{"report_id":"78e0cadd-f94d-4afb-82e5-305839564616","version":0,"status":"done","tags":[],"date":"2026-07-01T00:29:12Z","url":{"schema":"http","addr":"bty89.com","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"final":{"url":{"schema":"https","addr":"bty89.com/","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"title":"天游棋牌 - 专业棋牌游戏平台","dom":{"size":8574,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"35c6c7c6c51b4a06cca4c6dfb454a346","sha1":"7bd3d9e8b39388de4c2afd11742c9f90ab882ef2","sha256":"3d5326511312224d2546febe2838c464985b0bc9f3c3aefb981e6b0a57bef07f","sha512":"35a5d5daa5e909782fbb97556b8b35c325a16bd064146d0241f9024634fbc00546f62959c25b5b82fcaa3d4c55dfea045d5234b0a75f48ae05fc71479a0de6f8","ssdeep":"192:0IZrnMZjBPCpnDZ0CPBfE/k1mp6rPlyJzmRF4sArtg:gjmX7Artg","tlshash":"f902752660e3115b2833d1a66ff3171b6664d407c20bc9a87ecd15cdef89ac9c8a338c","dom_hash":"domhash68151781dee7f7d6b79191cedd0be75b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bty89.com","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-05T00:29:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"154.204.28.53","ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":9,"received_data":295177,"sent_data":4981,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bty89.com","ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"domain_registered":"2026-05-06","domain_rank":0,"first_seen":"2026-07-01T00:25:38.701641Z","last_seen":"2026-07-01T00:25:38.701641Z","alert_count":108,"request_count":27,"received_data":2344437,"sent_data":13329,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"sdk.51.la","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2005-01-17","domain_rank":347679,"first_seen":"2021-03-08T16:03:51Z","last_seen":"2026-06-30T11:50:17.538172Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":451,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bty89.com/e/dongpo/tz/tz.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2de02817ac5ff7e2e2e352db0fe1ba7","sha1":"1108e2fd9f1777b86486310b5e798c0ae8297b3d","sha256":"1b77dda8f7ffcd6fef90d337b161d431d2f61a55fe74a019541ba8d5c8736184","sha512":"1089cfb972c6c2c1f27ee76685ee63943aec9ef5930739ce6412385903fa137aad0a2a5604ff3c7e02babad12f872d28cf090274dc95119087ce5908424c1dab","ssdeep":"","tlshash":"fc215c7fae631154911691592bba776c3a3a001b6701c8307afcbe685f52f429487bd4","size":1158,"data":"","first_seen":"2026-06-08T19:26:41.283541Z","last_seen":"2026-07-01T00:29:17.663242Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/bootstrap/js/bootstrap.bundle.min.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"21d4551af5cc4ed4d818bdbdfea8c358","sha1":"df272a07ed30eaf8025b699c45736ba9d284e4d4","sha256":"35f4547d9364111aca4850347356bc5660a994f0d8b694d88f995098a7b547fa","sha512":"4dcd22faf4688265f834deedb8b6d07c1c5af0991f512031485573994df59d5747ca21c494f3f2d9c59f15a7260892b0d15aa8bebcca85d7764d24cc740c69da","ssdeep":"1536:/SwJiEbnTl6R2t49CFliFCIg/yWszSraJd5qUFH9tZwcE+iYZMgZdj:6wfs+SSO5q4tZwcEVYZFj","tlshash":"2383b5593244b8730ade85b68037430bf2265998b14b812cb57cadde2a7dcc67277f78","size":80821,"data":"","first_seen":"2025-06-18T01:20:12.005242Z","last_seen":"2026-07-01T06:50:03.783689Z","times_seen":2463,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/swiper/js/swiper-bundle.min.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"21b78ba7133b3d67cf8b09cd6a26d386","sha1":"ea59f37b232db6dee2694078bf21e153a09bacdd","sha256":"6f9df49fe12f77b66daba876cb33b7090b2443f570a2a4b9541cddd705440aa5","sha512":"dc48bb38f168f37930ddc3db0cb78b867fd817cb5907b56cf2c7e58b407f2847a4bab78be5ea2c0deb216052020afb782bc8b4c948a5fe52b77128a27365a392","ssdeep":"1536:TIJQfGP7LP8NEuWGKF+IlzholxU/2Bkt+9SD8jv1nTHlU9ymp8Mj0HEOS5hAsVuZ:0JCN+TXD2BkQZFU9tp8Mj0k95h5cpnv","tlshash":"02d3f8896221b57646e316db93e4c221a3b50544b80ac8f470bd4c9f597ec9813feffa","size":140562,"data":"","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-07-01T06:50:03.815125Z","times_seen":5038,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/bootstrap/js/home.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"16c93ef01acd14ec64c07020d638253e","sha1":"9c7b9d1a61977675c7f128bf2e27093d3cfe37f6","sha256":"f0795e9620ff382d585e15e40f303b394863fc5fa3dbdecd140adcbc4e51ffd2","sha512":"218d41ff60e128ff13105f9d376cfac1b80401527884da7b6179bab1fe8e9aa9e5959873bc5385798c8a5c6fb7aedce8e68b17112833cc16c096e0dc214d35ea","ssdeep":"96:6P7fgtAVMsSMCM1vUrp8KtQJQ1l/2o3RV0uRC6v6qyS+KQkIF:6P7fg+VSVAvUr2KaG1Zd3YuRriqyDKQH","tlshash":"91c1551a62b42433447775bb97af57c477212087b8c6ec393dfcc6080f845aa59f1aea","size":5802,"data":"","first_seen":"2025-10-09T23:37:04.756251Z","last_seen":"2026-07-01T06:50:03.807722Z","times_seen":1087,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/e/dongpo/tz/tj.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bf60b5cf9c764caf9e85228dc7bfc33","sha1":"22b0d1971d7ec1ec3bb55ff4771752db18eab9ef","sha256":"1a32c475f692c3c84f550cc194a92fff3df6368293bbec3b8e67a42bc2d92306","sha512":"681c26eab518649736ea2c6302120b5a61e0b0749375c8933c7c890b6195de0c6e09a4184c9af8c5fd0f5e5eeda63ba803574bee4c44737899ccd18ce14c97c9","ssdeep":"","tlshash":"8601f11f7c25e13463921c2d23bbdadcf5ad2016101dc80654dec4ad6c34ff9042ab4c","size":808,"data":"","first_seen":"2026-03-03T01:17:34.078046Z","last_seen":"2026-07-01T02:05:27.806882Z","times_seen":678,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"e534a5cbd2df3aaed4e2bb405780d2a7","sha1":"bd4ac483c7629ef832aaa724291e5f3c97013e14","sha256":"4df2c5608d78458b37f68c0612223902a6b6ea8d31ff8124ed0eff7589fc03be","sha512":"4a5e434560cf6e8e9c071dd0cc5e8c2442dafdfbcba638c0c7e90bdc5a74deee42bbd2a2a1b7452addb1a807443c6c4db4eb30e1cb2629ebe39320e9c7d36662","ssdeep":"","tlshash":"d4f0dcae9c51e178abc338ac9bafda88c16e1026110ecc03a9d9c5ce3c38fc8042134c","size":492,"data":"","first_seen":"2025-05-26T01:34:30.601443Z","last_seen":"2026-07-01T01:07:48.729698Z","times_seen":268,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/js/link.js","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"1ef01f9c5d284a302acc684831315f1c","sha1":"934fd7e8a7b30c8da818ab4cb713df44820136a1","sha256":"c67e613a7b58d7d12ecdea9853830aa6ada030af94425ca285230f2dd03197a2","sha512":"ef8518da3748d9a283e1e6f7f1be441c39307cef5cdf702a08721667cb93f8ce22a15bb3e4b2a479483d3ea6449b6612f2858ae82116f4763c160dd8854108f1","ssdeep":"","tlshash":"b2319c5ce6d039321d274867699b2d14b293400bbc0aec42f79d4ac0dfb172e4b7ade4","size":1744,"data":"","first_seen":"2026-06-30T17:40:30.053012Z","last_seen":"2026-07-01T00:29:17.661026Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/365pc.