv:t1gwaf6dEURos","tlshash":"9b33c17076a0591cdfdf8f7a89915e501e379cdbf847a854e32e348a5a40ee2e9dc380","first_seen":"2025-12-20T07:16:27.905464Z","last_seen":"2026-01-27T18:03:23.365001Z","times_seen":14,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":48,"dns":29,"connect":1,"send":0,"wait":110,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"store.workshopvotesmod.com/gm6yz6yap690.js","fqdn":"store.workshopvotesmod.com","domain":"workshopvotesmod.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://store.workshopvotesmod.com/","date":"2026-01-06T13:55:25.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"workshopvotesmod.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 02 Jan 2026 19:42:44 GMT","end":"Thu, 02 Apr 2026 20:40:29 GMT"},"fingerprint":{"sha1":"E2:5E:38:48:A7:D0:3B:A9:2F:8A:9E:D0:B3:5A:32:CE:89:27:7A:64","sha256":"64:CC:A3:29:48:F2:DF:DF:A3:5E:1C:B1:96:A7:E0:2E:01:9B:4A:6F:82:E8:21:59:ED:5E:87:91:1E:F5:55:99"}}},"request":{"raw":"GET /gm6yz6yap690.js HTTP/1.1\r\nHost: store.workshopvotesmod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://store.workshopvotesmod.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 06 Jan 2026 13:55:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 02 Jan 2026 21:55:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"69583ebe-11fb86\"\r\nexpires: Wed, 07 Jan 2026 13:55:25 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3gYaMqwJ5hvu7j4pCZ%2BGpzHr9x84rcEHlodzCT0GzMFRMlDrpeTC%2Fj%2FATGFIcO8CgJ8LRDlal%2BL95BxiUJ7o5YwAGQIxz3NM9F7n6cyGQ00JC9sLPa1jpR3Z\"}]}\r\ncf-ray: 9b9bb686be3aa0f0-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1178502,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e4b84b7b083ffaae9b7f94f0e844e1e1","sha1":"a6b8457e4820b18d8d23062b41ae16a350265fc9","sha256":"5faaabce28da50fbe760b93a046749f69deef94b2d13ceb8cef03bcb6700cc2c","sha512":"1c75efa64229f57dd5f2ef1965190520b961d024e0b03f07e6f22c14b78666cd82fb624788a9c9d449116e9cfd67584d63e4adc01ac7077685ababe3c2406534","ssdeep":"12288:BX01rgoo6r5Hips//Q5oANOXZxTy79LRoV4LBpiancuUgN91Z7dMPKml6ABL:5yveIw1cuUG/deH","tlshash":"46352d706f80e69d07174f6b772b72d4fd56089fa8484ccff590fca46899a06e6e81b0","first_seen":"2025-12-20T07:16:27.898391Z","last_seen":"2026-03-07T23:28:55.551968Z","times_seen":37,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"store.workshopvotesmod.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hazard.team/dxpgypjftomkusxddsmwznitoplamsvnemlhisbfygjqun","fqdn":"hazard.team","domain":"hazard.team","tld":"team"},"ip":{"addr":"80.66.72.44","port":443,"asn":39238,"as":"Okb Progress LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://store.workshopvotesmod.com/","date":"2026-01-06T13:55:26.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hazard.team","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Dec 2025 20:14:43 GMT","end":"Fri, 27 Mar 2026 20:14:42 GMT"},"fingerprint":{"sha1":"C5:CC:AC:B7:47:06:DB:5D:70:66:9F:B3:4B:A0:EB:80:14:DA:1D:3D","sha256":"74:C5:84:B3:9A:32:0C:05:11:17:6E:F3:75:7D:51:17:90:A4:7F:16:A8:EB:95:5D:A8:BE:C9:6B:03:06:DC:EA"}}},"request":{"raw":"OPTIONS /dxpgypjftomkusxddsmwznitoplamsvnemlhisbfygjqun HTTP/1.1\r\nHost: hazard.team\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://store.workshopvotesmod.com/\r\nOrigin: https://store.workshopvotesmod.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nETag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nDate: Tue, 06 Jan 2026 13:55:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":68,"dns":21,"connect":20,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hazard.team/dxpgypjftomkusxddsmwznitoplamsvnemlhisbfygjqun","fqdn":"hazard.team","domain":"hazard.team","tld":"team"},"ip":{"addr":"80.66.72.44","port":443,"asn":39238,"as":"Okb Progress LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://store.workshopvotesmod.com/","date":"2026-01-06T13:55:26.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hazard.team","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Dec 2025 20:14:43 GMT","end":"Fri, 27 Mar 2026 20:14:42 GMT"},"fingerprint":{"sha1":"C5:CC:AC:B7:47:06:DB:5D:70:66:9F:B3:4B:A0:EB:80:14:DA:1D:3D","sha256":"74:C5:84:B3:9A:32:0C:05:11:17:6E:F3:75:7D:51:17:90:A4:7F:16:A8:EB:95:5D:A8:BE:C9:6B:03:06:DC:EA"}}},"request":{"raw":"POST /dxpgypjftomkusxddsmwznitoplamsvnemlhisbfygjqun HTTP/1.1\r\nHost: hazard.team\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 68\r\nOrigin: https://store.workshopvotesmod.