{"report_id":"cbc58fd6-a1ba-42f6-aa37-2805928d48d2","version":0,"status":"done","tags":[],"date":"2026-06-17T14:49:25Z","url":{"schema":"http","addr":"btcusdt.cyou","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"104.21.93.198","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"title":"IXX","dom":{"size":29532,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"89f1b670c0768f33abb75a0327305424","sha1":"105bd5229b97280d245080673b92c7f0e635d277","sha256":"f4a0eb9685fae60be4c6f1fd5f7e6e3d78768167887dea37d2589445461e094f","sha512":"ff8a45d0d3c9e229de6cc5df2f726599b3310616f4f276ea37d5483d55b2ba5c8fc8dc0a2f46e1b95832137fe9cf3ce6ac2565f8501df88a0afc8bbaf4a3c51b","ssdeep":"768:hcEJSDpMiJwh2eJiIERl9TK/a7T2suT0aelm7:JJSeE9kUuT0ael0","tlshash":"95d2550090ed0827507350c3eaaaaf39b4dfe976e36e4044b3ff0d5a5bc7d19691a61b","dom_hash":"domhash296bc2b41138f9c0f071217caefb4e2f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"btcusdt.cyou","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"104.21.93.198","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-22T14:49:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"btcusdt.cyou","ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-12","domain_rank":0,"first_seen":"2026-06-15T11:55:02.13654Z","last_seen":"2026-06-15T11:55:02.13654Z","alert_count":120,"request_count":61,"received_data":1203842,"sent_data":37578,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"btcusdt.cyou/static/lang/en-us.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"26fd80f238136ab70ac2545308240972","sha1":"9c53209dece13d2ea508801018e17a48ab20ec52","sha256":"4bc90ecaf4541f9f71e04744f90b02ec404ddb22aab1dac753d96e171e1c1185","sha512":"efb3db97c63e2cd7d447f8337e3b29c7cf369b261eadab75aa887d196feb57c4e44d0f1f2a96fb82190673acddb1c8735221617f1d6d1e4c119dbf4b5c0cd10d","ssdeep":"","tlshash":"87115c55520c9494050694cb76a716c5df8540770981768ab7dd81dc7f8bc2be2f7189","size":970,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.838233Z","times_seen":116,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/clipboard.min.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa7c9d74f567a8877522f816d7c387cc","sha1":"d79bfe29e732477cb27598dedff9495ddc05f390","sha256":"6717dbf025d81f537cc639903fb560e01912c0467e8da579fcdf92c6f58f7a65","sha512":"da4a20fae935b42cb957a322479c0e779835b37291c6ac8cb41f300dde796847897f788e849ff6153a32004cff087615d37f9f2cb8aa5751cdb1b8bab2534b16","ssdeep":"192:q0Z14dOk1XSHkKpI/230xlH3G4Ly9+vxo53CoD87JxKllkvc363Pw/3JyUZu5MpL:HZCQfI/wsXCz3rbllC3P83JVu5/Gz","tlshash":"6122a68cb29071b156eb50ba802f420fb271c42db06e40a8b21de8f56c7de9d4627f3d","size":10111,"data":"","first_seen":"2023-04-08T01:19:22Z","last_seen":"2026-06-23T23:35:23.942904Z","times_seen":2210,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/index/d3.v4.min.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e899651bcf1a3591032d7213daeab171","sha1":"607e02087446eb2efadcbee253db3aca3d794a7b","sha256":"8585db4092b8a9d26201e0d58e343d1b40fa034c4b9c343878923d7649bb1699","sha512":"44927534d0bcf1084deddc29098f2b9bfe8ec48f987503f8f03acb19efde48077e9feb353d7c10924a73cc082825ee1c6455b61802d0a31a31eb5812636c907e","ssdeep":"1536:wJdNAq50g6ds5VIG2pUfpgBU3gPDSb7+CmeoA08h6Vh5Lbg5ECfmDoo5rfIrTGE9:wrN3F2pHSYlyLG1sVAupFmuFyiI7R6","tlshash":"092494ccb682b096936320b0417f244bf33b2d59684f4568e029e9d97c7895e51bbfbc","size":221957,"data":"","first_seen":"2023-03-07T21:28:45Z","last_seen":"2026-06-20T21:32:59.911971Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/element.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"784379625afe1516f69075a78007e7bf","sha1":"4eca1e2bd313d46ddcf113095074da797b145aa6","sha256":"763c30063a00b2698ab3aa17948b5008a33d477fd7dfd45f11f3d4a49e29b73c","sha512":"f08d8e5c3c091ca2a0f00109cc55dcf9a7ce055996f1fd2d6cc2f7b414e533c0b8356fb5bd3ec7eea1692e5aa56d2be0465465f60479f3eb2afb783cec3ca87a","ssdeep":"192:nZKp8KKtRtwFC2q6IsTPJB91RGRtX9uEUn0Gs:nZltcF+6IsTP5ONN","tlshash":"bfe19518b05236f73197b5d143bfa21da03f4636e70246ac3066d4ba09bbd891673f9b","size":7264,"data":"","first_seen":"2023-03-07T13:00:48Z","last_seen":"2026-06-20T16:22:07.812098Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/carousel.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f4b94959b4b5ad34cdc1dd2c12a6bd1c","sha1":"303a72c6380c4277062e85eac689d1dc5ebc60df","sha256":"ec7b67ac49f660eae790c97c9e47fd86973a01478947c603f458667fb322351c","sha512":"b4d24dd32769ad42ed0d4e7b61b80c0ef9f41e9d001a48f5bfd3a328e58e715724a2df8bb97e8078e6b1fc44be5ede4b53233f987578eaf9f3d6e0a3ec936831","ssdeep":"","tlshash":"d7811181775f386741972453935f4c0896b719ba9b06d054f2a264fa6dfbc88223eb0f","size":3862,"data":"","first_seen":"2023-03-10T09:41:51Z","last_seen":"2026-06-20T16:22:07.837271Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/jquery-3.4.1/jquery-3.4.1.min.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"220afd743d9e9643852e31a135a9f3ae","sha1":"88523924351bac0b5d560fe0c5781e2556e7693d","sha256":"0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a","sha512":"6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"338319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","size":88145,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-06-25T17:39:23.694155Z","times_seen":134779,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/layui.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"055cb5361d0dadf75de67f6875def943","sha1":"97ddce827fedb8869a9d0248a16b70c14da2a8ec","sha256":"91ffac1a9d64f3dae4e8091b4feea25981e750d279cb71491b25dc24b33ecaf2","sha512":"3c074594a667484aa78b2227f834c4bebab07a6b4bd795f94570d3e3da911aa48275e13c54e1c6848cd2ec1fbb2bad5cb104e9a6bc1f71c967e93dfde62aa9b2","ssdeep":"192:TDTGeNtb7/j9Eg3JMunJYJjdlrr1+p8XqlPBOTXLLRUweK:TDTGeNtHj9Eg3JMunOJjdlP1+K6Pw7Lz","tlshash":"c7e1a898b5b27452473b306572af901ea67b44ad284c8090d1ced9e63cb6cbe4377f9c","size":7395,"data":"","first_seen":"2023-03-07T01:06:15Z","last_seen":"2026-06-23T23:15:24.382982Z","times_seen":545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/script.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"deef8be6b670a53c57b70a8ec3558005","sha1":"f7f58cb8d63946b163175863e80694a689e3bbea","sha256":"8b044bdfbed2cfcb7d4500c41732982933c8c29735db3cfb8ba8eb9c912efdaf","sha512":"ee7de286f90ee85f61126de877a82f40c26ed08ae1a40a6312566317a7040294b08853c687c8a29ce08e0ce979282ee5347d7285b56549fed5e2b650f296876b","ssdeep":"96:kZwO1qKbq7GqR4qA8jt8jpTtWo6/Avx3CB0QPiU1QzGwfgj:kZf1LbKtmijujNTvpCB0QPiU1Q6wfgj","tlshash":"4cc19624f53d36289272317e0cdf5155b03d4179190b8846f86dbaa81eb4f2f0eabde9","size":5598,"data":"","first_seen":"2025-10-09T14:27:31.943822Z","last_seen":"2026-06-20T16:22:07.839199Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d66918fd0edb4e3c158eac824d4c9f74","sha1":"74ab0e2a361e5ad6b56b6df9c9ab457057e670d1","sha256":"7435e8e44b79ce5312e9cd09f5bc245dec17d1f35474d361d636bd8361dbe396","sha512":"ac36f6ad5826cacfe33a50091598001e9e7fcf38795aff317d95aa0b7282d4de6e7d4a626c29fac9bd3a1c59273bc5832c6c7e7e77a652958adc7e0e9b9e0ff9","ssdeep":"","tlshash":"6de0c204cad786867d081842236e14377191d90311cad616fd6db1079f6350f95e83dc","size":312,"data":"","first_seen":"2026-06-15T11:55:06.121232Z","last_seen":"2026-06-20T16:22:07.842386Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e6e3aeb898acbd4a878d2a4c830dd92","sha1":"f782f88074d0c729711725876c2718dc8879fbfc","sha256":"b6442ecee3e742d092abdbcb97cb161bd3636a4612d30a44e8f887c8f82d4fce","sha512":"63a18802975cd43dad99d114d34a4edc80b1dd9041648df906222d577d13b1f13631e76d4d4b55ccdf6bdb57751b127cfb65df889cd3ca739386e7879f272e98","ssdeep":"","tlshash":"c021a5d980d5530995b738969b8b2a01312394b714cc50077e1cf1691f4a31f59cbf9e","size":1250,"data":"","first_seen":"2026-06-15T11:55:05.891752Z","last_seen":"2026-06-20T16:22:07.843317Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1dd6316dc813d406048b3a315594431","sha1":"c492fc2aec84fa5cfb577cc5cf82e2021ce5b26e","sha256":"b36c675a92d7d61fa7048bb3aac39f729df258edac9b3a16786b4965a6d80430","sha512":"2face40d6f1271c064230eef9c61211667ba0bc796b300082aeecd4b425b6261432577174a8212dd2932c6e2aa055e9b200365405e00c7282892b39e4260a780","ssdeep":"","tlshash":"a54173d8f74d2a4c186b21b64b5e40c8381c183ad8614837fe2cac785fa6b185b59e2e","size":2251,"data":"","first_seen":"2026-06-15T11:55:06.129016Z","last_seen":"2026-06-20T16:22:07.844908Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/websocket.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"59b7534a489b4c5f2bc40c33d935fa89","sha1":"8c4c070e05acee947463c89d092b5ea7c03c1389","sha256":"8384e80491e71ad73e8ba90e926c0df5625eea0c03962e4885f3914ade6d9ab8","sha512":"4d885fdb2b32298fc3b2a58e78224e826cd104916cf40b1ed3925d95a0e27e8a33f7fc761876c27694501f643301497e37e00b90f6ea5e5aceaaafe240770def","ssdeep":"192:KO/IyXiscXXSYkcJqX0DJpBko7F9s+uMYIlnTrccjt4HywGb3DDFr:KeIoIXiYkODJ/kMrs+uMYIlnHIH8l","tlshash":"5d7280a0b3ac1a5f41f6161580bc66c4cfecc571827984e7f2baa4e05358b19116beff","size":16419,"data":"","first_seen":"2025-10-09T14:27:31.994749Z","last_seen":"2026-06-20T16:22:07.778988Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d66918fd0edb4e3c158eac824d4c9f74","sha1":"74ab0e2a361e5ad6b56b6df9c9ab457057e670d1","sha256":"7435e8e44b79ce5312e9cd09f5bc245dec17d1f35474d361d636bd8361dbe396","sha512":"ac36f6ad5826cacfe33a50091598001e9e7fcf38795aff317d95aa0b7282d4de6e7d4a626c29fac9bd3a1c59273bc5832c6c7e7e77a652958adc7e0e9b9e0ff9","ssdeep":"","tlshash":"6de0c204cad786867d081842236e14377191d90311cad616fd6db1079f6350f95e83dc","size":312,"data":"","first_seen":"2026-06-15T11:55:06.121232Z","last_seen":"2026-06-20T16:22:07.842386Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e6e3aeb898acbd4a878d2a4c830dd92","sha1":"f782f88074d0c729711725876c2718dc8879fbfc","sha256":"b6442ecee3e742d092abdbcb97cb161bd3636a4612d30a44e8f887c8f82d4fce","sha512":"63a18802975cd43dad99d114d34a4edc80b1dd9041648df906222d577d13b1f13631e76d4d4b55ccdf6bdb57751b127cfb65df889cd3ca739386e7879f272e98","ssdeep":"","tlshash":"c021a5d980d5530995b738969b8b2a01312394b714cc50077e1cf1691f4a31f59cbf9e","size":1250,"data":"","first_seen":"2026-06-15T11:55:05.891752Z","last_seen":"2026-06-20T16:22:07.843317Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1dd6316dc813d406048b3a315594431","sha1":"c492fc2aec84fa5cfb577cc5cf82e2021ce5b26e","sha256":"b36c675a92d7d61fa7048bb3aac39f729df258edac9b3a16786b4965a6d80430","sha512":"2face40d6f1271c064230eef9c61211667ba0bc796b300082aeecd4b425b6261432577174a8212dd2932c6e2aa055e9b200365405e00c7282892b39e4260a780","ssdeep":"","tlshash":"a54173d8f74d2a4c186b21b64b5e40c8381c183ad8614837fe2cac785fa6b185b59e2e","size":2251,"data":"","first_seen":"2026-06-15T11:55:06.129016Z","last_seen":"2026-06-20T16:22:07.844908Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/form.