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.568Z","timestamp":1782865723568,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/365pc.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-2255\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8789,"size_decoded":9164,"mime_type":"image/png","magic":"PNG image data, 189 x 44, 8-bit/color RGBA, non-interlaced","md5":"e0c9d379cd4926e815abd7d25c32f5e4","sha1":"e9a1fb55262d96495f14da278c7242cc3fda956b","sha256":"7b50586f667edbeb0c3d573a44d40742354c385a2d7ae1971aa4b0173c11173d","sha512":"519aaeff0baab73e269e86413df78c8563728cb4b1f17e448877c4853a726df366f201b9e869078a4fa460517530a84b5ae9da4290511aeb4d0b93aecb9ac99c","ssdeep":"192:6ZTS99EegUNgEBTJ35PgUUxiKlqSvxV5mG5pqghmCoTHV0:2YzgogEr35Y7cK1YGmAMT+","tlshash":"1e02a0bc5a62079b3d1aa9f8172c54f1fdd070eb411f7c99947d201b0c68a1c83af4a3","first_seen":"2025-01-31T12:39:53.02929Z","last_seen":"2026-07-01T02:05:27.790049Z","times_seen":699,"resource_available":false,"data":null}},"time_used":791,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":791,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/xpjpc.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.570Z","timestamp":1782865723570,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/xpjpc.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-5800\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22528,"size_decoded":22646,"mime_type":"image/png","magic":"PNG image data, 183 x 55, 8-bit/color RGBA, non-interlaced","md5":"c53d923594566be7e0e41e8d720c0ac0","sha1":"e16a4b701d10291bbff90178e8b0d5f576e00821","sha256":"021994557d1d9642fdc16a0d8f6e471bec81bea7f366de6ef631f536c165418b","sha512":"554f7d6d44d26905610a65e21bd157ec30fef501c356e97787deca22f9089216f59e284f0effab7b18da89134af594d4ffd5eed889b1b5a4d5a5412456b9832e","ssdeep":"384:QfchEzlZmrXTjUDkJe2tERBxq2ceTdr1lFJ3d2Oo+UQSYJshjRHXvcQ:QfchEzrmrXTjUhP42cKpFJ3lo+UHYa//","tlshash":"fba2e0f1f36ff1b54a924d554cf8e2b080978942e088ee6135cb204acade8d31d993e7","first_seen":"2023-05-07T20:04:35Z","last_seen":"2026-07-01T02:05:27.799245Z","times_seen":838,"resource_available":false,"data":null}},"time_used":790,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":790,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/dfpc.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.576Z","timestamp":1782865723576,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/dfpc.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 11:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d8daa-1c49\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7241,"size_decoded":7616,"mime_type":"image/png","magic":"PNG image data, 200 x 50, 8-bit/color RGBA, non-interlaced","md5":"9ca63936da71d994267413c9b4d62583","sha1":"0083b92ce28904d8c01cca591a852d218c944d3e","sha256":"909c9c1f9b2ee3b6ebe305b395b454cb597ae2b4ad8ec0db3a57c2e678bb685a","sha512":"2c01f6e39b4f8c4ff7d8c2d20640c9d80b50ebb49351d32c4e0263b11abbb721b6af3c4d27c308f6e26d4f9e0c5f08045c0d235b3ef1a587eaa1df578c7c333b","ssdeep":"192:FxLpy98iKPdw9eYyJIoxrBG3GFQVnpq1fw5qDQ/7os:F1pyNIq9e1Zrg3GFQVnp2YsQ/j","tlshash":"78e18e3b8e8c2754c1551385a136fab4d8791ef331f4923e9a257c22dd52ab2c921386","first_seen":"2026-03-01T01:18:02.55958Z","last_seen":"2026-07-01T00:29:17.658147Z","times_seen":464,"resource_available":false,"data":null}},"time_used":787,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":787,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/about-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.492Z","timestamp":1782865721492,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/about-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 70458\r\nlast-modified: Mon, 11 May 2026 16:14:53 GMT\r\netag: \"6a02007d-1133a\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70458,"size_decoded":70731,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 685x456, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e73b80682272d0c49194e77ec9e6f798","sha1":"46b6ea57c6014702ba3c75b1c84f2636427c396e","sha256":"5658b8b994e187b9acc94921c4b3d86066b00de9093977d45481b703a72a6de9","sha512":"3bb83cdfc685b1338d14091b09249e0611fbe6da9b12056b23c4e339326877715d030ffbab0e27b6ba546815eca8c72aebd1467a1928208b069f3e782399a7a6","ssdeep":"1536:Jl6Qk5PhXFae2ekN8Ju0gMeyApdZxPoF3wKT7oYmJOf:HRW1a/N8eMypDxgPXoYt","tlshash":"4a630141c3ecf80bdd78b2c4688e8aed1f3d4add13c67c50617daee4b68a524b911b25","first_seen":"2026-07-01T00:29:17.658709Z","last_seen":"2026-07-01T00:29:17.658709Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1406,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1169,"receive":237,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/judge2-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.500Z","timestamp":1782865721500,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/judge2-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 154034\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-259b2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154034,"size_decoded":154308,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 799x570, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a1053736c58d2a618ab07059ba2ba076","sha1":"e6de2a26ef11c810c047da85046aeac1b83dcb12","sha256":"6e1a9ddee5c47e89f7d2b4d790956f961a7db9d0e2605d798b08395e3a5121fa","sha512":"918e605fe90ac0d32c63359b715e517053148d38311bc2b92d9618fb700cc4c5c7626391c2bb4ff78b6d92bdffcdbb2051a69ec6a0d2b673d907a7d93f405100","ssdeep":"3072:2ZEYfOM4eg/74BEM1qavG2aJBogNVIyfNIMVrKRVeuPc518EPAWKWg4GEv3:2ZEQPCeEMbu2QeS+MCAuPc51vPtg4GEf","tlshash":"9de312e7b25e2f7b1970c00b8aa2f10646cc6429d73b4c43d9dfb74781da9d2969c6d0","first_seen":"2026-07-01T00:29:17.659927Z","last_seen":"2026-07-01T00:29:17.659927Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1969,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1398,"receive":571,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/js/link.js","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.560Z","timestamp":1782865723560,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/js/link.js HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 30 Jun 2026 15:17:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a43de1d-6d0\"\r\nexpires: Wed, 01 Jul 2026 12:28:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1744,"size_decoded":1008,"mime_type":"application/javascript","magic":"ASCII text","md5":"1ef01f9c5d284a302acc684831315f1c","sha1":"934fd7e8a7b30c8da818ab4cb713df44820136a1","sha256":"c67e613a7b58d7d12ecdea9853830aa6ada030af94425ca285230f2dd03197a2","sha512":"ef8518da3748d9a283e1e6f7f1be441c39307cef5cdf702a08721667cb93f8ce22a15bb3e4b2a479483d3ea6449b6612f2858ae82116f4763c160dd8854108f1","ssdeep":"","tlshash":"b2319c5ce6d039321d274867699b2d14b293400bbc0aec42f79d4ac0dfb172e4b7ade4","first_seen":"2026-06-30T17:40:30.053012Z","last_seen":"2026-07-01T00:29:17.661026Z","times_seen":7,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/1552215839168.