{"report_id":"6e4876ff-8e2a-4bad-bdc5-dbb219fe1a32","version":6,"status":"done","tags":[],"date":"2026-05-06T10:53:44Z","url":{"schema":"http","addr":"v1.token2049.cyou","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"final":{"url":{"schema":"http","addr":"v1.token2049.cyou/?tr_uuid=20260506-2053-2333-8f46-3918802fe270\u0026fp=faed01b113cfb270c624ee1aa793ad6c","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"title":"token2049.cyou","dom":{"size":173,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"25ff89f3a651b3cf350cb915713c7109","sha1":"80828ef6244bb7bdf05ce71c7a5fa59664aa510c","sha256":"2af230ece5753ee359f095a242d22df7b4b5a9b56209a6bf369df61fb159fc31","sha512":"f73a97d6a22605d88aa88438c81418ef6fbcfd376ba6a317d65516bf17d58cb77591e0c5ea256a57b7a324396ec1161b9b9cc1382099ada05d191edb518f7fba","ssdeep":"","tlshash":"6bc08c5aed42c40bd8002aa0cae3f5c44fbcf92882c4cdc092c6c8faa4847f4c9315a1","dom_hash":"domhasha3587a81513907154e5202abb4a9b95b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"v1.token2049.cyou","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-10T10:53:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"v1.token2049.cyou","ip":{"addr":"103.224.212.122","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"domain_registered":"2025-04-29","domain_rank":0,"first_seen":"2026-05-06T10:53:44.695356Z","last_seen":"2026-05-06T10:53:44.695356Z","alert_count":10,"request_count":5,"received_data":36389,"sent_data":2421,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"v1.token2049.cyou/","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"03817d595910e919293921461be80bfa","sha1":"c024b2f72d495a52861c2da30a881e19c94dc517","sha256":"66d33e53870594c768efbb2bc15c161ba38e7a98859675621591b53184fc29e0","sha512":"28a5f7eb23d58e3096c10cc672b64ca5e0eceeca4f950c7e8c728825fecc9fd8025e51c6d7959be984c7cf9311decc608ea0aac2d490175b804b8d6ddec91335","ssdeep":"","tlshash":"dbf0d44cb5de3863b93424af4ef4401ec17b0648018ca97cd007771c9c4215bf059deb","size":513,"data":"","first_seen":"2026-05-06T10:53:46.998912Z","last_seen":"2026-05-06T10:53:46.998912Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v1.token2049.cyou/js/fingerprint/iife.min.js","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":false,"md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","size":34240,"data":"","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-06-07T11:35:40.048741Z","times_seen":60913,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"v1.token2049.cyou/?tr_uuid=20260506-2053-2333-8f46-3918802fe270\u0026fp=faed01b113cfb270c624ee1aa793ad6c","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"2228e977ebea8966e27929f43e39cb67","sha1":"7c338ed2840d2bf55f9f5e4eed04f66c80840eb3","sha256":"6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167","sha512":"ff9f010b5bdd7591d052fdb8cfc6e7b842f8f973ab37a91ea5e16449c17e9278d9f95f265b0508f083348376aeb16d7f02b7b86cde634e8c9f875287049360de","ssdeep":"","tlshash":"c72000000000000000000000000000300030000000000000000000300c000000000000","size":3,"data":"","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-06-07T04:08:59.013888Z","times_seen":7838,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"v1.token2049.cyou/js/fingerprint/iife.min.js","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://v1.token2049.cyou/","date":"2026-05-06T10:53:24.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flrealestatebot.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 14:27:51 GMT","end":"Sat, 01 Aug 2026 14:27:50 GMT"},"fingerprint":{"sha1":"26:2D:17:A3:F5:AC:3F:64:9C:75:95:C3:DB:D1:E8:C9:8D:B7:B7:DF","sha256":"62:B8:5A:7F:10:F4:D6:13:65:38:3E:EE:1D:B8:99:87:25:DD:77:A3:EA:66:C4:7F:2E:AA:A8:82:E5:96:FE:87"}}},"request":{"raw":"GET /js/fingerprint/iife.min.js HTTP/1.1\r\nHost: v1.token2049.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v1.token2049.cyou/\r\nCookie: __tad=1778064803.5156443\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Wed, 06 May 2026 10:53:24 GMT\r\nserver: Apache\r\nlast-modified: Tue, 22 Oct 2024 03:25:44 GMT\r\netag: \"85c0-6250853133e00\"\r\naccept-ranges: bytes\r\ncontent-length: 34240\r\ncontent-type: text/javascript\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":34240,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33896), with CRLF line terminators","md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-06-07T11:35:40.048741Z","times_seen":60913,"resource_available":true,"data":null}},"time_used":989,"timings":{"blocked":330,"dns":1,"connect":158,"send":0,"wait":169,"receive":159,"ssl":169},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v1.token2049.cyou/favicon.ico","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://v1.token2049.cyou/","date":"2026-05-06T10:53:24.731Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: v1.token2049.