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a55a0aaf3d84264e3373f58f347a18fb","sha1":"921760fdababb5639192c73866c1b3b5f2ca0644","sha256":"03315f4a8fa90d66f3115d686bcb50d9356136607f92edbc9c59d4f27090a0f3","sha512":"7295dd0874606a2605b16a49ca696bfe305e16d769a7d037cfba0e074591e4def8dea94e4157cbd7c52e85e8de4ae496155c0af6d21b00943ba04ab6164edc13","ssdeep":"192:7U7m+EjWnSTmyANS4B7R6EoHv9w5iaHe16GL:7U7msqmHBV6LP9yiaH6n","tlshash":"1312a319715135e2367b60a1405f981ba0bf4635ab09c8947093d4f92ebec9493f3faf","size":9591,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.802748Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d66918fd0edb4e3c158eac824d4c9f74","sha1":"74ab0e2a361e5ad6b56b6df9c9ab457057e670d1","sha256":"7435e8e44b79ce5312e9cd09f5bc245dec17d1f35474d361d636bd8361dbe396","sha512":"ac36f6ad5826cacfe33a50091598001e9e7fcf38795aff317d95aa0b7282d4de6e7d4a626c29fac9bd3a1c59273bc5832c6c7e7e77a652958adc7e0e9b9e0ff9","ssdeep":"","tlshash":"6de0c204cad786867d081842236e14377191d90311cad616fd6db1079f6350f95e83dc","size":312,"data":"","first_seen":"2026-06-15T11:55:06.121232Z","last_seen":"2026-06-20T16:22:07.842386Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e6e3aeb898acbd4a878d2a4c830dd92","sha1":"f782f88074d0c729711725876c2718dc8879fbfc","sha256":"b6442ecee3e742d092abdbcb97cb161bd3636a4612d30a44e8f887c8f82d4fce","sha512":"63a18802975cd43dad99d114d34a4edc80b1dd9041648df906222d577d13b1f13631e76d4d4b55ccdf6bdb57751b127cfb65df889cd3ca739386e7879f272e98","ssdeep":"","tlshash":"c021a5d980d5530995b738969b8b2a01312394b714cc50077e1cf1691f4a31f59cbf9e","size":1250,"data":"","first_seen":"2026-06-15T11:55:05.891752Z","last_seen":"2026-06-20T16:22:07.843317Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1dd6316dc813d406048b3a315594431","sha1":"c492fc2aec84fa5cfb577cc5cf82e2021ce5b26e","sha256":"b36c675a92d7d61fa7048bb3aac39f729df258edac9b3a16786b4965a6d80430","sha512":"2face40d6f1271c064230eef9c61211667ba0bc796b300082aeecd4b425b6261432577174a8212dd2932c6e2aa055e9b200365405e00c7282892b39e4260a780","ssdeep":"","tlshash":"a54173d8f74d2a4c186b21b64b5e40c8381c183ad8614837fe2cac785fa6b185b59e2e","size":2251,"data":"","first_seen":"2026-06-15T11:55:06.129016Z","last_seen":"2026-06-20T16:22:07.844908Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d66918fd0edb4e3c158eac824d4c9f74","sha1":"74ab0e2a361e5ad6b56b6df9c9ab457057e670d1","sha256":"7435e8e44b79ce5312e9cd09f5bc245dec17d1f35474d361d636bd8361dbe396","sha512":"ac36f6ad5826cacfe33a50091598001e9e7fcf38795aff317d95aa0b7282d4de6e7d4a626c29fac9bd3a1c59273bc5832c6c7e7e77a652958adc7e0e9b9e0ff9","ssdeep":"","tlshash":"6de0c204cad786867d081842236e14377191d90311cad616fd6db1079f6350f95e83dc","size":312,"data":"","first_seen":"2026-06-15T11:55:06.121232Z","last_seen":"2026-06-20T16:22:07.842386Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e6e3aeb898acbd4a878d2a4c830dd92","sha1":"f782f88074d0c729711725876c2718dc8879fbfc","sha256":"b6442ecee3e742d092abdbcb97cb161bd3636a4612d30a44e8f887c8f82d4fce","sha512":"63a18802975cd43dad99d114d34a4edc80b1dd9041648df906222d577d13b1f13631e76d4d4b55ccdf6bdb57751b127cfb65df889cd3ca739386e7879f272e98","ssdeep":"","tlshash":"c021a5d980d5530995b738969b8b2a01312394b714cc50077e1cf1691f4a31f59cbf9e","size":1250,"data":"","first_seen":"2026-06-15T11:55:05.891752Z","last_seen":"2026-06-20T16:22:07.843317Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1dd6316dc813d406048b3a315594431","sha1":"c492fc2aec84fa5cfb577cc5cf82e2021ce5b26e","sha256":"b36c675a92d7d61fa7048bb3aac39f729df258edac9b3a16786b4965a6d80430","sha512":"2face40d6f1271c064230eef9c61211667ba0bc796b300082aeecd4b425b6261432577174a8212dd2932c6e2aa055e9b200365405e00c7282892b39e4260a780","ssdeep":"","tlshash":"a54173d8f74d2a4c186b21b64b5e40c8381c183ad8614837fe2cac785fa6b185b59e2e","size":2251,"data":"","first_seen":"2026-06-15T11:55:06.129016Z","last_seen":"2026-06-20T16:22:07.844908Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/iosapp.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c2f59781d7868eff1bed99be0478af8","sha1":"d8bd7c15428c99cdbb38795df05438471953ba6e","sha256":"b16d7795b265d380540612bfed9739a90fb46aade4228c670fc8d17abce9adaf","sha512":"2e979baf0d2f94e91eef9665df48555ab4dcf4e7b8bc149465ec25d9e09a07dd625edf0750a6f9d7e47f64162f8099663c7986c4a4840948b177237581b4ff6b","ssdeep":"","tlshash":"c94132999a9d683919d3b42d1a3fb15c72333aa5a4428110bc0fbf943b34a4a162db98","size":2054,"data":"","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.767243Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/index/index.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0dcd53515a6992b2222ee4d9f4a3e682","sha1":"0aa981db906694ccb7650bd5defc855bf01a2f18","sha256":"4cf6b72d4faa38b5a6d0500c798cdabeb6a4f241d34d0612bbc6c328773cdca0","sha512":"795e3c8e0b69f8875b02c8ab820c1eadea220864ae64192e419ef354898b01684fbc71b54a49bbbd344e5bb090c96999459eb5df90e5be998791a2072b5509f9","ssdeep":"48:4NHsJYS7AEGyUjmHAuEZBnZBJOt9dxGiKsu5RtpmJpZzPDvuli+hIg:mHsJ/oQARZJZTADoPtpI3v4ikIg","tlshash":"88915606e4e314536e23909a8feb4005a1adc033d20acc4dbb9ed69e2f5c9ac5555ede","size":4625,"data":"","first_seen":"2025-02-26T18:00:22.704148Z","last_seen":"2026-06-20T16:22:07.840115Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/i5scroll.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"229ae241044a0a16861b8583b4435079","sha1":"8051376b7ff4f9eb4c40389985ceed910bd8a868","sha256":"00323fb404aa8d1151ba1d3842ace6e1b7dfd723faa7b0402c20bcbd7d93e59a","sha512":"edafd940bd292208de80d57343ef7dba5360bc21f5dd691f24b13d167b15b3f5529bae2735c1d2c67fb23de10ea4b907f7adf371db7d150724a2ee5d1ef82cc5","ssdeep":"","tlshash":"cc3167c47000b636859620b271ab56d9f3398ad7346d881174beb189bd1cdb50d2fda4","size":1779,"data":"","first_seen":"2025-02-26T18:00:22.707066Z","last_seen":"2026-06-20T16:22:07.780429Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/slider.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c35742db2e72cd4f30cefa23690ecf5","sha1":"b50d4268f547cefd984c069d276c956feef395e8","sha256":"2fdaaa9935b2d19fb54e0798e6e42fc3528d1b2772b46b9aa8731b1ab6947609","sha512":"44d0ab3649b35cec891738e6eb4f28d1857fcb900e2369b9395ea54854717108268c8ce729591923fb094cfe1b34dc0f9b2e9bf35b17b77f34c479ef80deb391","ssdeep":"192:z8Syuw2bmz0DLKypMjYXVp5D8IlM/eq9zwtyd4UduKN:z1yuw2UOPSBMj8/","tlshash":"53e19615314ab5732172c263b59fc84eb2f20779b303c564a6a540a51ebece82b37f63","size":7091,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.771646Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d66918fd0edb4e3c158eac824d4c9f74","sha1":"74ab0e2a361e5ad6b56b6df9c9ab457057e670d1","sha256":"7435e8e44b79ce5312e9cd09f5bc245dec17d1f35474d361d636bd8361dbe396","sha512":"ac36f6ad5826cacfe33a50091598001e9e7fcf38795aff317d95aa0b7282d4de6e7d4a626c29fac9bd3a1c59273bc5832c6c7e7e77a652958adc7e0e9b9e0ff9","ssdeep":"","tlshash":"6de0c204cad786867d081842236e14377191d90311cad616fd6db1079f6350f95e83dc","size":312,"data":"","first_seen":"2026-06-15T11:55:06.121232Z","last_seen":"2026-06-20T16:22:07.842386Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e6e3aeb898acbd4a878d2a4c830dd92","sha1":"f782f88074d0c729711725876c2718dc8879fbfc","sha256":"b6442ecee3e742d092abdbcb97cb161bd3636a4612d30a44e8f887c8f82d4fce","sha512":"63a18802975cd43dad99d114d34a4edc80b1dd9041648df906222d577d13b1f13631e76d4d4b55ccdf6bdb57751b127cfb65df889cd3ca739386e7879f272e98","ssdeep":"","tlshash":"c021a5d980d5530995b738969b8b2a01312394b714cc50077e1cf1691f4a31f59cbf9e","size":1250,"data":"","first_seen":"2026-06-15T11:55:05.891752Z","last_seen":"2026-06-20T16:22:07.843317Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1dd6316dc813d406048b3a315594431","sha1":"c492fc2aec84fa5cfb577cc5cf82e2021ce5b26e","sha256":"b36c675a92d7d61fa7048bb3aac39f729df258edac9b3a16786b4965a6d80430","sha512":"2face40d6f1271c064230eef9c61211667ba0bc796b300082aeecd4b425b6261432577174a8212dd2932c6e2aa055e9b200365405e00c7282892b39e4260a780","ssdeep":"","tlshash":"a54173d8f74d2a4c186b21b64b5e40c8381c183ad8614837fe2cac785fa6b185b59e2e","size":2251,"data":"","first_seen":"2026-06-15T11:55:06.129016Z","last_seen":"2026-06-20T16:22:07.844908Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/jquery.cookies.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"de952eda41b0edc0b5c416ee48f7028e","sha1":"dc07de882ab68370534fbf9440ac7b8c068695a7","sha256":"631ea2bc942c1791920270ba02eef37774aa10db3994b4936a2b5f891a970ff7","sha512":"674fd3c9db480ecf8680822131fc80f904ddfb3907a1033ae9ce06019a87ac6f9eb6d6535e6aba0ee0b601d039d55da7e7cd247a67db5cf7bbcb8408116a03d1","ssdeep":"","tlshash":"1b516554b6cc375f07ab22416b6f50aca63cbf72255808dc885965f82c60c37db9bd2a","size":3139,"data":"","first_seen":"2023-03-07T12:09:28Z","last_seen":"2026-06-25T14:58:59.654591Z","times_seen":2880,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/layer.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ffd5603784dbfeef189498c1a705c15","sha1":"983f2308aab1a1addad5be4f1c49099f5dd589cc","sha256":"2aa83aee413f9b91a2dcc536cfd6acd6e44b3fcdb59c26586e32d083396a8db5","sha512":"76d0b3952e17783ab3b597d0db1f734bf7b933ef8ff316c8107f5192f1ecf318c3f11c9ba10a4d15063b26cbb32133af7581070d7c782ebbbcd6580cfd21545a","ssdeep":"384:619Cih92A3igTLXSt/SdMrXqE6K+LxzAOTElH0jjhtjfs8:614iV3iaWtXIKiF13k8","tlshash":"b4a2b66a754034976323906ad11fba0b31f21d24d7078128f22ba4be1dbcd95a2b7f5f","size":22041,"data":"","first_seen":"2023-03-07T01:06:17Z","last_seen":"2026-06-20T16:22:07.807463Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/ar.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.767Z","timestamp":1781707740767,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/ar.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 18 Sep 2021 13:27:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6145e95a-aa1\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QXZG4fYepCqPwaNaOt4AkwWv1vHSC%2FPDPCF8FtqVNSAJ6%2BwpUG9fG%2Fns4ykM0euVQyfHZRygHcedOiGch4eTCwh0Ys1eVUs3LfoHgNJKQ%2B1YsW3ZXuWaClsXsWM1s%2Bk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cee45688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2721,"size_decoded":2413,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 268x134, components 3","md5":"e0205f30c0fe26018d0370dc1933582c","sha1":"485c71cb9e473e70f69b98a1aa754ab80974665d","sha256":"70ac6f473e35e7785fba3ba68c15fe9c723a4b4e68fd3d770df4d49ba9800a27","sha512":"d48a8c1f01521c7a543c9cdbe0a118f4c5a8a2b923048f5a167d407d3f29be2f29fe48b16db2f4f71d2cc08fc0100b1cc40c90b7e7311e900e1e47246cb17a5f","ssdeep":"","tlshash":"cd51d7242f96a229d295b37f85870b04c2bb1fbe472022070dd7a154e937460dc6f364","first_seen":"2023-12-07T04:32:25Z","last_seen":"2026-06-20T16:22:07.789508Z","times_seen":46,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/market_ico.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.783Z","timestamp":1781707740783,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/market_ico.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 19 Feb 2023 16:33:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63f24f61-478\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FBRoUhA7u%2B4sW%2Bm%2Bgy1F02BalnUbkxlmmw8qOcvKwXVgijTN8i5Ko1T%2BloKY%2B89PcYz%2Fxm7tvy0RQ2zuUFph%2Bl2%2FLKhwTIdWX8GlpF8B5ERklqUDN1HLVCti%2BXfNC9Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3eef55688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1144,"size_decoded":1959,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c38cb6c12bd6e6adbb91b7354c595667","sha1":"9d0e94671c92c9a2b5aec513b548b975be933092","sha256":"0955cb8820daf195e1576c0adc5fcc8d986a35194e41c7440fc9f2cb85cd2627","sha512":"b445030a796adf66a9a740cd1a69409c8db93270e3972f7ce725e45434e01f57d3f35ece660102f691cdde2805201653b2483a0d064732032e72fd3972fefbb8","ssdeep":"","tlshash":"fe2193cbc80e8822d72e796249b9a91bc0206a4144ed7a6d7503c7a6ab7748fcc426d2","first_seen":"2025-02-26T18:00:22.735634Z","last_seen":"2026-06-20T16:22:07.78533Z","times_seen":32,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/css/modules/layer/default/layer.css?v=3.1.1","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.459Z","timestamp":1781707741459,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/css/modules/layer/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 31 May 2021 05:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60b477be-3859\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gx5%2Brylrp72pBS%2BR4DVJCwArVuSAsoJVs4sS%2FcEwHqjOsGCmFtBpYV9bjZTL3xFayIMVkJzfQSCiAICg9SEUkDtRqfP%2B73hI4rfiX0zroiEcWa1uvSOuF5ir0m%2FkpMU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc81f655688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14425,"size_decoded":4049,"mime_type":"text/css","magic":"ASCII text, with very long lines (14368)","md5":"cdf467c11d77287b09cec22297aa06b2","sha1":"57e147ee3cf8a1ea2194bdfbad5e69083fa578bd","sha256":"ba2baf1bb08b0bff57cce75934bab7768c52567bf389479bed787004ae6e653b","sha512":"9c24a7c4d5d151652e246375c42f4ef2eb29a33dd9b4bad8c19ac2dd52086db91988d0f87c5d547f377499649f02e6ac4dbe4ee7a06d8a65cb2b445482104ab5","ssdeep":"96:Jp+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:KWmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"f55231e144811299b0278721d6dc7eba32f88d43e5630daef2573c1f874c6dba2b6647","first_seen":"2023-04-16T09:58:27Z","last_seen":"2026-06-20T16:22:07.801695Z","times_seen":593,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/layui/css/layui.css?