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.577Z","timestamp":1782865723577,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/1552215839168.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-2a6b0\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173744,"size_decoded":174162,"mime_type":"image/png","magic":"PNG image data, 488 x 147, 8-bit/color RGBA, non-interlaced","md5":"ce2e5b88612ff5d0c083357995805cb1","sha1":"ee211057d855fb16fcbbc4dd280c54d0e8be9445","sha256":"8d2484ecd64a9270ab446bebd54998c84015ccac62e322332ff027218cc11c54","sha512":"5c3a7cc91ed1cc8f9064538fd154dd31addf4705eea3767bd444c06cc64dfedc9bdccee584936bd2b6a4f142820d0bdd74213497247a59759e89d79fa5bfd896","ssdeep":"3072:7jOt+RYVDFMiydCbjFViIj2qBEn0uzBdtt/jU4SyaguPpoQE3TqtGMFR++gcKiYF:fOARYVFMiyyhViycrTLw4vagkpoQE3T/","tlshash":"c204124c9c4413f186c9f265e2068884e57fc915427c342b37c9e3fb4da6a4927baf32","first_seen":"2023-09-28T01:03:26Z","last_seen":"2026-07-01T00:29:17.661648Z","times_seen":748,"resource_available":false,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":785,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:42.665Z","timestamp":1782865722665,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 08 Jun 2026 14:48:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a26d626-218f\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8591,"size_decoded":3104,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"bbc2b63decb677afe8b20d2688514848","sha1":"60b61e8d544b1419780fb09cb045d56bad33013d","sha256":"2cf25b7079bed8f0398a8d35fafc9fdfcbb5ede33a68ca39dfd3d9fa44d50d52","sha512":"c4c41280185cdceaa24cc2451122f63678d55de7d61dd4a3a915fc1580dde51425ed2ffbe74ba775260e4e75e2328f5751cddd63dfd13964f686a19003a3fcd1","ssdeep":"192:gIlrnMZjBPCpnDZ0CPBfE/k1mp6rPlyJzmRF4sArt+:gjmX7Art+","tlshash":"b302752660e3115b283391a66ff3171b6664d507c20bc9a87ecd55cdafc9ac9c8a338c","first_seen":"2026-06-06T23:41:28.927478Z","last_seen":"2026-07-01T00:29:17.662191Z","times_seen":122,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":-1,"dns":0,"connect":263,"send":0,"wait":264,"receive":0,"ssl":269},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/fontawesome/css/all.min.css","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.474Z","timestamp":1782865721474,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/fontawesome/css/all.min.css HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 01 Jul 2025 22:17:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68645e64-1907e\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":102526,"size_decoded":23140,"mime_type":"text/css","magic":"ASCII text, with very long lines (52276)","md5":"c43cd173eeeba2f72aa6b431d06b8c07","sha1":"427a692f7f39eabb3d5b8510aee2743025daf813","sha256":"c880eb3d25c765d399840aa204fec22b3230310991089f14781f09a35ed80b8a","sha512":"02f6f6422b83104bc1e1b64961d7edda63635528417ed2dd3c6f0527457b8ab4cb43c528d2a70fc61e0f96aec6e6d1a6d2b53ed523e1568b6d78ba41111c1393","ssdeep":"1536:vwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPG9ZpgmLCq:P709gMGFiyPG9ZimLCq","tlshash":"4fa3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2024-01-04T18:36:36Z","last_seen":"2026-07-01T07:54:23.879346Z","times_seen":12335,"resource_available":false,"data":null}},"time_used":853,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":853,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/e/dongpo/tz/tz.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.478Z","timestamp":1782865721478,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /e/dongpo/tz/tz.js HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 10 Jun 2026 11:53:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a295041-486\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1158,"size_decoded":850,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"d2de02817ac5ff7e2e2e352db0fe1ba7","sha1":"1108e2fd9f1777b86486310b5e798c0ae8297b3d","sha256":"1b77dda8f7ffcd6fef90d337b161d431d2f61a55fe74a019541ba8d5c8736184","sha512":"1089cfb972c6c2c1f27ee76685ee63943aec9ef5930739ce6412385903fa137aad0a2a5604ff3c7e02babad12f872d28cf090274dc95119087ce5908424c1dab","ssdeep":"","tlshash":"fc215c7fae631154911691592bba776c3a3a001b6701c8307afcbe685f52f429487bd4","first_seen":"2026-06-08T19:26:41.283541Z","last_seen":"2026-07-01T00:29:17.663242Z","times_seen":117,"resource_available":true,"data":null}},"time_used":850,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":850,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/departments5-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.497Z","timestamp":1782865721497,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/departments5-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 61270\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-ef56\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61270,"size_decoded":61542,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 