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v1.token2049.cyou/\r\nCookie: __tad=1778064803.5156443\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T12:09:50.953634Z","times_seen":16211433,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":155,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"v1.token2049.cyou/?tr_uuid=20260506-2053-2333-8f46-3918802fe270\u0026fp=faed01b113cfb270c624ee1aa793ad6c","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-06T10:53:25.041Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?tr_uuid=20260506-2053-2333-8f46-3918802fe270\u0026fp=faed01b113cfb270c624ee1aa793ad6c HTTP/1.1\r\nHost: v1.token2049.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __tad=1778064803.5156443\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Wed, 06 May 2026 10:53:25 GMT\r\nserver: Apache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 146\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":175,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"d720a464bfd070e5ced22f440eb51488","sha1":"4e537df7e15e86e61890225fe808bc95582532a0","sha256":"909e18d7de9d6d65e3cf838b34a787ec0963b618e41939edc504ad886cc53ff4","sha512":"7ca150fb176341b4afc2110015c422122a4300b441e74137c691bc3ae52e60d8b0ef8d9bbaf369ed50b73ec96971453edf4e2d3fcbeefaf6bb65ccad2019f066","ssdeep":"","tlshash":"aec08c5add02c887c9102aa4cbe3f5c04eb9b91882c4ccc052c7c4b7e4886e8cd364ad","first_seen":"2026-05-06T10:52:48.938178Z","last_seen":"2026-05-06T11:00:55.099024Z","times_seen":6,"resource_available":true,"data":null}},"time_used":517,"timings":{"blocked":163,"dns":1,"connect":162,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"v1.token2049.cyou/favicon.ico","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://v1.token2049.cyou/?tr_uuid=20260506-2053-2333-8f46-3918802fe270\u0026fp=faed01b113cfb270c624ee1aa793ad6c","date":"2026-05-06T10:53:25.516Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: v1.token2049.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://v1.token2049.cyou/?tr_uuid=20260506-2053-2333-8f46-3918802fe270\u0026fp=faed01b113cfb270c624ee1aa793ad6c\r\nCookie: __tad=1778064803.5156443\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 403 Forbidden\r\ncache-control: no-cache\r\ncontent-type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":94,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"e96ddceb1c305b9ad21eaae42522c26f","sha1":"ad08ae39a71ed5ba992b8b5dabc450d046354696","sha256":"9221cfedfc5e03790f46c7890bca21fcc47c5788d89dab0aa0799c492b6ae78a","sha512":"1cc850f76467645447e9935f4de13ede698727b4fb598c7bd36de2779596d8b5a85cb94b0cf1fb2259ad1d988f1f199e3f4c310dfdc22fcdd378b8e773f0dbd5","ssdeep":"","tlshash":"bdb012cf360e0d0cbb9307d24dc71bb01c2e836c2c46001027859a333400075cda71cd","first_seen":"2023-04-09T07:10:46Z","last_seen":"2026-06-07T08:13:12.495541Z","times_seen":7930,"resource_available":true,"data":null}},"time_used":322,"timings":{"blocked":0,"dns":1,"connect":158,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v1.token2049.cyou/","fqdn":"v1.token2049.cyou","domain":"token2049.cyou","tld":"cyou"},"ip":{"addr":"103.224.212.122","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"Australia","country_code":"AU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-06T10:53:23.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flrealestatebot.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 14:27:51 GMT","end":"Sat, 01 Aug 2026 14:27:50 GMT"},"fingerprint":{"sha1":"26:2D:17:A3:F5:AC:3F:64:9C:75:95:C3:DB:D1:E8:C9:8D:B7:B7:DF","sha256":"62:B8:5A:7F:10:F4:D6:13:65:38:3E:EE:1D:B8:99:87:25:DD:77:A3:EA:66:C4:7F:2E:AA:A8:82:E5:96:FE:87"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: v1.token2049.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Wed, 06 May 2026 10:53:23 GMT\r\nserver: Apache\r\nset-cookie: __tad=1778064803.5156443; expires=Sat, 03 May 2036 10:53:23 GMT; Max-Age=315360000\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 571\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1069,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"5bd36105e6ce1fbcde0c2158533d32ab","sha1":"90e51f44bd667d97e0fef6309a1ee321291e5bd2","sha256":"5077f9d1bec2547cec47b3b82798165e5501b2ae6715fa938172d464dc96d1e5","sha512":"e179ea5c7e2bd58b43e09508290ba3e933ec9c00d345395305652c4c8878d1138b939d3e310f1fdc5432d9e5f472a037e0f86479019098b0ccd1c95fcda7149a","ssdeep":"","tlshash":"0311e209bdc79813f921699a8ef0e01dd067270cc1cc8d2dd086f5685c916c9ac5b9dd","first_seen":"2026-05-06T10:53:46.997468Z","last_seen":"2026-05-06T10:53:46.997468Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1250,"timings":{"blocked":542,"dns":207,"connect":160,"send":0,"wait":166,"receive":0,"ssl":172},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-06","alert":"Sinkholed","trigger":"v1.token2049.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}