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.719Z","timestamp":1781707740719,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/layui/css/layui.css?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 18 Nov 2021 07:39:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"61960329-1224e\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Icrdi4p2Q3nGwoC21uGUEP78KWyuNtnlhoFlh7yiy5oTkzy6XteIt73RS4rCB3K54reP46EH8xbEP4mMmUMFaiqceJ3dzcKeNoE%2FH7nbc51pzLLbAG0b62XxL%2BTsIIs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc38eca5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74318,"size_decoded":17346,"mime_type":"text/css","magic":"ASCII text, with very long lines (65504)","md5":"6490be49e910a3e2ccac0cd63ac5be57","sha1":"bc1b9e3070e5e051a9132a27f9a5ac494d4ded1e","sha256":"4d891687db5cd12b3f5fb777a151efcdc0a94bae9e4231d719d0b3f7716f8f2b","sha512":"09083b4fd7802d880b94aa6fe674f8c5ec5b7fb63b550251fa2ae04b622d6164e1551998e4d7c8aaa152e303da70b9dce2c94747655a32b7000fbad8c11efc9b","ssdeep":"768:4/nEWwcY/8zYbRzycl81JpZlwyQaIYKsR3zdVhlu9Tr1BpRBtfKa6G6nr4wdV7np:tWwcY/8fG68wjHmavq8","tlshash":"59739632e6012ca5762bd215b1dcbdfda0789512ea634e6df3823b1b87848471077f6b","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.766643Z","times_seen":44,"resource_available":false,"data":null}},"time_used":488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":486,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/lang/en-us.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.732Z","timestamp":1781707740732,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/lang/en-us.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\npriority: u=2,i=?0\r\nlast-modified: Thu, 16 Sep 2021 03:33:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zKyc5UKc0PeRIcmBrO%2BE%2B%2FIH39n1iotoHSyCQZk8%2BjZdTLAxetEXdijpFO0oVaNYmNDkD15HjOdeBpZqxHcTu4xcqCMipw3OVx0ySCTStL%2Bf9kNGZN%2BDs2ix2EumaYY%3D\"}]}\r\ncf-cache-status: MISS\r\ncontent-encoding: zstd\r\netag: W/\"6142bb16-3ca\"\r\ncf-ray: a0d2dbc39ed05688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":970,"size_decoded":1221,"mime_type":"application/javascript","magic":"ASCII text","md5":"26fd80f238136ab70ac2545308240972","sha1":"9c53209dece13d2ea508801018e17a48ab20ec52","sha256":"4bc90ecaf4541f9f71e04744f90b02ec404ddb22aab1dac753d96e171e1c1185","sha512":"efb3db97c63e2cd7d447f8337e3b29c7cf369b261eadab75aa887d196feb57c4e44d0f1f2a96fb82190673acddb1c8735221617f1d6d1e4c119dbf4b5c0cd10d","ssdeep":"","tlshash":"87115c55520c9494050694cb76a716c5df8540770981768ab7dd81dc7f8bc2be2f7189","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.838233Z","times_seen":116,"resource_available":true,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/pt.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.771Z","timestamp":1781707740771,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/pt.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 21 Mar 2025 10:32:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67dd4057-38cd\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2rhtNN2YvjwYn3QAxmj4BNFWpf%2BmsNCMiVQSusfkjDI5GRhUlZ45YiaMFdqvGVVcJMwYyuU8GnelgQ121skr0Pj3KdEnowPX5ofFAzru6QxCixvQgShtQ6KZ2CmTRwU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3dee85688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14541,"size_decoded":14880,"mime_type":"image/png","magic":"PNG image data, 320 x 214, 8-bit/color RGBA, non-interlaced","md5":"d20acf3851df84b6fbd83d247c7d3064","sha1":"59ddcf2b54c4203b446e21dffddc075ecaa95f93","sha256":"166e45778ef7d81446bb0a42313461d5e386adec3820fe495ebfafbf3d7d0364","sha512":"4cfc9fe79e3431fe5f4c692255e6cb91b538ef07339d305f021d2b45bf78dc94bc278ed0c7bc0129cbd2ee8d11411e7dcb3c05d64d20973469f25c2ba0ab0588","ssdeep":"192:GYhMbaHRjwydKQgVKaRsFsJpm8bBbFPFifFQbee8YMn7D7Pa4XHfGgwPwhotKLMX:/LuepgtRsFImItFidWM7PPaIHZwfYe","tlshash":"91629fdd7156e242e4e8e029d9be503df570c127383e12eb096df75b09af184ab7046b","first_seen":"2025-10-09T14:27:31.920534Z","last_seen":"2026-06-20T16:22:07.836191Z","times_seen":8,"resource_available":false,"data":null}},"time_used":503,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":503,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/earth.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.758Z","timestamp":1781707740758,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/earth.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:00 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:24:57 GMT\r\netag: \"63f24d59-277\"\r\nexpires: Wed, 15 Jul 2026 11:54:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 183267\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L6LKTFR529bkIZ5GfAJmwTbsp2GWoHmY6IE3%2FniT6WcKAosShpYbKLOOCpCb6fqc2anySl%2BpLKm0jDvr75%2FHMgVV7qLzSAq7H76vx4CXb9EeHtTSGFP7qnxKYv%2FL7yw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 631\r\ncf-ray: a0d2dbc3bedb5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":631,"size_decoded":1414,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"364a83017bdcf5096652b1dc7d6c54a2","sha1":"241ac64fb0e4db0e2c1a554ce129b5d897a5683d","sha256":"8d4eefec090b8fdd600a40fbf67273a0f18a1c23af1a83972e8d1da6186f3b1a","sha512":"2af7b18054d07d8376929f2958b31d7747046324c328ab98a7db15ac1b00953d9fd93a1af5215478e4351555f672485411e0989fc191b6e69d64f633c5135fc0","ssdeep":"","tlshash":"40f062f650285f1be018e1b8a11d517bdc1b80b051d098283e2bf8da8a3a90d1196ad2","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.797356Z","times_seen":37,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/cn.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.760Z","timestamp":1781707740760,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/cn.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:00 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 12 Sep 2021 07:19:18 GMT\r\netag: \"613da9f6-23e\"\r\nexpires: Wed, 15 Jul 2026 11:54:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 183267\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mK9%2FXilRbWxZxTY3DhTwjGT2YoWgmdZT%2FX1but6Q19bNXer2lfiZs3x1TWRqOK6RaoBG8uMsOn%2FSfnL6Ttyy88765tY1LFCipexbBEOSg0RCxyVzC14K%2F0geoCI0npo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 574\r\ncf-ray: a0d2dbc3cedd5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":574,"size_decoded":1357,"mime_type":"image/png","magic":"PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced","md5":"09029b827b228c61914d429e5f098372","sha1":"2607dcd4c11f5518ca031ef5f053427ba64bce87","sha256":"d4b56d87fd85cde734c00c125f652f584523cf19d167948bf5c97fde047ed706","sha512":"22d7e76c58ff6d021495f9fb65c695f1a5a9f376d8c190982e0e40d03bf89478c1f9f154ee4739c896cd14cd345e0b5dd7febf1a5f2df46f73745bf6d5d9cdba","ssdeep":"","tlshash":"e4f09606628b7c142f1f9db3e2326430ac3eeccb91ca9436900c146153a0764f734547","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.798847Z","times_seen":294,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/user_withdraw.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.776Z","timestamp":1781707740776,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/user_withdraw.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:38:47 GMT\r\netag: \"63f25097-1f5\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UcQOTtLyhT2h2YWLDIE%2BdMMGG%2FJ9lEPDFqe7PUL8PYmmjFJIaR%2FmmA70w1z8eM8NZ90fUfMBavHB2FpJ2ACSWDalArHd%2FerqZg93guIkD47AScKE%2BERcgOSub3SLnKo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 501\r\ncf-ray: a0d2dbc3deed5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":501,"size_decoded":1274,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"bd3e92965ba7cbf7eeb81c4dab73632a","sha1":"3fbc1882fbcaf51e8dcec54c16272cb8676dc545","sha256":"b0af5a11a40065971fcf2450e55d329970471bb1c65ba33c3aede1306027adc4","sha512":"9177a37b060423156841b3f4541fba27a9dd678645ccf3078155e92852e5de23d77d239f4903919d92add9dbd37596fa63144643b4b9d94341d7e36af6fffc2c","ssdeep":"","tlshash":"96f05c83bb38bc73ccc09f304cf61ed3c27643e08b6186490e21ee38b008aa0a0e0705","first_seen":"2025-02-26T18:00:22.713677Z","last_seen":"2026-06-20T16:22:07.825461Z","times_seen":40,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/bar-right.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.288Z","timestamp":1781707741288,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/bar-right.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/static/mobile/css/mobile.css?v=1781707740\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 10 Mar 2023 01:41:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"640a8abf-810\"\r\nexpires: Wed, 15 Jul 2026 11:54:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nage: 183267\r\npriority: u=4,i\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vfw4imiD4mZqnx8%2BWg0J5%2BqqsTJhj9Ct%2FkJl%2F1Hrj9xD8oAIG5zG8L18jY21tGBhvPHrbZCSWoznKz7dl%2FIO%2B26xI%2Fblv2j2QHZu3hp22OPNVPY3hukfX1BEVt2zBzY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc70f595688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2064,"size_decoded":2133,"mime_type":"image/png","magic":"PNG image data, 210 x 16, 8-bit/color RGBA, non-interlaced","md5":"6d506e21ad1a31db63ac286259d8f5bc","sha1":"6ddca17c5680b11eb52c2c21fdbead826b5112e5","sha256":"da85579c28fbeb70f1bf970210cfb2f8026574f3530ff6e452921b1df0e9f2b3","sha512":"d7cf62f82c6dfa2ddab288e85dc1858336ff238b6860434c9660ec7dbe6372eaf6db94187abc36d66806bd0aff77e3ad4b8d501e72825a1326e4d7d99a6bba0c","ssdeep":"","tlshash":"0441810bf9457d112a4dfb066af790676b2387d09a81a5c6bcd95d07acb20fccc0c2ca","first_seen":"2025-02-26T18:00:22.731167Z","last_seen":"2026-06-20T16:22:07.811172Z","times_seen":36,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/favicon.ico","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:02.019Z","timestamp":1781707742019,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:02 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Sun, 03 Aug 2025 14:59:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S7ydRzL%2FU%2FR6A7o6Y6QNQm%2FkNK2SLjF5M0sk9M1bOEmitwBh7%2FJ0CDRDhUudDXYjaGYvCVjaC9jY2jszNuPUF2JrOxsfhlQChcVltq6TydLrP84PD%2BhZnsHmeDsnqQQ%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-encoding: zstd\r\netag: W/\"688f7937-1083e\"\r\ncf-ray: a0d2dbcbafbb5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67646,"size_decoded":28981,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel","md5":"1e072646188d0779006d7bad3fdb30d7","sha1":"0dd203c14725f2666439f992b3258731214da63b","sha256":"1c7cc85904eba201fab73b86282a0a467b0f19914327b5a14627258e335b890e","sha512":"a247a3a2b005cbc6c8b656b9b83ead2bc94ed811d1404ce202fb45fbca035a1fa7f39e5dfc06d743797d03c87230af47d7141ae4cf8f91330ace28ce2f752892","ssdeep":"1536:u4Z1G4qKhfl6Zdwx2jXIXedEpyHlin/UmzKYFxP0upZ8YW:u4Z1GLqyedi","tlshash":"4063b7d1a481064bec152f3424317fa9426bafe9fe78f355ae90b22b7bb35c24431613","first_seen":"2026-06-15T11:55:06.061001Z","last_seen":"2026-06-20T16:22:07.77226Z","times_seen":3,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":124,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/lib/font-awesome-4.7.0/css/font-awesome.min.css?