{"report_id":"be036855-fff1-47da-9477-7f2eb69af3b7","version":6,"status":"done","tags":["phishing","steam","gaming"],"date":"2026-05-15T23:48:18Z","url":{"schema":"http","addr":"workshopscommunitymode.com","fqdn":"workshopscommunitymode.com","domain":"workshopscommunitymode.com","tld":"com"},"ip":{"addr":"172.67.196.62","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"workshopscommunitymode.com/","fqdn":"workshopscommunitymode.com","domain":"workshopscommunitymode.com","tld":"com"},"title":"Sign In","dom":{"size":425761,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (51410)","md5":"12603deba1c6fb7828bbafe19c4ab4ca","sha1":"747d7906646df28b123db87d95e595a7615ab0de","sha256":"9788327467946ea4873847dbd79ea5197a0b0ad3990c9d1b202e80c9c87252bb","sha512":"867c27cd21b9a07cd95af8b26bf52935caca744acd306377ca0f11ec07fa71d3c4a7b8fac8a9d5506386208381e77a00d535da6fced90710f2ac5ee6d5e236d1","ssdeep":"6144:1pIzpIdSrLMnwqqFiaWkcuoRmH9Re4mq/9u:12k4LBpiancuUoA4m1","tlshash":"f3946930960d28bd772fddd2c04316950fa9a803b62b7574a24e34fc53cbe68d6abd94","dom_hash":"domhashae88fa88eab5f260f54738e6328448c9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"workshopscommunitymode.com","fqdn":"workshopscommunitymode.com","domain":"workshopscommunitymode.com","tld":"com"},"ip":{"addr":"172.67.196.62","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-19T23:48:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"workshopscommunitymode.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Steam","verdict":"phishing","severity":"high","comment":"","tags":["phishing","steam","gaming"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Steam","verdict":"phishing","severity":"high","comment":"","tags":["phishing","steam","gaming"],"meta":null}]},"summary":[{"fqdn":"birdsandolphins.com","ip":{"addr":"104.21.31.114","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":2967,"sent_data":2303,"comment":"","tags":null,"fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}]},{"fqdn":"workshopscommunitymode.com","ip":{"addr":"104.21.76.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":1231425,"sent_data":937,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Steam","verdict":"phishing","severity":"high","comment":"","tags":["phishing","steam","gaming"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"workshopscommunitymode.com/j4bweoao3mo6.js","fqdn":"workshopscommunitymode.com","domain":"workshopscommunitymode.com","tld":"com"},"ip":{"addr":"104.21.76.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"219fa7e17d1f056c118d68b46e936ddf","sha1":"da3b186011a0ae07600156e952ca967f6b24d287","sha256":"1af2acb6c554dd3ad5d183324e0aabacb6e0e6c25bdb722b520d1324bc43c246","sha512":"bebc9d8df4e7bb49c46c5e4b5a23fb5acb2375d8f84135f1e595867a6842718f9dae437a48eb569b1f5906bd0eaf2861aa134d949ca66176e965d44aea12d72e","ssdeep":"12288:AJAM88f4LBpiancuU/rjPWvmtrDDUJAJy/aDf4NqtwhDmzxEm8kUeszV0J10eCZ5:BP1cuUH+NPjbbJww","tlshash":"c1451a306a80e1ec13178f66b72b71d5fd16089fe9487cdebc50fc94a9ab906d5e81b0","size":1178227,"data":"","first_seen":"2026-05-15T23:48:23.131218Z","last_seen":"2026-05-15T23:50:38.304633Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"birdsandolphins.com/ckklhvtceqfxchbck","fqdn":"birdsandolphins.com","domain":"birdsandolphins.com","tld":"com"},"ip":{"addr":"104.21.31.114","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://workshopscommunitymode.com/","date":"2026-05-15T23:47:56.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"birdsandolphins.