727x484, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b3e713816291cc912314399e49bca6be","sha1":"4ab7b508ac4cc18787ea17f928a2d98fc3b06f3e","sha256":"b67e9e799ad12b153b7e7780cae0ce60d46eb77416d13cece1cbf1708065b3a5","sha512":"24426318ac8acc4ad2a9f35441137d0f59777ccdd2c07c302b88af30503905d8d2d30bc88a841965c22a745cae8b180bc33b927522c846ddd05607e83019e8cf","ssdeep":"768:iEoVscR+NRM/nZXhmRo/AwnUpWjhoVwovlc0D82RyfALOo0IBSbfeesokDE6cl2+:V9cR+NRMJhm6F0WFoKo3+Ho32WLrER/J","tlshash":"5053022e9a8d8067b0f73404d1191d0dda9117daff60b869bfb893e1d1c4907d9fc866","first_seen":"2026-07-01T00:29:17.663747Z","last_seen":"2026-07-01T00:29:17.663747Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1683,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1400,"receive":283,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/departments6-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.498Z","timestamp":1782865721498,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/departments6-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 124714\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-1e72a\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":124714,"size_decoded":124988,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 714x476, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2cd23e50b2101b4b91e30bffcd55a2af","sha1":"d77e5a10a82f5ef598ffbd00d41b684d08fb78a3","sha256":"5fb318ecd60c7b95260a361865aaa18810c945c4c8061743b8e3df8aecc65bfe","sha512":"6a8d6ecac683134c502c707d8be8f867734429844c8915bf8baa5540702fb288e69c0b9a8d0512863ab484af4e8e8950253f5b68a847ae900245defa3fe8a6a0","ssdeep":"3072:OumnO93YbObLterWmLCJjz0JBEuOGC+KbZiRVrQfOw:rIb4LulOj4YZi3rkOw","tlshash":"0cc3126b2ce5480d92bb9ecc16f32530f4e94f0b76d134547e4a9a90f05dbeda993087","first_seen":"2026-07-01T00:29:17.664604Z","last_seen":"2026-07-01T00:29:17.664604Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1967,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1400,"receive":567,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/judge4-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.503Z","timestamp":1782865721503,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/judge4-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 82884\r\nlast-modified: Mon, 11 May 2026 16:14:55 GMT\r\netag: \"6a02007f-143c4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":82884,"size_decoded":83157,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 820x546, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bc885b92a22a336bd9b40b7e6e85be9b","sha1":"e100c9c1e6b719511ec813dfa0f08a0427f7d364","sha256":"06fb9ebb5663abb9fb5c8cf8887dcd3c563935f0516c0a004eb3b6a09865eea9","sha512":"322ec0113ef5baf6d045be41257eb87618532c05441b9693e9bafc25b00966f817bce529ae8f6d81ae044fe4ea294382717222aae4d2a7a24d41f01cd3b50dd3","ssdeep":"1536:I4n4p0DZm6+fUprK5KEzd1CgxMsYRAkjiBfrNG6ZVUUriB5+S75ZjhjHWr:Ln4KZZIIKkWd1BMXRJkNGMmB5B3jo","tlshash":"c8830254addafdbc426658824d9ffc596b41b8fba5c426a40123c9034d8686fcd338fb","first_seen":"2026-07-01T00:29:17.665462Z","last_seen":"2026-07-01T00:29:17.665462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1963,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1395,"receive":568,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/jinshapc.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.565Z","timestamp":1782865723565,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/jinshapc.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-a334\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41780,"size_decoded":42160,"mime_type":"image/png","magic":"PNG image data, 295 x 113, 8-bit/color RGBA, non-interlaced","md5":"1d2140363e0fda69f41537010f37ac74","sha1":"9f3791b6ade0a7966dee0253cb698564490e9440","sha256":"65ff8549228320f54f3d93e45194314c43c7cea541241876a57633bb5ac94f92","sha512":"75dd491fe42a57dee94c06e5e389323f0b32a584f3d0223845ea8f945ac9cff401e65cc381f4e8973dd78c14655abfff000186a770df78acddff35e6bb69fa86","ssdeep":"768:fUD/+JUtuV8Sp+uA5mBhYhXXy7I1VzKT26hq34ZhMNg1de0nGtXIIq5y7RYLIXK9:j2SYd1Xy7wVG66BvMNg60KXrsLB","tlshash":"3113f1a116d7074d278849fcda334deec406ab285d19b93ec5f68f34e3846c4d083a66","first_seen":"2025-01-31T12:39:53.036928Z","last_seen":"2026-07-01T02:05:27.796397Z","times_seen":698,"resource_available":false,"data":null}},"time_used":530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/bootstrap/css/module.css","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.472Z","timestamp":1782865721472,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/bootstrap/css/module.css HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 24 Jul 2025 20:07:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68829272-28112\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":164114,"size_decoded":32362,"mime_type":"text/css","magic":"ASCII text, with very long lines (65518)","md5":"67e45932bedd92dd7bc2a7de1653677e","sha1":"b15f3b2e370d9a7c2c40ea991c8f4a839617702d","sha256":"6e25cdc64273a412026df8a7b3510d9ba7dd6cd75653dd3eb884371b4ace73e8","sha512":"d6130c594f82eefca5109421095dc8c0603b44c4c714bdb8956e64278c9c1625263a531a1ad401fa344f180c2f1cbe95af8246c9e33dc6a28316ab243f448591","ssdeep":"1536:qiVj2AhHm0CfrtrPr7AhhTQbdS6U8H2GXVxICl1gGqotJFFp4L/Xzbv9ALVTFCew:sAhhTQg6U8p45s5Q","tlshash":"c6f397309984202cf11bc5eae5d0abef32649801f663077ef66370a6d6c21ef577674a","first_seen":"2025-10-09T23:37:04.753197Z","last_seen":"2026-07-01T06:50:03.807216Z","times_seen":1059,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/hero-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.491Z","timestamp":1782865721491,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/hero-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 121130\r\nlast-modified: Mon, 11 May 2026 16:14:53 GMT\r\netag: \"6a02007d-1d92a\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121130,"size_decoded":121404,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 764x509, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fc2395b14f08c02cba1c04618c84e5f2","sha1":"90fd58f0c5eb2123981162756040046bdf1469f5","sha256":"b8fc517c68778af1f2fb28c988e3c6d3a54e1e1cd6576286cc8377a3190b5a1a","sha512":"594ff957bb0c8c187538fadc1a7cd1224c8bcde5f67bae29248bf1ab3c81c0d6b13e7c535a663c6ad97a52ac202cd116be84cbfb7af2648ac647c6174454d25e","ssdeep":"3072:xBXPAKeYwiDkqvDWLBa6XcUMzcMl6kh0xl8:rP7eYwc7iaRUWJWS","tlshash":"d1c3128e920ba5b53a358836f4a043993eb5ec15d15f3851808d6fbcfa7bfca5604b09","first_seen":"2026-07-01T00:29:17.667382Z","last_seen":"2026-07-01T00:29:17.667382Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1121,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/departments3-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.495Z","timestamp":1782865721495,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/departments3-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 