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.727Z","timestamp":1781707740727,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/lib/font-awesome-4.7.0/css/font-awesome.min.css?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 17 Aug 2021 08:01:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"611b6cbe-7918\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iiIQFLrF5cP1kHSskRDmM39eqIaRbVEcsIK0uHTIdnQGcGDKPT%2BZNazMT8sIK9GBCwwczneLmAfW51MKVoGv2BPyWOcofnp9ndB397zjoO3Sc%2Fx%2F4RHzriGUYIqaiho%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc38ecd5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":8583,"mime_type":"text/css","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-06-25T17:22:08.637632Z","times_seen":290301,"resource_available":false,"data":null}},"time_used":385,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":385,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/websocket.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.749Z","timestamp":1781707740749,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/websocket.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 09 Aug 2024 06:29:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66b5b73b-414b\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=abkXAQMhF6mQhIx6eHessDezTBptprmo4UNnRqNIbWlJcB8qpp8bvlICRBKMmAmXbA9Es%2FSyqEU9%2B59ZXLZm%2BgVKqDJtuy1zWuYO4FPNnQeqmKa1w5Pwce9i%2FyderFg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3bed85688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16715,"size_decoded":5402,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"59b7534a489b4c5f2bc40c33d935fa89","sha1":"8c4c070e05acee947463c89d092b5ea7c03c1389","sha256":"8384e80491e71ad73e8ba90e926c0df5625eea0c03962e4885f3914ade6d9ab8","sha512":"4d885fdb2b32298fc3b2a58e78224e826cd104916cf40b1ed3925d95a0e27e8a33f7fc761876c27694501f643301497e37e00b90f6ea5e5aceaaafe240770def","ssdeep":"192:KO/IyXiscXXSYkcJqX0DJpBko7F9s+uMYIlnTrccjt4HywGb3DDFr:KeIoIXiYkODJ/kMrs+uMYIlnHIH8l","tlshash":"5d7280a0b3ac1a5f41f6161580bc66c4cfecc571827984e7f2baa4e05358b19116beff","first_seen":"2025-10-09T14:27:31.994749Z","last_seen":"2026-06-20T16:22:07.778988Z","times_seen":8,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/home_ico_HL.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.782Z","timestamp":1781707740782,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/home_ico_HL.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:42:02 GMT\r\netag: \"63f2515a-34a\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=He8JXMq0W69VzkKnwpN29z2flDEvrKx8zCw0Vafgg6PSMtZHr7Vqd0jM%2FmG%2FAE1zkXIhjxJF%2BPrikDZ90GpcyQYCRMI2oxDuqhfZ8jJaEPLse9PNrgkHCTarklby2e0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 842\r\ncf-ray: a0d2dbc3eef35688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":842,"size_decoded":1611,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"59288ebf5b1824f2c55da80cdcf6484b","sha1":"a1eb7616cdba90ce1e7b1c96367eedf8c0b63f25","sha256":"10967137c2aa860e517c12d3ee52b10e0c11d005fa728b0693d9a1c74c07f96b","sha512":"692753b33c0056f3f5acc7f7e6496f4ae0d2f2c5642bbe4f1af8c8caa3cdde0cf68ff4470aef5ce270ad7b07ae4ddc6cbe86a00f70545e84ba47c0f760b8e89f","ssdeep":"","tlshash":"440152b775149233ee66d5238979112063a131091a47f79b9e016d028810ba2a1fe58b","first_seen":"2025-02-26T18:00:22.734909Z","last_seen":"2026-06-20T16:22:07.810177Z","times_seen":52,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/element.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.460Z","timestamp":1781707741460,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/element.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 31 May 2021 05:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60b477be-1c60\"\r\nexpires: Thu, 18 Jun 2026 02:49:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LIc450J0gh3reX0%2BPz0pNquuLbkCjrnRBAEoTIGzC%2BRSTVaDLhYSroqnmOZPCzoT7Vioz%2BZTy3%2BK3O525ESSjEcRU7TzeA767PPOAeeNVF4O8LW4Fm1EBp4iA8OFzMQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc82f665688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7264,"size_decoded":3544,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7203)","md5":"784379625afe1516f69075a78007e7bf","sha1":"4eca1e2bd313d46ddcf113095074da797b145aa6","sha256":"763c30063a00b2698ab3aa17948b5008a33d477fd7dfd45f11f3d4a49e29b73c","sha512":"f08d8e5c3c091ca2a0f00109cc55dcf9a7ce055996f1fd2d6cc2f7b414e533c0b8356fb5bd3ec7eea1692e5aa56d2be0465465f60479f3eb2afb783cec3ca87a","ssdeep":"192:nZKp8KKtRtwFC2q6IsTPJB91RGRtX9uEUn0Gs:nZltcF+6IsTP5ONN","tlshash":"bfe19518b05236f73197b5d143bfa21da03f4636e70246ac3066d4ba09bbd891673f9b","first_seen":"2023-03-07T13:00:48Z","last_seen":"2026-06-20T16:22:07.812098Z","times_seen":269,"resource_available":true,"data":null}},"time_used":676,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":676,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/favicon.ico","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:02.017Z","timestamp":1781707742017,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:02 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Sun, 03 Aug 2025 14:59:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HHRDfapOqJK3YfLJZziU6dt5%2FQ9sGD%2Bj1EnF5jPEMikYFplr3aLTL7VwPYmXzqXUx%2B2TrVrcAXDBwScGp3Aa4SSJrp074caoZnIM7Q9hQ4Rkg1sNXQkYwrrkTc6TRFU%3D\"}]}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\netag: W/\"688f7937-1083e\"\r\ncf-ray: a0d2dbcb9fb75688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67646,"size_decoded":28977,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel","md5":"1e072646188d0779006d7bad3fdb30d7","sha1":"0dd203c14725f2666439f992b3258731214da63b","sha256":"1c7cc85904eba201fab73b86282a0a467b0f19914327b5a14627258e335b890e","sha512":"a247a3a2b005cbc6c8b656b9b83ead2bc94ed811d1404ce202fb45fbca035a1fa7f39e5dfc06d743797d03c87230af47d7141ae4cf8f91330ace28ce2f752892","ssdeep":"1536:u4Z1G4qKhfl6Zdwx2jXIXedEpyHlin/UmzKYFxP0upZ8YW:u4Z1GLqyedi","tlshash":"4063b7d1a481064bec152f3424317fa9426bafe9fe78f355ae90b22b7bb35c24431613","first_seen":"2026-06-15T11:55:06.061001Z","last_seen":"2026-06-20T16:22:07.77226Z","times_seen":3,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-17T14:48:59.981Z","timestamp":1781707739981,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:00 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: lang=en-us; path=/\nPHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; path=/\nSITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=0,i\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=adhEnFvBdN7C1gDuUf3sGjdoo%2BkPqwG3cXqaLN6NVNTvaL0NTDKnkI7KsZSxN6roFJMQDJB4TkgOzfVzxtqiMqHd%2BlWWTgoE22LL76gKBp%2BUgiwjXJ3eWaDL9Neh4n0%3D\"}]}\r\ncontent-encoding: zstd\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbbf4e845688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28482,"size_decoded":7331,"mime_type":"text/html; charset=utf-8","magic":"HTML document text HTML document, Unicode text, UTF-8 text","md5":"79b4e880a81c47375ba131e71e66a812","sha1":"360d9878fbd60c4608a0f46aac23133e8c911d3b","sha256":"4ca0a0ca7e70313616f1f94d468612e42b96a89aaddec2e9b3021954590dabf4","sha512":"ebf353022aa8a001eaf965979e31d50c9e9174c7a8890c8975cf4ffcd0ee4785dcbda7080683ca2987c157102963fcec80acef937fd8472fd0e710cdd740a2be","ssdeep":"768:lcEHJMCpQBW+pCvy89RqkVs7T2suTSiolm7:dyIRh2uTSiolU","tlshash":"75d2350050dd086360b350c7e6aaaf29b4dfe876e36f4004b3ff0d9a5bc7d196a5a616","first_seen":"2026-06-17T14:49:31.311611Z","last_seen":"2026-06-17T14:49:31.311611Z","times_seen":1,"resource_available":true,"data":null}},"time_used":494,"timings":{"blocked":0,"dns":42,"connect":22,"send":0,"wait":430,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/layer.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.322Z","timestamp":1781707741322,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/layer.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 31 May 2021 05:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60b477be-5619\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xRM%2Bl0jpFDaP1F8xIEMNEexOJ4gbdgem3xc%2BSew0ZBl5SV3yEav2J0dGg6gJndo4OKyIlqRbPWsm%2FGZKxZt5QgJqwXWS4lyd2Mx1FDRB8mlNkf1H%2FssgMfvJMmBQj%2FE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc74f5d5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22041,"size_decoded":9142,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21984)","md5":"3ffd5603784dbfeef189498c1a705c15","sha1":"983f2308aab1a1addad5be4f1c49099f5dd589cc","sha256":"2aa83aee413f9b91a2dcc536cfd6acd6e44b3fcdb59c26586e32d083396a8db5","sha512":"76d0b3952e17783ab3b597d0db1f734bf7b933ef8ff316c8107f5192f1ecf318c3f11c9ba10a4d15063b26cbb32133af7581070d7c782ebbbcd6580cfd21545a","ssdeep":"384:619Cih92A3igTLXSt/SdMrXqE6K+LxzAOTElH0jjhtjfs8:614iV3iaWtXIKiF13k8","tlshash":"b4a2b66a754034976323906ad11fba0b31f21d24d7078128f22ba4be1dbcd95a2b7f5f","first_seen":"2023-03-07T01:06:17Z","last_seen":"2026-06-20T16:22:07.807463Z","times_seen":435,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/form.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.510Z","timestamp":1781707741510,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/form.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 03 Aug 2021 08:56:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"610904aa-2577\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v0D1F2pLxROx4lctMhWtl6dfVs5wIwN3r8NCnPvAl%2B3OC3LuW7EgZI8Cjtvfy6bxlaX9x7Vevlvwo0pd3zo55uQ9Tc%2F5tMESKGDBxFx8JHhtzTbEU4IcPiyQY4TSb7I%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc87f6a5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9591,"size_decoded":4950,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9284)","md5":"a55a0aaf3d84264e3373f58f347a18fb","sha1":"921760fdababb5639192c73866c1b3b5f2ca0644","sha256":"03315f4a8fa90d66f3115d686bcb50d9356136607f92edbc9c59d4f27090a0f3","sha512":"7295dd0874606a2605b16a49ca696bfe305e16d769a7d037cfba0e074591e4def8dea94e4157cbd7c52e85e8de4ae496155c0af6d21b00943ba04ab6164edc13","ssdeep":"192:7U7m+EjWnSTmyANS4B7R6EoHv9w5iaHe16GL:7U7msqmHBV6LP9yiaH6n","tlshash":"1312a319715135e2367b60a1405f981ba0bf4635ab09c8947093d4f92ebec9493f3faf","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.802748Z","times_seen":113,"resource_available":true,"data":null}},"time_used":405,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":404,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/jquery.cookies.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.747Z","timestamp":1781707740747,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/jquery.cookies.