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://store.workshopvotesmod.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":68,"data":"{\"d\":\"store.workshopvotesmod.com\",\"u\":\"s-mk2njf2y-7rp00t02\",\"ip\":\"\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 58\r\nETag: W/\"3a-aeO107wSyEvLezlGKxlMxmHBpx8\"\r\nDate: Tue, 06 Jan 2026 13:55:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3f3d7aa152a0ce1e69a29726c0cceca3","sha1":"69e3b5d3bc12c84bcb7b39462b194cc661c1a71f","sha256":"550930879313f1fc68f523406c8d3c68598d1bc0fe5b8fe3abdf224191fcc1f2","sha512":"d39ff106bab2e4f4b0f1190b44d7779220afad477ebd82faa0bbd110070c31c37f58874b65fb6abea4991c7c4b9aaf532888260b56d25c1cdfb9fab15ac232e6","ssdeep":"","tlshash":"36a00241851056fcca47580c424d2f04093c0026bac86047f00c0a4951b545f4106237","first_seen":"2026-01-06T13:55:52.396518Z","last_seen":"2026-01-06T13:55:52.396518Z","times_seen":1,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":-1,"dns":19,"connect":20,"send":0,"wait":611,"receive":1,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hazard.team/cxmqhsayetexcqezk","fqdn":"hazard.team","domain":"hazard.team","tld":"team"},"ip":{"addr":"80.66.72.44","port":443,"asn":39238,"as":"Okb Progress LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://store.workshopvotesmod.com/","date":"2026-01-06T13:55:27.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hazard.team","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Dec 2025 20:14:43 GMT","end":"Fri, 27 Mar 2026 20:14:42 GMT"},"fingerprint":{"sha1":"C5:CC:AC:B7:47:06:DB:5D:70:66:9F:B3:4B:A0:EB:80:14:DA:1D:3D","sha256":"74:C5:84:B3:9A:32:0C:05:11:17:6E:F3:75:7D:51:17:90:A4:7F:16:A8:EB:95:5D:A8:BE:C9:6B:03:06:DC:EA"}}},"request":{"raw":"OPTIONS /cxmqhsayetexcqezk HTTP/1.1\r\nHost: hazard.team\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://store.workshopvotesmod.com/\r\nOrigin: https://store.workshopvotesmod.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nETag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nDate: Tue, 06 Jan 2026 13:55:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hazard.team/cxmqhsayetexcqezk","fqdn":"hazard.team","domain":"hazard.team","tld":"team"},"ip":{"addr":"80.66.72.44","port":443,"asn":39238,"as":"Okb Progress LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://store.workshopvotesmod.com/","date":"2026-01-06T13:55:27.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hazard.team","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Dec 2025 20:14:43 GMT","end":"Fri, 27 Mar 2026 20:14:42 GMT"},"fingerprint":{"sha1":"C5:CC:AC:B7:47:06:DB:5D:70:66:9F:B3:4B:A0:EB:80:14:DA:1D:3D","sha256":"74:C5:84:B3:9A:32:0C:05:11:17:6E:F3:75:7D:51:17:90:A4:7F:16:A8:EB:95:5D:A8:BE:C9:6B:03:06:DC:EA"}}},"request":{"raw":"POST /cxmqhsayetexcqezk HTTP/1.1\r\nHost: hazard.team\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 213\r\nOrigin: https://store.workshopvotesmod.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://store.workshopvotesmod.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":213,"data":"{\"domain\":\"store.workshopvotesmod.com\",\"referralLink\":\"/\",\"secret\":380316,\"secret2\":364697,\"u\":\"s-mk2njfr2-7bv9h09u\",\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"ip\":\"\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 15\r\nETag: W/\"f-Yt3AUbWOMeGnSd4gLMi2nZ/urcY\"\r\nDate: Tue, 06 Jan 2026 13:55:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":15,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c5b1726b0f6415d8ff91b131d12f660f","sha1":"62ddc051b58e31e1a749de202cc8b69d9feeadc6","sha256":"43d304d3e1988741f29345d8f823d854245918777b0289807347009fd280f3f9","sha512":"b2e3333339151148ffc072d719c964938fca1ae92688c5f8652b5cf0ad7fca54fb0cd8fcccdf093882f1325e367257bf2ca646e7e3f5dc15abc36ffdf7060224","ssdeep":"","tlshash":"4b6000c03c0cc00000000c3cf00000c03000300c0fcc000c000c0c0000000003f0c30c","first_seen":"2024-08-19T21:31:35.088257Z","last_seen":"2026-06-06T20:21:20.15527Z","times_seen":64,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}