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 11:18:38 GMT","end":"Wed, 12 Aug 2026 11:18:37 GMT"},"fingerprint":{"sha1":"EF:D5:F1:2E:5A:5B:92:07:BC:54:DC:D6:6C:42:9B:72:09:B0:6A:F5","sha256":"43:F8:D5:AC:80:22:DA:C2:AC:D8:4F:77:83:BD:12:B0:C4:D5:29:ED:AE:7B:FC:6F:FC:C3:35:3F:73:3A:83:F7"}}},"request":{"raw":"OPTIONS /ckklhvtceqfxchbck HTTP/1.1\r\nHost: birdsandolphins.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://workshopscommunitymode.com/\r\nOrigin: https://workshopscommunitymode.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 15 May 2026 23:47:56 GMT\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WxpdJxrVubuDhgiKTOV64GAx4Ibylt4P9V4RpGGKqrgl%2BvHQFLSv5c%2BPM%2Ftgeg1zfBJudTuHj9tVvB7TR6eCJXDkWMOmZ7u0jaM%2F5l5vO9c0f8Q%2BXVtRF2rjkBpEf2E7YBW1OuNd\"}]}\r\nserver: cloudflare\r\ncf-ray: 9fc607d67f835ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-16T02:20:40.90491Z","times_seen":15249089,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"birdsandolphins.com/ckklhvtceqfxchbck","fqdn":"birdsandolphins.com","domain":"birdsandolphins.com","tld":"com"},"ip":{"addr":"104.21.31.114","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://workshopscommunitymode.com/","date":"2026-05-15T23:47:56.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"birdsandolphins.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 11:18:38 GMT","end":"Wed, 12 Aug 2026 11:18:37 GMT"},"fingerprint":{"sha1":"EF:D5:F1:2E:5A:5B:92:07:BC:54:DC:D6:6C:42:9B:72:09:B0:6A:F5","sha256":"43:F8:D5:AC:80:22:DA:C2:AC:D8:4F:77:83:BD:12:B0:C4:D5:29:ED:AE:7B:FC:6F:FC:C3:35:3F:73:3A:83:F7"}}},"request":{"raw":"POST /ckklhvtceqfxchbck HTTP/1.1\r\nHost: birdsandolphins.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 213\r\nOrigin: https://workshopscommunitymode.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workshopscommunitymode.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":213,"data":"{\"domain\":\"workshopscommunitymode.com\",\"referralLink\":\"/\",\"secret\":533837,\"secret2\":517834,\"u\":\"s-mp7ki9rt-q2wu916n\",\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"ip\":\"\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=3,i=?0\r\netag: W/\"f-Yt3AUbWOMeGnSd4gLMi2nZ/urcY\"\r\ndate: Fri, 15 May 2026 23:47:56 GMT\r\ncontent-length: 15\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yrgbKazl9xUTRDjCEsdHA9FJ5DKHWLYxydreXHTRSLDGzSAui3DLrMlt5cdMReQzBE23DGaBnjZC5w1tH9dQEujJfMC5HHKntbH7D7Qk%2BeqjNdSi1lC3Esx2FbtR3odoPfYu25cy\"}]}\r\ncf-ray: 9fc607d6bfea56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c5b1726b0f6415d8ff91b131d12f660f","sha1":"62ddc051b58e31e1a749de202cc8b69d9feeadc6","sha256":"43d304d3e1988741f29345d8f823d854245918777b0289807347009fd280f3f9","sha512":"b2e3333339151148ffc072d719c964938fca1ae92688c5f8652b5cf0ad7fca54fb0cd8fcccdf093882f1325e367257bf2ca646e7e3f5dc15abc36ffdf7060224","ssdeep":"","tlshash":"4b6000c03c0cc00000000c3cf00000c03000300c0fcc000c000c0c0000000003f0c30c","first_seen":"2024-08-19T21:31:35.088257Z","last_seen":"2026-05-15T23:50:38.302261Z","times_seen":60,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":0,"dns":1,"connect":0,"send":0,"wait":138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"workshopscommunitymode.com/","fqdn":"workshopscommunitymode.com","domain":"workshopscommunitymode.com","tld":"com"},"ip":{"addr":"104.21.76.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-15T23:47:55.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"workshopscommunitymode.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:37:58 GMT","end":"Wed, 12 Aug 2026 14:37:57 GMT"},"fingerprint":{"sha1":"20:2D:C6:C0:1D:AA:D0:73:2C:47:07:0F:9C:E4:CE:30:F7:80:5D:DB","sha256":"52:5F:73:FA:65:AF:01:F8:A3:BE:66:73:41:A5:33:32:C7:F1:30:A7:38:B7:FD:E9:47:27:21:3B:C3:9B:80:02"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: workshopscommunitymode.