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jun 2021 06:32:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60c1b1ea-c43\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5a%2FtK9YpzP2OlND%2BxqKf5gHfm7AxokUVtrxuB8J0WYhYxT1DCfzonrOpoJnDJ4zCsuFNLq5jCVjRBsBhcQFLyV0lSoszdTUgxh%2BKVDmWLz5JwuSdhoDq6B3CtFpO5ok%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3aed75688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3139,"size_decoded":2229,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"de952eda41b0edc0b5c416ee48f7028e","sha1":"dc07de882ab68370534fbf9440ac7b8c068695a7","sha256":"631ea2bc942c1791920270ba02eef37774aa10db3994b4936a2b5f891a970ff7","sha512":"674fd3c9db480ecf8680822131fc80f904ddfb3907a1033ae9ce06019a87ac6f9eb6d6535e6aba0ee0b601d039d55da7e7cd247a67db5cf7bbcb8408116a03d1","ssdeep":"","tlshash":"1b516554b6cc375f07ab22416b6f50aca63cbf72255808dc885965f82c60c37db9bd2a","first_seen":"2023-03-07T12:09:28Z","last_seen":"2026-06-25T14:58:59.654591Z","times_seen":2880,"resource_available":true,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/bar-left.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.286Z","timestamp":1781707741286,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/bar-left.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/static/mobile/css/mobile.css?v=1781707740\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 10 Mar 2023 01:41:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"640a8abe-7f9\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q9s%2BQ6bFGOehvVIsrF7dbaW3BzhAqauxwLs4K8jVehOPJEk%2FJJqPmayq0nYntvAgmqg%2FM60p1IfdrYkFzO8dtAlsdIu96tHBGkC8hAC%2BgyyyPNwzAkd%2Bv2T8aIFEb2c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc70f585688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2041,"size_decoded":2103,"mime_type":"image/png","magic":"PNG image data, 210 x 16, 8-bit/color RGBA, non-interlaced","md5":"3534398517d4c701b134c0b54373012b","sha1":"8059eee19b3eef33d698f232c7986943835978ce","sha256":"2792e2bc2f685e496ea34677dfb172585e80f7c346994836e8a82caefa6638ca","sha512":"39b6e50b92170da611ac8bf6475a996f20b56f964fd9b6dc03ab8d445d5869d9f5c45a8b3c13cff5f3d9e7227cb70a9abc55257b08a4a4dda5d2e6af10632da1","ssdeep":"","tlshash":"2641b389f9519a02350df746b9faa0ab663743c4cac08591bce24b63a0711fccd1c1e7","first_seen":"2025-02-26T18:00:22.72948Z","last_seen":"2026-06-20T16:22:07.768697Z","times_seen":37,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/layui.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.733Z","timestamp":1781707740733,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/layui.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 31 May 2021 05:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60b477be-1ce3\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gPBo9q%2FzrvVvReS%2BML46qyaWAmo%2F%2F3uStI5Srf1JwgJNmEH7zt3N1zcAwlH5Qd8r8i0EbfmHppsPQxuPfMTQDom1TwMmWRAKlAUkc9PY3L9uJ4cJix0Zzv6Z8OTKzM4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc39ed15688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7395,"size_decoded":4065,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7324)","md5":"055cb5361d0dadf75de67f6875def943","sha1":"97ddce827fedb8869a9d0248a16b70c14da2a8ec","sha256":"91ffac1a9d64f3dae4e8091b4feea25981e750d279cb71491b25dc24b33ecaf2","sha512":"3c074594a667484aa78b2227f834c4bebab07a6b4bd795f94570d3e3da911aa48275e13c54e1c6848cd2ec1fbb2bad5cb104e9a6bc1f71c967e93dfde62aa9b2","ssdeep":"192:TDTGeNtb7/j9Eg3JMunJYJjdlrr1+p8XqlPBOTXLLRUweK:TDTGeNtHj9Eg3JMunOJjdlP1+K6Pw7Lz","tlshash":"c7e1a898b5b27452473b306572af901ea67b44ad284c8090d1ced9e63cb6cbe4377f9c","first_seen":"2023-03-07T01:06:15Z","last_seen":"2026-06-23T23:15:24.382982Z","times_seen":545,"resource_available":true,"data":null}},"time_used":364,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":364,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/customer_service.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.781Z","timestamp":1781707740781,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/customer_service.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Jul 2024 12:51:51 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66a8e1e7-e6f\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nW4yo%2F9kDs80rCe6znDPgqoYqVgr6xX5kCldq1CiM0U1Ih13bQzp0yZDigacw%2FNAqYMpNAIcTn%2B8endC44WVzb7aS7MpLC6qCx6A0e1ZP7mhmj37rZKP8l1RXR7RiLo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3eef25688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3695,"size_decoded":3657,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"1469793cbb91807375433d60e62b76d9","sha1":"444e789ccd6aaeb62d8993736e6d31f8b2e4bc94","sha256":"ff1af355e6b647d13a793b652bf1a077d2fe86c944f955e30ad59c7185811b7b","sha512":"214b6daf017a638dd0411bbb24733c4d4b992e7f764713c1d34cab5980f4b8b7a339e64af3329cdf41d1e2f52c7827464b0e7bc23bbcd97c6d646688c03e1298","ssdeep":"","tlshash":"4071f945f940a981b60eb9c2bab2f1439b7b06a4c7c0a4ce7cceed015e302fac55d0d6","first_seen":"2025-10-09T14:27:31.968468Z","last_seen":"2026-06-20T16:22:07.815248Z","times_seen":8,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":377,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/jquery-3.4.1/jquery-3.4.1.min.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.730Z","timestamp":1781707740730,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/jquery-3.4.1/jquery-3.4.1.min.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 17 Aug 2021 08:01:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"611b6cbc-15851\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=snhvaWaOf6TvbHn57SeQ6RM91aCg3micj1HGRrmdrB%2FYvJxE%2BC%2FAiDCIskZJRbjPPVewUKTg%2BCe%2FlbdJdnji%2F8FE353qeoiD453YTTXTr6CewIea02fW5JG6HUXGrug%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc39ecf5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88145,"size_decoded":35286,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"220afd743d9e9643852e31a135a9f3ae","sha1":"88523924351bac0b5d560fe0c5781e2556e7693d","sha256":"0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a","sha512":"6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"338319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-06-25T17:39:23.694155Z","times_seen":134779,"resource_available":true,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/iosapp.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.743Z","timestamp":1781707740743,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/iosapp.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 04 Aug 2024 01:45:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66aedd1d-806\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2WcEUek7A4uRyp3fIAsHrs6CH7uuresJCP9SH6FlpgRitnZ1kVT5GlgCYRbfbZmIEPC1JzbaWyID3TyFuZQ6390HOrUHS06BCC4An%2F%2BTOigyhmXosFFZoJ8cXuq650Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3aed45688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2054,"size_decoded":1677,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CR line terminators","md5":"7c2f59781d7868eff1bed99be0478af8","sha1":"d8bd7c15428c99cdbb38795df05438471953ba6e","sha256":"b16d7795b265d380540612bfed9739a90fb46aade4228c670fc8d17abce9adaf","sha512":"2e979baf0d2f94e91eef9665df48555ab4dcf4e7b8bc149465ec25d9e09a07dd625edf0750a6f9d7e47f64162f8099663c7986c4a4840948b177237581b4ff6b","ssdeep":"","tlshash":"c94132999a9d683919d3b42d1a3fb15c72333aa5a4428110bc0fbf943b34a4a162db98","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.767243Z","times_seen":44,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/index/index.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.746Z","timestamp":1781707740746,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/index/index.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 25 Aug 2021 08:26:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6125feaa-1211\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MPr1uAaVNpLm7ZEtY6GHpqddIMGARcwINzRRveZvLwnSyDTdwSpl9fbT4ymLaDgI6nFlGRCRtgkiCXMk1A7S6S0rDzI7YkmtrVhdkJrXNAbztcOOIHm0IgieCdRMFlE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3aed65688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4625,"size_decoded":2480,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"0dcd53515a6992b2222ee4d9f4a3e682","sha1":"0aa981db906694ccb7650bd5defc855bf01a2f18","sha256":"4cf6b72d4faa38b5a6d0500c798cdabeb6a4f241d34d0612bbc6c328773cdca0","sha512":"795e3c8e0b69f8875b02c8ab820c1eadea220864ae64192e419ef354898b01684fbc71b54a49bbbd344e5bb090c96999459eb5df90e5be998791a2072b5509f9","ssdeep":"48:4NHsJYS7AEGyUjmHAuEZBnZBJOt9dxGiKsu5RtpmJpZzPDvuli+hIg:mHsJ/oQARZJZTADoPtpI3v4ikIg","tlshash":"88915606e4e314536e23909a8feb4005a1adc033d20acc4dbb9ed69e2f5c9ac5555ede","first_seen":"2025-02-26T18:00:22.704148Z","last_seen":"2026-06-20T16:22:07.840115Z","times_seen":38,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/jp.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.762Z","timestamp":1781707740762,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/jp.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 18 Sep 2021 17:20:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"61461fc6-1dc7\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbCxHAstSwMF%2FDljUQ3M5pq3l8FduacN4Z2zUVxK8fOmeFSGYGQm9z5bC%2FakyESFk%2F8l7sD1WpJmNXU0lMGnVBlGbbOl8fDxuVZ42GWhhJCJNs7cie2bMijxtH5piio%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cedf5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7623,"size_decoded":7686,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 47x47, segment length 16, baseline, precision 8, 268x179, components 3","md5":"2c1af6592dad54dc0ca627bfa876b424","sha1":"b6d122cfae18620c59dc31c52df8fa79ac2973e3","sha256":"3fc7b561aa8629c9e0a7d904a0f75e80bcb47268a549e1bd44705bb6518aea22","sha512":"bbd01ad1bbd449cb41a45ab4e20747562bcfe75c3505a93f01a9d20d6cf01d73970c4bd8cea9518351a716af6165280335bf7b1119630bdad0cc0e0e4635e399","ssdeep":"192:BoVwrqC8KG3v7HbONd7sqi2KiD28OCha5aq:BZlwj7G/KctOF","tlshash":"6bf19e7799370b91ccafe335242e939ccf44f00217499f24c588adc2d8b2ae9db75808","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.824597Z","times_seen":51,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":372,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/fr.jpeg","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.768Z","timestamp":1781707740768,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/fr.jpeg HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 21 Mar 2025 10:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67dd4174-e12\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XDcRDIYOvGiZjg17V0DWiOb8WOkG73f2%2BS9Har2739KlCWcrcKCU%2Bjg8qqSZa9Zb3CYz53gEqPV%2F9Qk%2FS7%2BNT5cPEHG635GoJGHNJvBwGJHBQW6NuQtWCK7tKo%2F8aok%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cee55688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3602,"size_decoded":2111,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x350, components 3","md5":"45fa53cb752314aaddac3620bb777edc","sha1":"8bc755fc9e6ebc9ac8024b223d8eb65d948e4814","sha256":"2fae2facd48b28bf8f01135fe6769ddf64b8cf640fcba9b1dc0a34e218ab0be3","sha512":"1cad19bd01ef5c2b289df393f556bb2c4b85759d3a149b5ce47020d9f5260163689739fee4cd803847ec4e48d9df160cf83ef12cb713851516605b3a42466cbd","ssdeep":"","tlshash":"7071a53247a95254cbe1aa3df35221a44ac308920403e9ba7e2d44c0af74ff57f2622f","first_seen":"2025-10-09T14:27:31.928921Z","last_seen":"2026-06-20T16:22:07.78138Z","times_seen":8,"resource_available":false,"data":null}},"time_used":381,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":381,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/icon_night.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.774Z","timestamp":1781707740774,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/icon_night.