109874\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-1ad32\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":109874,"size_decoded":110148,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 783x522, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f0c5911fc9b34365155611487ec948bd","sha1":"26e9174c84494eadc6355a4c5882af7e02b35d28","sha256":"d90a50bcf500a967bb5f6017680c70df617052deb47954369560404f0c466692","sha512":"ebbd01c436db8fa5d4439900029eebe4d7fc9f10a6e92bfa35f3f31ae568f2c60cf9d305681cf297c2a5e2f2fd3602788983f62fb77740bbdc7ebd9e8bdff275","ssdeep":"1536:smldEiLPI5CSasVRo5Pu32eHDylED6vTHmX0OwMKq71y9QOl5G/1UD7eLsEsMv:zlXI5nasV6GHDMvaXWHQkDl54aeQQv","tlshash":"beb312506ae44a09fa0f717fba2f930963c90aeb3272479552e59f47c3c74521a43f8e","first_seen":"2026-07-01T00:29:17.668243Z","last_seen":"2026-07-01T00:29:17.668243Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1735,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1402,"receive":333,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/fontawesome/webfonts/fa-solid-900.woff2","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:42.419Z","timestamp":1782865722419,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/skin/fontawesome/css/all.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:42 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 158220\r\nlast-modified: Fri, 13 Dec 2024 08:50:06 GMT\r\netag: \"675bf53e-26a0c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158220,"size_decoded":158494,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 158220, version 775.1280","md5":"4a6591ab5460ae5cbff1ecbd6e52193a","sha1":"7cd8afd6501962fda35d66f0e4c3b8815ac471d8","sha256":"aa75998623a391e61c6901794ace832e3ecdd288b56d608f21bea0411acc0b8e","sha512":"96c5d3283b71613b595b6b0420333bef5d64451af05c59dde27ec5b3e7cfe6e9549c604cddfbcb79cbc0fd4cd6f2e22a130c9a220b1b7ef933ac9df8c8e695d6","ssdeep":"3072:RauSB5FANIRLpsBaBrJGNG3ECNQztRvHHqkqLrlF:guSqN6ptrJGo3POh9KT9F","tlshash":"0ef312a710c6b95684a3a51b336adeb52c3ed363fcb6cd73be340114689da9c2e4d190","first_seen":"2024-12-19T10:41:23.153533Z","last_seen":"2026-07-01T07:48:12.533465Z","times_seen":30681,"resource_available":false,"data":null}},"time_used":1050,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":767,"receive":283,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:42.701Z","timestamp":1782865722701,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T08:18:52.752191Z","times_seen":16884730,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/tycpc.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.574Z","timestamp":1782865723574,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/tycpc.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-4d7b\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19835,"size_decoded":20210,"mime_type":"image/png","magic":"PNG image data, 162 x 60, 8-bit/color RGBA, non-interlaced","md5":"9cccfc8ca4e4f50e4155a906a42666cb","sha1":"6687ef39ed3ba532124b8155234e819655ac0827","sha256":"38fa753bd6894fd8b0fdd94ba7e7bd9da32cb1e58017c44ce0147afba97b4841","sha512":"4e5e74b92841a16efc4cad516894bdaa1eca4ccdca290bcb36bbaa68cbe2011a6d12005f5bc2946532bbddc4e73161589ab3a296a734b78ad12aaa540bed9cca","ssdeep":"384:nC4JlgpsDv49JmGFnsvbCU5jAEVzJ0smbzRgZGme584WLMM0tq5PHcMV:Ccw9J9FybCUTzJ0smbZhwPH5","tlshash":"ba92e1cc99b518a51940f1dc2f338a48cfe9112c29e58776b1d377a2d94ae6f307c60b","first_seen":"2025-02-07T02:11:03.006958Z","last_seen":"2026-07-01T02:05:27.810285Z","times_seen":695,"resource_available":false,"data":null}},"time_used":788,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":788,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/bootstrap/js/bootstrap.bundle.min.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.479Z","timestamp":1782865721479,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 01 Jul 2025 23:41:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6864723c-13bb5\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80821,"size_decoded":24420,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"21d4551af5cc4ed4d818bdbdfea8c358","sha1":"df272a07ed30eaf8025b699c45736ba9d284e4d4","sha256":"35f4547d9364111aca4850347356bc5660a994f0d8b694d88f995098a7b547fa","sha512":"4dcd22faf4688265f834deedb8b6d07c1c5af0991f512031485573994df59d5747ca21c494f3f2d9c59f15a7260892b0d15aa8bebcca85d7764d24cc740c69da","ssdeep":"1536:/SwJiEbnTl6R2t49CFliFCIg/yWszSraJd5qUFH9tZwcE+iYZMgZdj:6wfs+SSO5q4tZwcEVYZFj","tlshash":"2383b5593244b8730ade85b68037430bf2265998b14b812cb57cadde2a7dcc67277f78","first_seen":"2025-06-18T01:20:12.005242Z","last_seen":"2026-07-01T06:50:03.783689Z","times_seen":2463,"resource_available":true,"data":null}},"time_used":849,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":849,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/e/dongpo/tz/tj.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.483Z","timestamp":1782865721483,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /e/dongpo/tz/tj.js HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 808\r\nlast-modified: Tue, 05 May 2026 19:43:53 GMT\r\netag: \"69fa4879-328\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":808,"size_decoded":1159,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (554)","md5":"1bf60b5cf9c764caf9e85228dc7bfc33","sha1":"22b0d1971d7ec1ec3bb55ff4771752db18eab9ef","sha256":"1a32c475f692c3c84f550cc194a92fff3df6368293bbec3b8e67a42bc2d92306","sha512":"681c26eab518649736ea2c6302120b5a61e0b0749375c8933c7c890b6195de0c6e09a4184c9af8c5fd0f5e5eeda63ba803574bee4c44737899ccd18ce14c97c9","ssdeep":"","tlshash":"8601f11f7c25e13463921c2d23bbdadcf5ad2016101dc80654dec4ad6c34ff9042ab4c","first_seen":"2026-03-03T01:17:34.078046Z","last_seen":"2026-07-01T02:05:27.806882Z","times_seen":678,"resource_available":true,"data":null}},"time_used":1129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":845,"receive":284,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/departments2-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.494Z","timestamp":1782865721494,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/departments2-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 85262\r\nlast-modified: Mon, 11 May 2026 16:14:53 GMT\r\netag: \"6a02007d-14d0e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85262,"size_decoded":85535,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 578x385, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"06048d4d75dfa5999ec00427463a4804","sha1":"24649610b0e79c8c92ee11eb51a73c8d32600fd2","sha256":"d25b580dd90e4bb0c4768a5d76ea3b6c6ced993ac040530e4bb3f494a4fd5e25","sha512":"c70ed1acda16ff6c91d1ffc9db160eb787d1cb66a1c42b4bdfc5d8a328246bc8a8eab3999ed7972d3cfeb7e3d93a3000868f64171b4c8809d8713c44ecb1be63","ssdeep":"1536:MihxDm/AnjRICXNf8+4AVgrkczMPL4AlI6fVhx3el+RviGRPZwDw:MmxDXjHdf0zrkczMPEA3fzIl6VhZwM","tlshash":"50831301a39264d881b3d4f2e2ed7cf0f994b6016b6e44cddc3a5fec67889a70b54926","first_seen":"2026-07-01T00:29:17.672145Z","last_seen":"2026-07-01T00:29:17.672145Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1403,"receive":333,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/departments4-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.496Z","timestamp":1782865721496,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/departments4-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 75330\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-12642\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75330,"size_decoded":75603,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 804x536, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c7c3a6b5beee3b8d1edd7d2e5415d6a6","sha1":"97d532bed2d1b38abd8b4c754af6b2f818e394b1","sha256":"ca93e865977a7b794085808626df6d34ed7bd8b71140b1b5861342726a05a134","sha512":"d3088a35d444e8d8d07b138a40150de3c7340c3d697aeed3c75c8044bd639f3ae40f3c021511809721f0c0ffecbd9bec38e5b2374cfc537119eea93242daaa1a","ssdeep":"1536:V0fTAkULxtG0N05KH0OXLzWDyBNVFCsLx6a1ZhaLXoTlKB9+khcspp:V0f8FxwI05a0OPW+T7l6OZheoxKBRSe","tlshash":"007312c34af2a6952e817cc1227c3693e9c3912cd55e7eee919627f87ae0f045478611","first_seen":"2026-07-01T00:29:17.672998Z","last_seen":"2026-07-01T00:29:17.672998Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1734,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1401,"receive":333,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/ico/favicon7.ico","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:43.585Z","timestamp":1782865723585,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/ico/favicon7.ico HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Wed, 09 Jul 2025 03:42:24 GMT\r\netag: \"686de520-423e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16958,"size_decoded":17232,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"8f8443b45f6d99f4bc756e2f73662b41","sha1":"cdfd906b9daee3eb00ab28eea70b707242bf6b07","sha256":"ef5ddb495b2d2a4f88e3fdb442e3bb0dfd2090b0c788fb1ef6e91f06e070c593","sha512":"4afe820d897ff7b11d1aa5489cf3e58b9fb47af725ea83fedb536c3954ee6e2d7977efeb8a54eee1e6161de13ca775db1a2db99ef86f81ed8eaa0aa4947a6bae","ssdeep":"192:BFx9GVVbETq9G4/axnh5S4h8ja0i/WCdYIeokRrn9yubb1z/:D4wY/wjS4hV0i/WCirokFD9z/","tlshash":"f2720d49aa497202fa067bf0cbfd4ba1846ecd1d58f48c1f1db5bf6636662b7706c600","first_seen":"2026-04-15T00:19:07.097305Z","last_seen":"2026-07-01T01:31:08.664512Z","times_seen":15,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/footer-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:42.356Z","timestamp":1782865722356,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/footer-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:42 GMT\r\ncontent-type: image/webp\r\ncontent-length: 202828\r\nlast-modified: Mon, 11 May 2026 16:14:55 GMT\r\netag: \"6a02007f-3184c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":202828,"size_decoded":203102,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 775x581, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a0e63d05e49189b277adbfe48b369f9","sha1":"98e8beadc22583ad87b63b97941aa019bb6de6ea","sha256":"bb2262deae144968258f71592d2c2e6786f70e00dda50a3a917a1e324988aad4","sha512":"18f7c931ad35d3e063ca46763378daf14d6971667a28c3fafc29bd7308489997fab52902def3038f291dfc3504b518acc98a236b0c27eaf8e376da76cfe23370","ssdeep":"6144:h9sQfw4wWaSs+DuIbi5T3yW3J4pWfT8h4njX:h+cwZWjs+yv+W3J4pJmjX","tlshash":"b4142366911e4244f53bbccf32345313255d4e98b330924bcb6f78e0bbc5dd488a56ab","first_seen":"2026-07-01T00:29:17.674489Z","last_seen":"2026-07-01T00:29:17.674489Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1113,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":830,"receive":283,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/bootstrap/css/bootstrap.min.css","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.469Z","timestamp":1782865721469,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/bootstrap/css/bootstrap.min.css HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 01 Jul 2025 22:17:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68645e64-38a52\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232018,"size_decoded":32163,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"50c95aae1a6c1e089c11681d1e1906f8","sha1":"a65e4fd8db9bd0440de2d6d73c9e7cd00fce4a8d","sha256":"cd1826581e4f2b80af4f1e05897b316c7698441063cffaefbbdeec382ee4cd72","sha512":"7f0edff9370c8d36fb6e96cb25994ff20d98e17702c85656f2ecbc1ec459b07fd2c1b330d2994a1c51ebf7d0cdde5d3856c60dc2fce27145ffeaababbc8c5bc7","ssdeep":"1536:v9xnXGi9GfJkfvq5wlP7cQZDR9uvV982sYRElV6V6pz600I41r:HnXp9GfrV98II6V6pz600I41r","tlshash":"d03482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2025-06-19T07:12:41.126365Z","last_seen":"2026-07-01T06:50:03.818564Z","times_seen":2446,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/swiper/css/swiper-bundle.min.css","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.473Z","timestamp":1782865721473,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/swiper/css/swiper-bundle.min.css HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 08 Jul 2025 08:36:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686cd89a-4691\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18065,"size_decoded":5190,"mime_type":"text/css","magic":"ASCII text, with very long lines (17812)","md5":"ea28ae0aaf82709381c57d6a7daa7a05","sha1":"a7c528dc9018aeefed9a52337168decb220e2f61","sha256":"af8545de3876815292506711e1369bff9dfe57ec7e04c45c3e1bdac48a11f3b2","sha512":"9c63402a957e06b7c365a6cf5f53baaba991953e7bfda99d8feeaf177db6a2782a28004b1d82df2dcde362d5556e4891f6da300d63cf13d816144dadb1920f66","ssdeep":"192:1VmUJbiKne0JlXZHZ+Sme+jexS4nxep/a2GZb0Q5nfufKlAYfg5fyeesedOJ9A5Q:1gUbe0JdZHZ+W+SFnZ24tlWfF4XYz","tlshash":"d08245a85340282753274f364b71cbb9dd7444d20f9389ae91c0ee48d7f6db9132f6a9","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-07-01T06:50:03.819047Z","times_seen":5631,"resource_available":false,"data":null}},"time_used":571,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":571,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/swiper/js/swiper-bundle.min.