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 15 May 2026 23:47:55 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 15 May 2026 09:37:46 GMT\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mxXqfokDcaD6LqZLdnBdxQaW6nqxC2T7Powu3vxQRj7W5tvJIwEVPyzCpYG7ajslXa%2FWA%2FhZ85urZUlBE%2FRnVnM59v3LQ38DQ%2BxDBkAELnYy27aYYdMh6w3v4Vt8RevD8RuM%2F1tVp54fbk2DQw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9fc607ceef0b8be6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51795,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (51411), with CRLF line terminators","md5":"1e020d11f2e81bacab7c2615354c9954","sha1":"ced305c984cce8697b15ce540830ce1c342f5fef","sha256":"075f113a77cc917ebe29de20d6ec0cc3213ef70ea100ecddc2424026a92c140e","sha512":"051787e81d4bbceb550600d4d421ffa81f8c198e7b59bc7635521c7bf405d7101adb324d60f69a6a047fc9bb358997a231f26beba5ed8cc07428da44da7fd5cb","ssdeep":"1536:4G9/ngwT22Cjfr6h1ZDHa5KQyRPBXy1UP:t1gwaf6dEURoE","tlshash":"db33c17076a0591cdfdf8f7a89915e501e379cdbf847a854e32e348a5a40ee2e9dc380","first_seen":"2026-05-15T23:48:23.122221Z","last_seen":"2026-05-15T23:50:38.302952Z","times_seen":2,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":108,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"workshopscommunitymode.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Steam","verdict":"phishing","severity":"high","comment":"","tags":["phishing","steam","gaming"],"meta":null}]}},{"url":{"schema":"https","addr":"workshopscommunitymode.com/j4bweoao3mo6.js","fqdn":"workshopscommunitymode.com","domain":"workshopscommunitymode.com","tld":"com"},"ip":{"addr":"104.21.76.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://workshopscommunitymode.com/","date":"2026-05-15T23:47:55.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"workshopscommunitymode.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:37:58 GMT","end":"Wed, 12 Aug 2026 14:37:57 GMT"},"fingerprint":{"sha1":"20:2D:C6:C0:1D:AA:D0:73:2C:47:07:0F:9C:E4:CE:30:F7:80:5D:DB","sha256":"52:5F:73:FA:65:AF:01:F8:A3:BE:66:73:41:A5:33:32:C7:F1:30:A7:38:B7:FD:E9:47:27:21:3B:C3:9B:80:02"}}},"request":{"raw":"GET /j4bweoao3mo6.js HTTP/1.1\r\nHost: workshopscommunitymode.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workshopscommunitymode.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 15 May 2026 23:47:55 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:37:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"6a06e96a-11fac1\"\r\nexpires: Sat, 16 May 2026 23:47:55 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OxXI0nMMizZNIpaR%2FO3Nc31SXOF6DaraTeFQzlu59Kk4GtYz1YF8fVA09GDty1oOhqLmibaU%2FcRYph5BtP8wac1Vaa26IjX9VHbi348wKFPATYnhjejgk1FODpllYpwkQsuDMlmOdA0XDOoLIQ%3D%3D\"}]}\r\ncf-ray: 9fc607d10a418be6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1178305,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (62417), with no line terminators","md5":"77a3dca8352d1c383d75224bdb584bd7","sha1":"295ac3f416b6a663e547f45156af80831d071d81","sha256":"7952cebdcc6a13a13b16e4a5ae22b932f850051c0edb8b43296c3e6678d5da6d","sha512":"cd0c626d27b2a0da54bcfc26c7411d5ea4df5db2f63c0ab9af12e4471e8cddd7fcb25d88c5ff77bdef388dbeb577c2b8d2c94d48494b97197f4676da72471c2e","ssdeep":"12288:AJAM88f4LBpiancuU/rjPWvmtrDDUJAJy/aDf4NqtwhDmzxEm8kUeszV0J10eCZk:BP1cuUH+NPjbm","tlshash":"32351b306a80e5dc13578f26b72b61d4fd16489fe9487cdebc50fc98a9aad07d1e81b0","first_seen":"2026-05-15T23:48:23.125409Z","last_seen":"2026-05-15T23:50:38.303621Z","times_seen":2,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"workshopscommunitymode.