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Mar 2023 06:00:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"640975f1-b15\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I6iYYjSJu7wFFUoOZRFfj6zUe8g2M7ndmm9%2BiaFbWhIMGrDgxxGAiHuJUE65rJhV7N0z4ZSz2AnF0NHfAPEvXbzm1BQWSkUAMoccafFpYnhvjPYQSjSMbFt%2B9oTnln8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3deea5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2837,"size_decoded":3359,"mime_type":"image/png","magic":"PNG image data, 92 x 45, 8-bit/color RGBA, non-interlaced","md5":"992438573332abf8326c5d3beda6cbf5","sha1":"7d1d9f890441fc6f035e81f55bfdec0890e0e085","sha256":"1fd997305fdbb50e6b8c10e34520d0e20fa6c90b37b52eca55d98114597fbcc0","sha512":"3b096ec5d6cfdfb7acdd77bfad48502c0cdbdc2b930c888847e35d22e6353f38fe70b874d9b29eb74930c312bd75a64d3bf036da67c38c79116773c84cb7331d","ssdeep":"","tlshash":"cf514b0adc931c9467a868e755e2817aa8abc450aff0385f98894c3f047a3b64f4f5cd","first_seen":"2025-02-26T18:00:22.734141Z","last_seen":"2026-06-20T16:22:07.800313Z","times_seen":31,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":370,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/table-bg.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.283Z","timestamp":1781707741283,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/table-bg.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/static/mobile/css/mobile.css?v=1781707740\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: lang=en-us; path=/\nPHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; path=/\r\npriority: u=4,i\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RgzCIjMhR6nkCufC0%2BeNNBUw7BVUCBgnPHvapij84hBXKPeWeDpS3pWnXtHw59k%2FUlJ8mucSK5%2FApA8hwjPPMM2IKQtIjS4pcgGRu9XqhKWEW9vzHaUIamiaeHo5ipQ%3D\"}]}\r\ncontent-encoding: zstd\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc70f575688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2189,"size_decoded":1869,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"87186c73aff8ea673084cb0019a039d5","sha1":"64f50c235d8029a1ede45e24a10284a6be9dc238","sha256":"8280a3f3af4c78836e780ed12f87dc713ad8dda50b67c44f5fde8b435e5f042b","sha512":"1b5e0765be2d6844dc2dce3afd9f66ee14d6341e1ddfd4ef96e52bbe1c007a15dd848f13da6e9667e1f4a9154cdb098f9fe225fe58c4d1c258dd9ab02ed14cc2","ssdeep":"","tlshash":"cc4155264182c4081573d4752bf1b608ee36c14b8b0389247d9d53b3cfb974e8a93b9d","first_seen":"2025-12-27T09:19:34.824951Z","last_seen":"2026-06-20T16:22:07.795759Z","times_seen":10,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/i5scroll.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.750Z","timestamp":1781707740750,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/i5scroll.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 25 Aug 2021 06:40:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6125e5d2-6f3\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NgWcIJbOQIS4eSAULM0NoQkP87J%2BccU6%2BwOkdQbZtmv8zW%2BPWwDH56bOg8ZPYxTs%2FBA%2FOV7yRLM%2BuOnNY9qQmFvqbwK65BwpXmXGkLrZf1eudD%2FdbURO7QvIJowN00Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3bed95688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1779,"size_decoded":1741,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (762)","md5":"229ae241044a0a16861b8583b4435079","sha1":"8051376b7ff4f9eb4c40389985ceed910bd8a868","sha256":"00323fb404aa8d1151ba1d3842ace6e1b7dfd723faa7b0402c20bcbd7d93e59a","sha512":"edafd940bd292208de80d57343ef7dba5360bc21f5dd691f24b13d167b15b3f5529bae2735c1d2c67fb23de10ea4b907f7adf371db7d150724a2ee5d1ef82cc5","ssdeep":"","tlshash":"cc3167c47000b636859620b271ab56d9f3398ad7346d881174beb189bd1cdb50d2fda4","first_seen":"2025-02-26T18:00:22.707066Z","last_seen":"2026-06-20T16:22:07.780429Z","times_seen":38,"resource_available":true,"data":null}},"time_used":366,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":366,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/it.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.766Z","timestamp":1781707740766,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/it.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 18 Sep 2021 13:27:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6145e95a-9e9\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IBsthEQ42F%2B47NqIYXAUteF2araHuI2iVMJYMf19aCHxdEUpYuQnHYAjTnUCFakMQGFiV4dmlc2qlpGKq5u6gcPVIGIJ7%2FcEKgh%2B2NpaWmVIRxbQGBZ8bBz%2F%2FlFK2to%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cee35688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2537,"size_decoded":1665,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 268x179, components 3","md5":"6233ec64f3a49d3180070f68bae78502","sha1":"bd768fc4fa4a8a1ba5e02d990bcdce07ca5995c5","sha256":"e936376a5de002470fbfbe87523c7f5127397191ff9e46cf5704c2b85439db32","sha512":"cac5783e474d9eba995d61ce8b7ec13011ba284257db071414ef91cf7e46c577d92349f86a9aca48150dcc2bcac1c02f2df3436a1c780f77c37cb5cbf92a4a5f","ssdeep":"","tlshash":"0a517147efaa47afce938d38012cc41edaee0d225613cb118a4d28f1e31da55bc921e5","first_seen":"2023-12-07T04:32:25Z","last_seen":"2026-06-20T16:22:07.820479Z","times_seen":44,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/lever_ico.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.785Z","timestamp":1781707740785,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/lever_ico.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:24:57 GMT\r\netag: \"63f24d59-241\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xKWJ327wmiE%2BnFO5xunN7meyEVWX1Y%2Ba4459hc7%2BRoarxXgobSIPhmOGktLCcA8ASnV%2B0%2FOGDtBw4CJyzv1CgjfUXUZLZY1Zu4aUA%2BKWE855QmBagj6rVfDKIz4TSdM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 577\r\ncf-ray: a0d2dbc3eef65688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":577,"size_decoded":1352,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"3bde9cb92677c320e336e4718dbca198","sha1":"092c2fc10b0e62451ffd278ffaa37ecc8423ed3e","sha256":"6b8164be9872d31052e48b5e7d3a3f5f464684c7c4c28503008d41869f1186ce","sha512":"ad064b4c5511710da0237bf2642b382a4dd4d558a73ffd2b7e6a44d4016634feb37c8c66d6487b450d33814278d646d5372b380e15f7eb06fa5424a4de58d2ab","ssdeep":"","tlshash":"2af041e74e28f731eae87db04e5285c5a85c334e519720e0c7727126d2e708c005a7a6","first_seen":"2025-02-26T18:00:22.736322Z","last_seen":"2026-06-20T16:22:07.786229Z","times_seen":20,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":369,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/assets_ico.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.786Z","timestamp":1781707740786,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/assets_ico.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:24:56 GMT\r\netag: \"63f24d58-32a\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2jwcC%2F60Mk8faqGVyOE7qe4sm2B3GLlBB1kxIX6ZILmNJ86Ip1g4jjJceKx%2FbwWlmaj%2FX6eWGmtlRiAcUSRrw775%2BeNGZFKEDBOcoX9ayNjxR18%2Fow8DskwtSDfCrtk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 810\r\ncf-ray: a0d2dbc3eef75688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":810,"size_decoded":1583,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"ba5d2f079a74c42c1486936d86e25f78","sha1":"13274a2106e7c46d56c51ede0bfd008588f8d3bb","sha256":"c6467151f233a6a7ef87879997827a216154c6514d9d0b414aaa6d45ca25dd72","sha512":"386db736f8af1f4dcc16a3bd779fecb8773169cf3d9368e2abe4e6bdbacecaf9373e1e0e635ba7ed66599f541aa4b6eb75e57c24e802d184128e87239484408f","ssdeep":"","tlshash":"89011e439f0f4bb8d487e17202720a6fb821106985aea448ace66eb9c22d15d81ac157","first_seen":"2025-02-26T18:00:22.737718Z","last_seen":"2026-06-20T16:22:07.783618Z","times_seen":32,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/css/mobile.css?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.725Z","timestamp":1781707740725,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/css/mobile.css?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 12 Aug 2024 06:36:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66b9ad62-d66d\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Bxnk3grrwDotqgQcfmssqOTz%2B8%2F%2FlVCajZkZuoXusLvcUPjqSWD9%2B5z0%2BzY6IHpkOeq%2FI8dlyEBk28mN0BZEtSaRdBBuVHUQryXfq6dKKvDVO0Vris7JPzvR0JAz4D0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc38ecc5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54893,"size_decoded":15550,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (2654), with CRLF line terminators","md5":"ae11cfddae28918a5a3df9d849006159","sha1":"53063b26dd5368c768fd95de4716e11210facf4d","sha256":"e067df2d95cbb2a054dfa6f4c10afd78406adc3d67b4115239ce1adcc77fa688","sha512":"1fe6cd9cdfc3f4ee28614edab84ba9ff69706df4843c5d39f75fb6785d369265d472cd8f9bd989b2f9e4decfd6fc80acbdf198271314edc8abcb05d8da74338c","ssdeep":"768:AnruzC8tW9NWOrfIakYvUgCGlx1QbszS+S81rC:AnrffhkYvUgCGlvQbQS+S81W","tlshash":"ff33967ee601110f7237ec94abb91b62ee6c40538a0702f9b5d072598ff396459b1ece","first_seen":"2025-12-27T09:19:34.841285Z","last_seen":"2026-06-20T16:22:07.778163Z","times_seen":7,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":495,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/ru.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.764Z","timestamp":1781707740764,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/ru.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 18 Sep 2021 13:27:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6145e95a-b07\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E6PLwlGZlsCcgW8WoZvqsMII0%2FeDZ3N60rxDGd%2FuHnZ1d5%2FS%2Fn5VaMcUYb9dVnbrJpDVIfldtAZLLGhz3Cwo6KEnrpGxKb9kmFBvAWuegFuOFr151%2B42sknkC7YcJcM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cee15688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2823,"size_decoded":1330,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 47x47, segment length 16, baseline, precision 8, 268x179, components 3","md5":"bf6ba80ad73b1536ca1eaadcf1e6d7ee","sha1":"3655aa6557d155cb171cf75181ff885d7024561e","sha256":"1ba143597a6f749bd4bd2234bf37a6290df1adff1efe8cee9907b7233c6a8b26","sha512":"fb74f5dc8d38d00af7e869a264279a5137b482a65b011f9cdd9d3d3a59acd46fc9913cb9194feff203b147e6ff536af8eab15a16c88c78809df5bf123ef7f1d9","ssdeep":"","tlshash":"be51256eddc17f89db60ae382079a402b2c745ef8d53679c70466e04ee17ab7140ef82","first_seen":"2023-05-22T05:59:44Z","last_seen":"2026-06-20T16:22:07.770264Z","times_seen":59,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":360,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/es.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.770Z","timestamp":1781707740770,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/es.