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.480Z","timestamp":1782865721480,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/swiper/js/swiper-bundle.min.js HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 02 Jul 2025 23:58:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6865c79e-22512\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140562,"size_decoded":39953,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65283)","md5":"21b78ba7133b3d67cf8b09cd6a26d386","sha1":"ea59f37b232db6dee2694078bf21e153a09bacdd","sha256":"6f9df49fe12f77b66daba876cb33b7090b2443f570a2a4b9541cddd705440aa5","sha512":"dc48bb38f168f37930ddc3db0cb78b867fd817cb5907b56cf2c7e58b407f2847a4bab78be5ea2c0deb216052020afb782bc8b4c948a5fe52b77128a27365a392","ssdeep":"1536:TIJQfGP7LP8NEuWGKF+IlzholxU/2Bkt+9SD8jv1nTHlU9ymp8Mj0HEOS5hAsVuZ:0JCN+TXD2BkQZFU9tp8Mj0k95h5cpnv","tlshash":"02d3f8896221b57646e316db93e4c221a3b50544b80ac8f470bd4c9f597ec9813feffa","first_seen":"2023-06-14T11:52:48Z","last_seen":"2026-07-01T06:50:03.815125Z","times_seen":5038,"resource_available":true,"data":null}},"time_used":848,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":848,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/judge3-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.502Z","timestamp":1782865721502,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/judge3-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 63960\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-f9d8\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63960,"size_decoded":64232,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 631x420, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ae595379ace7d49ff732ec9e5fa8fb91","sha1":"3b2fc53d0575a483b70bcd146fb03af1fe2ff74d","sha256":"dc479a6289bd4ac5579f50760c414a02d993e6bdc37f787566340ddff6b46138","sha512":"4554925a01106eac04ce2d384d8490cdb2fc2f233f319d3b189bda59b92078e4454772b91bb1ebad0ecc1f5a710508f93f36a2f22a61cf2ad7f352a2ecc7b61d","ssdeep":"1536:VPUHqsSxfbYCdwS5V0/uzAUh2tV/jyGipNUlwltp/rta:mqxf9dwEVQc2Hr3blKD/ro","tlshash":"5b53023775832c0ec91884796d4c8fc9c2d9eb975d31c33bb3c64a925c8ae4f4629791","first_seen":"2026-07-01T00:29:17.67701Z","last_seen":"2026-07-01T00:29:17.67701Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1684,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1396,"receive":288,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T00:28:39.548Z","timestamp":1782865719548,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23669,"size_decoded":7032,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (17337), with no line terminators","md5":"c8a6d42a2122a1db00443cd1a603b233","sha1":"453e16c5a37bdce652b023b1e311fbb6466a671c","sha256":"e7a135974dcd49b26a534f19bcafaa8c256ac7bd9628513783aa4b1f1d662d53","sha512":"a555469f0153fbeebf8dc3ddda3a5b8d40d637738cd8955a11d8d96a2c13ec8b570401cf83d244b41edd5467283315a9ecb429a3830ac4aa2bdbc2993f56468b","ssdeep":"384:XyDryDmzyDwhvMhCrjJxcvpGo2YBnl3yDXm:2zhvMhCKv0oYm","tlshash":"d2a2a4737481ba7f016b8bfdb664ab8f30e3960dc5778d0667fa87c85bc5c928950046","first_seen":"2026-07-01T00:29:17.678038Z","last_seen":"2026-07-01T00:29:17.678038Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1613,"timings":{"blocked":-1,"dns":191,"connect":284,"send":0,"wait":566,"receive":0,"ssl":572},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/bootstrap/js/home.js","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.481Z","timestamp":1782865721481,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/bootstrap/js/home.js HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 14 Jul 2025 11:49:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6874eee6-16aa\"\r\nexpires: Wed, 01 Jul 2026 12:28:41 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5802,"size_decoded":2098,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"16c93ef01acd14ec64c07020d638253e","sha1":"9c7b9d1a61977675c7f128bf2e27093d3cfe37f6","sha256":"f0795e9620ff382d585e15e40f303b394863fc5fa3dbdecd140adcbc4e51ffd2","sha512":"218d41ff60e128ff13105f9d376cfac1b80401527884da7b6179bab1fe8e9aa9e5959873bc5385798c8a5c6fb7aedce8e68b17112833cc16c096e0dc214d35ea","ssdeep":"96:6P7fgtAVMsSMCM1vUrp8KtQJQ1l/2o3RV0uRC6v6qyS+KQkIF:6P7fg+VSVAvUr2KaG1Zd3YuRriqyDKQH","tlshash":"91c1551a62b42433447775bb97af57c477212087b8c6ec393dfcc6080f845aa59f1aea","first_seen":"2025-10-09T23:37:04.756251Z","last_seen":"2026-07-01T06:50:03.807722Z","times_seen":1087,"resource_available":true,"data":null}},"time_used":847,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":847,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/judge1-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.499Z","timestamp":1782865721499,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/judge1-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 82354\r\nlast-modified: Mon, 11 May 2026 16:14:54 GMT\r\netag: \"6a02007e-141b2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":82354,"size_decoded":82627,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 563x375, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dbcb050fbb4758ed34d840cbc7d56e24","sha1":"76c33a644c8eed31e28ab02dbe07b61eee82c4cb","sha256":"b5ce08f47e20f751f0c83dac8208aea30944b869bea2e926425b6f45bca2a033","sha512":"49387e9019b4e5e063bb7d144cc0ca1a4000247e62e4ecfa06600e5308e632aeec0d98be40c963323a13c534692dea19f5c711830868acae58baf89d01dbd4d7","ssdeep":"1536:ya85+JQaF7GYwattSVvf3YE7jdrg6c6MKuNHhph1otaHf7X/nHuTPQtB9C:pLfal0CP7+6MxNBzx/7PHZBA","tlshash":"828312d4c52c8614accc9ef9812981678bf88c7c73f48faaea9449c59dc453dc419ef8","first_seen":"2026-07-01T00:29:17.679767Z","last_seen":"2026-07-01T00:29:17.679767Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1966,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1399,"receive":567,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"154.204.28.53:41669/static/picture/wnspc.png","fqdn":"154.204.28.53","domain":"154.204.28.53","tld":""},"ip":{"addr":"154.204.28.53","port":41669,"asn":35916,"as":"MULTA-ASN1","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://154.204.28.53:41669/","date":"2026-07-01T00:28:43.572Z","timestamp":1782865723572,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 