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Steam","verdict":"phishing","severity":"high","comment":"","tags":["phishing","steam","gaming"],"meta":null}]}},{"url":{"schema":"https","addr":"birdsandolphins.com/dnmcsuqivotqitrwqjmclxhydueasihfexxpijejhpujjn","fqdn":"birdsandolphins.com","domain":"birdsandolphins.com","tld":"com"},"ip":{"addr":"104.21.31.114","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://workshopscommunitymode.com/","date":"2026-05-15T23:47:56.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"birdsandolphins.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 11:18:38 GMT","end":"Wed, 12 Aug 2026 11:18:37 GMT"},"fingerprint":{"sha1":"EF:D5:F1:2E:5A:5B:92:07:BC:54:DC:D6:6C:42:9B:72:09:B0:6A:F5","sha256":"43:F8:D5:AC:80:22:DA:C2:AC:D8:4F:77:83:BD:12:B0:C4:D5:29:ED:AE:7B:FC:6F:FC:C3:35:3F:73:3A:83:F7"}}},"request":{"raw":"OPTIONS /dnmcsuqivotqitrwqjmclxhydueasihfexxpijejhpujjn HTTP/1.1\r\nHost: birdsandolphins.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://workshopscommunitymode.com/\r\nOrigin: https://workshopscommunitymode.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 15 May 2026 23:47:56 GMT\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pB4RyHVLEZudSTLaJQBaHQwnlwv3hwrPMfG6gcG0Z0bvnzACwH43STBYWew19hMk0roXaN8UHAHOX8QZR72obzOSVHAFwREZ7T6Kg7RkH8abZHPMIhMVtRC364qCvrx61qUApgue\"}]}\r\nserver: cloudflare\r\ncf-ray: 9fc607d44c915ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-16T02:20:40.90491Z","times_seen":15249089,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":15,"dns":8,"connect":1,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"birdsandolphins.com/dnmcsuqivotqitrwqjmclxhydueasihfexxpijejhpujjn","fqdn":"birdsandolphins.com","domain":"birdsandolphins.com","tld":"com"},"ip":{"addr":"104.21.31.114","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://workshopscommunitymode.com/","date":"2026-05-15T23:47:56.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"birdsandolphins.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 11:18:38 GMT","end":"Wed, 12 Aug 2026 11:18:37 GMT"},"fingerprint":{"sha1":"EF:D5:F1:2E:5A:5B:92:07:BC:54:DC:D6:6C:42:9B:72:09:B0:6A:F5","sha256":"43:F8:D5:AC:80:22:DA:C2:AC:D8:4F:77:83:BD:12:B0:C4:D5:29:ED:AE:7B:FC:6F:FC:C3:35:3F:73:3A:83:F7"}}},"request":{"raw":"POST /dnmcsuqivotqitrwqjmclxhydueasihfexxpijejhpujjn HTTP/1.1\r\nHost: birdsandolphins.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 68\r\nOrigin: https://workshopscommunitymode.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workshopscommunitymode.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":68,"data":"{\"d\":\"workshopscommunitymode.com\",\"u\":\"s-mp7ki9hb-7fu3eg40\",\"ip\":\"\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 15 May 2026 23:47:56 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"3a-n83Zw6hDE4SB4wGwoAO+xxAFCSI\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eu%2F9rW%2Fq0k6sXTMXmnlEsW0DvUj5pZz7JSpQRPPy1DJNXLC9dWO9pkudrrbcKqqN273StNsTsrP9C7%2Bb7NPq4NcJhloHaU3hE4%2BAaJsNJEMjBri9OwPK%2BGS3Pz3zVj%2FM6QWLa9bu\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fc607d4ad195ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0e8643f64718e4bbb824eb7f6b6afb4c","sha1":"9fcdd9c3a843138481e301b0a003bec710050922","sha256":"4fa6d661c9fb99f141b45df22435aff17b8344283f203d7b2fc64edbc7ad1aab","sha512":"b239aa1b97fca1d279b077193efe0d7b532b3adbf8de702b81a16fadeaed0701486f102bc2a40f7ab97770822bdb25ecd3466b76fc48f668c774bb155b7d1cd5","ssdeep":"","tlshash":"67a00245452159fc8907080c938d6f00097d142669c56047f40c4a8891b101f4005133","first_seen":"2026-05-15T23:48:23.128279Z","last_seen":"2026-05-15T23:48:23.128279Z","times_seen":1,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}