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 18 Sep 2021 13:27:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6145e95a-3c67\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4wKIeEvpTTSojJoXxQrI6YimDZSa7EBRCwKZ1jFVn%2FyahRMYHcpdMPS7vZcukJp2WvcOL0cOJ2OK8uzL3pwMjXi%2FtnX9YTqg6UgEL4Dn4tU1qt3FzXhNIPuEwfMMM5I%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3dee75688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15463,"size_decoded":13598,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 268x179, components 3","md5":"35de101110393991d1486fb365dca772","sha1":"e0036c50986cbe02fb5ae8bd22c0ea07ec07f239","sha256":"4f334804d147596fff52198529e6c088a691ed2c1b9eb38fef5d04df7d26f888","sha512":"d5a2f8587acc18d8e046abae2afdb2013f969917bbe04e6b2c6c561fb0c4c6afd13e181e292ea2e22710a673bff6863f5564ab982595ae8f047a4541e869bc70","ssdeep":"384:n7777/9iiHCAVqqiY1+BW59m2lqhZluhJNycIxCKk1T:n7777/9lIe1kublelu/Icl1x","tlshash":"ed62ae658f7e093afb012b7897fb681d8c46adde4d0ad84c246704fdcc25941e8d6bb2","first_seen":"2023-12-07T04:32:25Z","last_seen":"2026-06-20T16:22:07.806615Z","times_seen":16,"resource_available":false,"data":null}},"time_used":461,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":461,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"wss://btcusdt.cyou/wss","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.500Z","timestamp":1781707741500,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /wss HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-WebSocket-Version: 13\r\nOrigin: https://btcusdt.cyou\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: P2GaeH4VXRQsyjRrT+2/Hw==\r\nSec-GPC: 1\r\nConnection: Upgrade\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Wed, 17 Jun 2026 14:49:01 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Version: 13\r\nSec-WebSocket-Accept: 7juRNOge96WcK7SBNPhDtXvq7JM=\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=cEnHqcbynv8v9ELUclPS2sL7WgW54vphP8wdtALCjUY9rnT7OrAZbvmSVbxVocYnwGKIiH3JRAxqINUIefG8fPbERJjF%2BTUOnUyAsqCw8RLy721YRm1EBFHjBpTZskI%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0d2dbc87b6b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1066\u0026min_rtt=1053\u0026rtt_var=236\u0026sent=5\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=3193\u0026recv_bytes=1395\u0026delivery_rate=3394378\u0026cwnd=53\u0026unsent_bytes=0\u0026cid=619f66df3af81038\u0026ts=434\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":829,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-25T17:14:34.064319Z","times_seen":16715339,"resource_available":true,"data":null}},"time_used":461,"timings":{"blocked":0,"dns":12,"connect":13,"send":0,"wait":430,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/carousel.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:02.188Z","timestamp":1781707742188,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/carousel.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 31 May 2021 05:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60b477be-f16\"\r\nexpires: Thu, 18 Jun 2026 02:49:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=00v7RThAHW%2FivKYEmfh8%2FvepHopTU%2F2vP0%2B9OnbgbjgXbawUuXUQ%2BUOOIW94Ydm9Y3NfjQ9hU0bqeOVJ4tw%2ByCr%2BDEZIzw77VsPjZvVRmDhznVb%2BBTw30ABRte0k4Z0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbccafcf5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3862,"size_decoded":2281,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3805)","md5":"f4b94959b4b5ad34cdc1dd2c12a6bd1c","sha1":"303a72c6380c4277062e85eac689d1dc5ebc60df","sha256":"ec7b67ac49f660eae790c97c9e47fd86973a01478947c603f458667fb322351c","sha512":"b4d24dd32769ad42ed0d4e7b61b80c0ef9f41e9d001a48f5bfd3a328e58e715724a2df8bb97e8078e6b1fc44be5ede4b53233f987578eaf9f3d6e0a3ec936831","ssdeep":"","tlshash":"d7811181775f386741972453935f4c0896b719ba9b06d054f2a264fa6dfbc88223eb0f","first_seen":"2023-03-10T09:41:51Z","last_seen":"2026-06-20T16:22:07.837271Z","times_seen":78,"resource_available":true,"data":null}},"time_used":125,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/topuser.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.757Z","timestamp":1781707740757,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/topuser.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:00 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Mar 2023 06:21:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64097afe-54e\"\r\nexpires: Wed, 15 Jul 2026 11:54:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nage: 183267\r\npriority: u=5,i\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SrmtJaaAPP0woS%2Ba5eXPuXNsHyRl3f7sBVGlzIjnxjg8nkeJ7rz0uMqKRQTQmkk%2BohYxC35Oe4ArHRm6W9fGD67dkTyLQmLONObAtmcJ9VM8Nqy9bj1hYY13fjZqWeg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3beda5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1358,"size_decoded":1859,"mime_type":"image/png","magic":"PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced","md5":"798ee5b7c48089f973d2334698f394c3","sha1":"e33c49825cb86f1454b47790559731f1a4dacc5f","sha256":"76a3cebb81c441ab872f0649c21e064e0ceb32dad5a6500b9ec8342b5fdf3bbf","sha512":"adcf452d696b6ee76422020052a7c1ffd7b15914e292afc32c2fee0cbee6c438ec69936cd990bc7efabba6f5e5d8997e9dab66ed9faf894c0e5c71dd2be40546","ssdeep":"","tlshash":"5621834ce9c1a981446a658778e76023991a4c40a6e0e09b6cfbc0af08914f4d56b89f","first_seen":"2025-02-26T18:00:22.732774Z","last_seen":"2026-06-20T16:22:07.819181Z","times_seen":33,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/hk.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.761Z","timestamp":1781707740761,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/hk.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 12 Sep 2021 07:19:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"613da9f6-5f0\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R6MXnLK%2Fe3hKo7Z7MJXUUmi5nuZjz7R6nYaVsdk6d13CtV0d%2FypCWDVo5oYrxnkBV4u8trtYQAH7MZduo6i%2FXv2CHXE02sx5sKKMtP3habTk7cBNzwPQs7EdVlU%2BUVs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cede5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1520,"size_decoded":2325,"mime_type":"image/png","magic":"PNG image data, 49 x 32, 8-bit/color RGBA, non-interlaced","md5":"199fe88db3fdff594016f2344256f05e","sha1":"e05d0b865be8418dc92a019a2b90e61bbbf315c8","sha256":"417a37b4988d0520ea83dc2c570100c6a7a86dbcd5bf7ca1113659c38d5101d9","sha512":"4992cda3d76d807af483a733d670d7a3b5e866c5b61442462247ecec75bd4e4d416bbed256593e3b58dba94b64b5bd83ef6147aa83275bb986ea2d68e47f2fe4","ssdeep":"","tlshash":"0031f9e7cdb29da0c07b0671383af59dc4331401a5fd0813ea1a056b69a001a7cfeddb","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.784468Z","times_seen":303,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/notice.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.772Z","timestamp":1781707740772,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/notice.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:00 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:24:57 GMT\r\netag: \"63f24d59-21b\"\r\nexpires: Wed, 15 Jul 2026 11:54:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 183267\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2qBixdzBgyrNbZ1oCUJaVoOAroskgjRU55rqaOqN%2FVkHDv5xGf6qtHzf%2F0GSuKJdlvtOljpQEnQsqQVu27OAhFBd13L96AzZ8DvYnlyLKgFinndiBwehA%2BAJQrrDBgU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 539\r\ncf-ray: a0d2dbc3dee95688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":539,"size_decoded":1320,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"7891a0219f54f843fd5d8d8a33426825","sha1":"fcd8d245752e3c7c9ce5ab8cf1deb5e1aef29682","sha256":"660da6387b18b407a644cc8586b438d93d5843a3463442cb489c67543cd297b4","sha512":"818d564fe544d35dab7e644dbf67395690fbbb800b480935c20a3582e19b71fea357de54dc5bd4c724e6fc96485b1626b1ece0388e584c9c2aa748d5f9e1ae89","ssdeep":"","tlshash":"d9f075432548513697afa07feae336a1bf26373a7f01c4aabd44c1042f6f1664cd0b29","first_seen":"2025-02-26T18:00:22.730452Z","last_seen":"2026-06-20T16:22:07.80493Z","times_seen":32,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/img/banner02.jpg","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.778Z","timestamp":1781707740778,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/img/banner02.jpg HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 18 Jun 2021 07:20:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60cc492a-131ea\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I6XCcmk6aM8%2Fq1NlEK4Lk8oIppUzDjzKqxz5Qab5i2jYbibTapYKcEJUd9JonzOvonkw%2Bwd%2BuV0lSlAPnr4bela5A0m6mZhMftYS377X2j8WqxyZdtcYCskIO2UI3Oc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3deef5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78314,"size_decoded":78785,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x350, components 3","md5":"51f9114ed308eee0fcf69c555cf676e2","sha1":"a240c907140cc3ade5112bde6cf8299a4ee49ff3","sha256":"ac2ba8caee74e739a038c1bd1e2d7f7429517974cdbc6b71c9c6463420c22613","sha512":"62358e1d0496fcae7c00ee1c0ba40b7f0d0518bf3ae04aa31219a8ff99f2b6c01abc46e790e7ef0e9f3bad0a645dbc546af8ecedf52c70b1a3bf62f515189316","ssdeep":"1536:WOh6yDj4ItcMUjqHanze7/27Uk2VKIeXxzOtNflujqF:3LDUgscuQP4LzqujqF","tlshash":"80731205bda2a356e597f22a4673b8d9a2dd43523fd4f87608ebdb165240cf04ac217c","first_seen":"2025-03-04T20:41:38.89197Z","last_seen":"2026-06-20T16:22:07.776528Z","times_seen":27,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/notice_1.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.779Z","timestamp":1781707740779,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/notice_1.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 11 Mar 2023 15:48:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"640ca2e2-84b\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5uRD4RNq6%2F67iH4s%2FhG7x5R8v6utH7DkWbeYGzlr0sG4vgRPlpH3cG91OBfykapV%2B%2BLSThYF9vPwcbielB9WcD%2FoQTBEup35zMs1k4FwRRzQysbCxo3%2BnZFCSNmVMrg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3def05688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2123,"size_decoded":2226,"mime_type":"image/png","magic":"PNG image data, 29 x 26, 8-bit/color RGBA, non-interlaced","md5":"3d33a2acc4a695c388156dfb3b17a2bf","sha1":"17a540d26242e1fef6f9f5bd868d83f219009341","sha256":"9425f5977651d844092cb3dea8a101a38430bc8230e2dda6395bb653b75e2741","sha512":"a1c0d67fcf5f1474de1b3c331e13d3a078047b25240ef484242cf964a359ead14610967576ca8c7ed109b196447def6bf58d5139627e1916e0bb63266f254a2e","ssdeep":"","tlshash":"0a41e949fa90bc415848f686fde1b1a716178ac4de92d880aceb881b68711f9cd0d8db","first_seen":"2025-02-26T18:00:22.732052Z","last_seen":"2026-06-20T16:22:07.793933Z","times_seen":38,"resource_available":false,"data":null}},"time_used":376,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":376,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/script.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.739Z","timestamp":1781707740739,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/script.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 29 Aug 2024 17:18:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66d0ad7f-15de\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iNvMkBnHcX%2Fr%2BOCAr6hc0fSjl%2F7tidImRoesK3Jg08dRJz4kFrq9uyYEakU1vSrYMNizpSXfXzXmFuvAi9CR6mZUGkOVPMQ%2BGM9SiiR2aaHMWADRA%2BJbD7InXCp4CTg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc39ed25688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5598,"size_decoded":2946,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"deef8be6b670a53c57b70a8ec3558005","sha1":"f7f58cb8d63946b163175863e80694a689e3bbea","sha256":"8b044bdfbed2cfcb7d4500c41732982933c8c29735db3cfb8ba8eb9c912efdaf","sha512":"ee7de286f90ee85f61126de877a82f40c26ed08ae1a40a6312566317a7040294b08853c687c8a29ce08e0ce979282ee5347d7285b56549fed5e2b650f296876b","ssdeep":"96:kZwO1qKbq7GqR4qA8jt8jpTtWo6/Avx3CB0QPiU1QzGwfgj:kZf1LbKtmijujNTvpCB0QPiU1Q6wfgj","tlshash":"4cc19624f53d36289272317e0cdf5155b03d4179190b8846f86dbaa81eb4f2f0eabde9","first_seen":"2025-10-09T14:27:31.943822Z","last_seen":"2026-06-20T16:22:07.839199Z","times_seen":8,"resource_available":true,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/clipboard.min.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.740Z","timestamp":1781707740740,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/clipboard.min.