05:56:11 GMT","end":"Sat, 04 Jul 2026 21:56:10 GMT"},"fingerprint":{"sha1":"4C:79:6F:AC:62:E7:8A:CE:03:1B:77:75:1E:15:C7:58:F6:B5:B9:E3","sha256":"3F:2B:5D:4A:39:21:14:CD:E5:3D:0B:A2:E6:DA:C5:E0:34:FD:80:C4:6C:AD:47:81:6A:84:9C:05:7B:6D:A9:CA"}}},"request":{"raw":"GET /static/picture/wnspc.png HTTP/1.1\r\nHost: 154.204.28.53:41669\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://154.204.28.53:41669/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 24 Feb 2026 09:51:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d74b1-1eb7\"\r\nexpires: Fri, 31 Jul 2026 00:28:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7863,"size_decoded":8238,"mime_type":"image/png","magic":"PNG image data, 172 x 60, 8-bit/color RGBA, non-interlaced","md5":"6e6f3e6c749737e6c347ec25d39b3eb1","sha1":"076c805bf394c7996a58202e333827837c8b1378","sha256":"391138ddf53bc321563b3d17fe0f37f5b40efba65fc661dbfa239a2b2184ec65","sha512":"b4621a8e30b49a48b1b13e9582c260b02d42ab2cc2509d59e56cf85028eec3dd165e255dff5c61e689ad8b4eaabe74852185efb2764da5c0ec1133a2ccb02a3d","ssdeep":"192:FQSFq7yL2y34yuuSzYUfBY2kCf9pDnA3+O07Zu86U9S0aN:zFjLX3u1YU5sCzA3hEu86sSLN","tlshash":"26f1ae6b1553fcb469dda7e92063af6082136f48b0077a12fb2b29748135fe5f44aa13","first_seen":"2023-09-28T01:03:26Z","last_seen":"2026-07-01T02:05:27.791988Z","times_seen":722,"resource_available":false,"data":null}},"time_used":790,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":790,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/departments1-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.493Z","timestamp":1782865721493,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/departments1-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 100060\r\nlast-modified: Mon, 11 May 2026 16:14:53 GMT\r\netag: \"6a02007d-186dc\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":100060,"size_decoded":100334,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 710x545, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"76eb997d4507d6849ee5b5d1198b1a26","sha1":"309b53660f9d5a06d2b9f9c780ff655e567c8840","sha256":"0ea7f247057e3a5cf6dec665010444f828b31da40fadf9db8c15079bd7814d3a","sha512":"d300762fd68ebf95fd4df44f9468190ec624fc7a92836ddb6011fd8eab5c4c7f50d39cbc9a560766b451d2e64d487f05796edae795324dec1579008175ffafa3","ssdeep":"3072:P3pPJ5G+aUz0FXQ8RAyNKB7hLTt6fLdvy1wmtV:P3/5NbyRJNKB7h/kfHOV","tlshash":"40a312a26d43af98138e197d9246736e4f026909ea33f4daacb31fd6436d0257c3de05","first_seen":"2026-07-01T00:29:17.681337Z","last_seen":"2026-07-01T00:29:17.681337Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1404,"receive":332,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/logo/bty89com/logo.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.489Z","timestamp":1782865721489,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/logo/bty89com/logo.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4562\r\nlast-modified: Mon, 11 May 2026 16:14:53 GMT\r\netag: \"6a02007d-11d2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4562,"size_decoded":4833,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 400x140, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"06d0c5e74faedab9894d3e3e6d8cdafe","sha1":"4eb90953af53a304878ecd8e2afbb351ad12ce87","sha256":"e74a0901afae145c6750ef93c0af37035fe371df0e156da5992795701469ca1f","sha512":"554b4b04856f91df0a20eb9cbf8165b3ae82f5f1414fdb6dfc347c3ff7fdc0766bd5c31d5f82cca3987e489c63566b1df21283e2e376f086f4d5ebc7a4d85faa","ssdeep":"96:gjm4gZVthsfM91fjXgklp5Hx/R1oAhqvxnYTzZxHGg/oJD5sHQ2idW:gdgMfYX5nx1ojgxHSFsv","tlshash":"71918de4f504f459616f020d77711ccb508aa064f2d38e250e63589076b0feba2db4f5","first_seen":"2026-07-01T00:29:17.682468Z","last_seen":"2026-07-01T00:29:17.682468Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":839,"receive":284,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bty89.com/skin/cover/bty89com/judge5-7.webp","fqdn":"bty89.com","domain":"bty89.com","tld":"com"},"ip":{"addr":"168.76.229.173","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bty89.com/","date":"2026-07-01T00:28:41.504Z","timestamp":1782865721504,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hjty8.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 May 2026 22:50:09 GMT","end":"Sun, 09 Aug 2026 22:50:08 GMT"},"fingerprint":{"sha1":"F9:2F:8D:91:91:0B:BD:8C:20:7F:A2:39:A4:4C:78:0E:D0:62:FF:6E","sha256":"D9:20:AC:E1:ED:D4:4D:C5:D3:88:1B:DB:5E:07:AF:F3:75:F5:D6:CF:2B:65:81:0C:1F:1D:D9:28:39:D2:65:05"}}},"request":{"raw":"GET /skin/cover/bty89com/judge5-7.webp HTTP/1.1\r\nHost: bty89.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://bty89.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 01 Jul 2026 00:28:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 52970\r\nlast-modified: Mon, 11 May 2026 16:14:55 GMT\r\netag: \"6a02007f-ceea\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52970,"size_decoded":53242,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 576x384, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2b6ca1898b83c490b6dc0504d65b0684","sha1":"a983e75b41bf3956584e975ce8976375a4b44228","sha256":"852bc5b4016d6e3cdcadd251c0210a5008a2e2456ae1e8f846ebf94c261fc601","sha512":"0d8ed2e9cd439f2c2152816bb089c4a869a080b885df77ae1fae4b57d4be55e04e71d6e1352a22d20ab9e788bd5f10e9faee0417d2fd203b87a61f2ab71e45c6","ssdeep":"768:IHfbFNWQEx5ePt2zHiSox+BUNT2n2+af7t4oJohIy6Mmc0lTt97ZpirAynG4ysKM:I/JARKPSoqgTCkh4kRJ5ZpgNGZnM","tlshash":"9d3302d9eb639028fd4da2b23cc74ba32d945920a7578badb40c785c4b44c7b4dd7380","first_seen":"2026-07-01T00:29:17.683453Z","last_seen":"2026-07-01T00:29:17.683453Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1725,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1394,"receive":331,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-01","alert":"Phishing Block","trigger":"bty89.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"bty89.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}