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 17 Aug 2021 08:01:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"611b6cbc-2780\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RY0DS%2BVc0yVs%2BASkrLqhJijEiqL0HjTTdZKdB9u33M%2FRzrdIoeLaLVxNQ9cdIwFJXVaNW%2FM8an0MFed9hO5IO83%2BiPj88c0vppGZNmuUDNn6DeyV1RDYra5m5LWD3vA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3aed35688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10112,"size_decoded":4400,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10002)","md5":"aa7c9d74f567a8877522f816d7c387cc","sha1":"d79bfe29e732477cb27598dedff9495ddc05f390","sha256":"6717dbf025d81f537cc639903fb560e01912c0467e8da579fcdf92c6f58f7a65","sha512":"da4a20fae935b42cb957a322479c0e779835b37291c6ac8cb41f300dde796847897f788e849ff6153a32004cff087615d37f9f2cb8aa5751cdb1b8bab2534b16","ssdeep":"192:q0Z14dOk1XSHkKpI/230xlH3G4Ly9+vxo53CoD87JxKllkvc363Pw/3JyUZu5MpL:HZCQfI/wsXCz3rbllC3P83JVu5/Gz","tlshash":"6122a68cb29071b156eb50ba802f420fb271c42db06e40a8b21de8f56c7de9d4627f3d","first_seen":"2023-04-08T01:19:22Z","last_seen":"2026-06-23T23:35:23.942904Z","times_seen":2210,"resource_available":true,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/img/banner01.jpg","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.777Z","timestamp":1781707740777,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/img/banner01.jpg HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 18 Jun 2021 07:19:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60cc491a-1a897\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tBlC5nYlm3WaeLtBYZ95VHCyxgoEwka9pbMvLOn8wzFTqF5WKss0qoCT4mXpLK8a6t18sCsEQEZ9lFRVgweG1nNr0CCdzhIbtYWV4x3M%2BZOpyTVV2C5egrtih4ursGo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3deee5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":108695,"size_decoded":109176,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x350, components 3","md5":"6ef98fff6f735ff70faf32b5a0e037a7","sha1":"d340ff861ecef41b345e9486c3e4f556c142ed45","sha256":"6214403b99554ceeafdfdd7dbe36c036230b77e82167eb6103b7196173abd8bc","sha512":"cb3c78a8a6c5dfb279370660562347dd70f89622c41ccfb77f957f336b6349ae4690794b34ce41399c3cca1c783c49dd56fb77cdcda0d8ab0783d89e48722e09","ssdeep":"3072:wxe9Cz80ti9ey46BTNpYuVbYYuqAI3xDEmPV:wVQ0tMJpYuR5lGa","tlshash":"47b312eaf357c1c41468217094a96f8bd24d84f64474fba529c28dc8fb883e9252dee7","first_seen":"2025-03-04T20:41:38.861135Z","last_seen":"2026-06-20T16:22:07.779686Z","times_seen":27,"resource_available":false,"data":null}},"time_used":683,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":463,"receive":220,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/plugs/layui-v2.5.6/lay/modules/slider.js","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:02.153Z","timestamp":1781707742153,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/slider.js HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 29 Aug 2021 07:25:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"612b365e-1bb3\"\r\nexpires: Thu, 18 Jun 2026 02:49:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U9JRywixRkex4pwLnfJ2baMtR1OwV5f0SnqsVq0kd7lFZlZnXkKAu%2FiIHy5OXDft43lgnuio1edsj3WX6l4luSzjHC2jWatCZFk58UZjLvDuijnYL0Oz3QqqxU7kpSM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbcc7fcd5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7091,"size_decoded":3462,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6929)","md5":"6c35742db2e72cd4f30cefa23690ecf5","sha1":"b50d4268f547cefd984c069d276c956feef395e8","sha256":"2fdaaa9935b2d19fb54e0798e6e42fc3528d1b2772b46b9aa8731b1ab6947609","sha512":"44d0ab3649b35cec891738e6eb4f28d1857fcb900e2369b9395ea54854717108268c8ce729591923fb094cfe1b34dc0f9b2e9bf35b17b77f34c479ef80deb391","ssdeep":"192:z8Syuw2bmz0DLKypMjYXVp5D8IlM/eq9zwtyd4UduKN:z1yuw2UOPSBMj8/","tlshash":"53e19615314ab5732172c263b59fc84eb2f20779b303c564a6a540a51ebece82b37f63","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.771646Z","times_seen":117,"resource_available":true,"data":null}},"time_used":348,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":348,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/user_recharge.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.775Z","timestamp":1781707740775,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/user_recharge.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:37:37 GMT\r\netag: \"63f25051-1b3\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pE70XDL9NNVXMQxrjs4BqtNH188fE%2Fh8yXgX8%2FlJj5fZRHfB3WTOjjm3BRbLBaz7viKfS5gxeJ9Oiz5Ios2E6ZiEWGzHQ2nfUSS3CXko3irfqEcl5vRRLsK0TLdrxqE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 435\r\ncf-ray: a0d2dbc3deec5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":435,"size_decoded":1202,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"629caac7156bd72c571289dab0b11043","sha1":"7b47e3b6f463461dc8f77d8c8905921fcbe19f5d","sha256":"4c20009cb9dba53afe93da3f12c2c69b9fc9121215064a268aed7536ad799969","sha512":"f623a92d7cfd810a3c23579740969cbec7574d7f9c76b7921df12d7a67af05642fea82d44e406af6fe73a38fe751baf2c1ab1934d810107e3b4f7a493c494e8f","ssdeep":"","tlshash":"f1e023e743433d5d363a8a620c2d2414ee230b4485a678049c2b7739648b30a735c703","first_seen":"2025-02-26T18:00:22.718535Z","last_seen":"2026-06-20T16:22:07.774805Z","times_seen":40,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/css/style.css?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.723Z","timestamp":1781707740723,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/css/style.css?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 04 Aug 2024 05:21:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66af0ff4-5922\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=61F2z28A%2BaTcG5csfBkt3qfFAEF9Wq1WRzZOF65eYcuEQY78GHolLO5UA6S4Y13Cll0VbG4kH0R4dZ2jVpA6AtEWSCj401C77WBDBYQ9O8QzCayqedCu4jmNHr0tFO8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc38ecb5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22818,"size_decoded":6810,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"ecd547b42d982490217cceb7a1c97df0","sha1":"a53f8c84289ea7a5529ab8dadd145fab2c3c7353","sha256":"210c7c8e42008963ab579f9d0096996f8a99b828a1d95fe169125570d9ae8ade","sha512":"819f4abf4669c8f86bac8f9a1c2fe3bd4dab528a7c0a8b7d412eb81159d4e89814a4bf4f1414f9d4f9ed3ad15dc976823871991e45429820c76f40e5a3005908","ssdeep":"192:MI8pnCzLGbV81/uGzsYyh4OKImsk9Lz7/o7fKaucG5jjo4CUY4o+hnMD6rFd1Vdt:MfC681/bzsVKFHo7IcGRDfF+ax/F3X","tlshash":"4da2842777021c4ab116d0b6ee6da7b1b33d5413a94f9eb4f588312dcbc089590b7b8b","first_seen":"2025-10-09T14:27:31.925318Z","last_seen":"2026-06-20T16:22:07.773037Z","times_seen":8,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/css/dark.css?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.729Z","timestamp":1781707740729,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/css/dark.css?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 13 Jul 2025 16:06:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6873d986-228e\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I6HXS9JIE%2BAjqtFo17RjXmaRuL5mAjd04G2fEIF%2BEFfOWnS6laYz4K8zo1NJXggInxzUZLIuztqA%2B0OhvIQgqOR%2BEDCu9GAqgWco8kKUTW7jjQwgRA1nJDX2Tb3YsFo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc38ece5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8846,"size_decoded":3542,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"628b984d29df2fdb7ac8cff85e4ebb29","sha1":"d6c4f340731547a5f6178a517663c229220decaf","sha256":"4c8c56f12f734f5c58c6e13de5209d426b8d86056da18e3aaf67b986ca06a0b8","sha512":"c1f9e0da51aab1b398f3ccef8ea0ec87964c652f9d99c93b1dfa9564e1a2d895c9bfeb38c5190722109d591fa04c731f2ab69522c4db7c93fecc7c3fbabbfff1","ssdeep":"192:OTH7ZTnpctRh4b2lXHBUAXHxbrUPkzk8y:opc7MkKWy","tlshash":"6b022f13e2571c8b7017c0f91b2ea271a73ca063980e5f7dfa68b1f95f858d094b6953","first_seen":"2025-10-09T14:27:31.962564Z","last_seen":"2026-06-20T16:22:07.808415Z","times_seen":8,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":372,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/js/index/d3.v4.min.js?v=1781707740","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.744Z","timestamp":1781707740744,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/js/index/d3.v4.min.js?v=1781707740 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 17 Aug 2021 08:01:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"611b6cbc-36305\"\r\nexpires: Thu, 18 Jun 2026 02:49:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FCdA21fxDX88GPHH%2BhBO5akaSUEDJFMCL0AC%2FMLvDEPx58V2sqtZn8eC0UR6K0KplYPlZD85xt7r%2BetzsjszpUGa94Y28uvB0E9kqRkuQlSBrodk14HP2Wo%2BdkRrWaU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3aed55688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221957,"size_decoded":83261,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65471)","md5":"e899651bcf1a3591032d7213daeab171","sha1":"607e02087446eb2efadcbee253db3aca3d794a7b","sha256":"8585db4092b8a9d26201e0d58e343d1b40fa034c4b9c343878923d7649bb1699","sha512":"44927534d0bcf1084deddc29098f2b9bfe8ec48f987503f8f03acb19efde48077e9feb353d7c10924a73cc082825ee1c6455b61802d0a31a31eb5812636c907e","ssdeep":"1536:wJdNAq50g6ds5VIG2pUfpgBU3gPDSb7+CmeoA08h6Vh5Lbg5ECfmDoo5rfIrTGE9:wrN3F2pHSYlyLG1sVAupFmuFyiI7R6","tlshash":"092494ccb682b096936320b0417f244bf33b2d59684f4568e029e9d97c7895e51bbfbc","first_seen":"2023-03-07T21:28:45Z","last_seen":"2026-06-20T21:32:59.911971Z","times_seen":435,"resource_available":true,"data":null}},"time_used":638,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":113,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/ko.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.763Z","timestamp":1781707740763,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/ko.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 12 Sep 2021 07:19:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"613da9f6-fc3\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vmx9K5Eg22umV14IG9HDTYILx7g7H4S%2F108pgCJ3MXERHtRonu77879MkQrN3S1v4DnuF8hs%2F9I9qcbVgsgqyka544CVEBexQDOCT7MjYpLWeP90NjToMwwHrBJWhlo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cee05688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4035,"size_decoded":4707,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x133, components 3","md5":"08db97ed0363573d61eaa015088a2559","sha1":"ef309a9c508819cad0ff80619210513f9671c441","sha256":"386bb37ce7c7097716e95618a789d011a08ff3dbc519d34a5642c5dd0c398eca","sha512":"8ac9d23f79a5c7aaa8e52a84c68f63857fb4bd93860c42d0b12364f19f169e83292bb765f22af092242b29ec61901f56e01daba863acc433998d58e9b3798685","ssdeep":"","tlshash":"f9815d937a97ce83ff28da7540a3106027da405262d787755aaeb47fb1acfb59812420","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.809319Z","times_seen":214,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/trade_ico.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.784Z","timestamp":1781707740784,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/trade_ico.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:24:57 GMT\r\netag: \"63f24d59-2eb\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QOCnetD%2BUWHNfk5DrcnIBzRqF95t5Lo0iaWwKDrhMDM34nVKkGgQ6KoW3BtdyYPIpV5olkEC6bOeOEnUxt%2FJUU0nHKaKelitH0Hrt0XM%2BLGWQZOA0ZU%2BakbqELh0cc8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 747\r\ncf-ray: a0d2dbc3eef45688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":747,"size_decoded":1518,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c78b2ebdba6ac4df3c212f87fd3ad214","sha1":"05cc82c9e1479ee776fe6ceae215f81071ec7774","sha256":"b39fc25e77a1862f3c1eabf08ce622091abd0326dd0a0fe61bda5277caf6074f","sha512":"052edabc101f1270f1c6b9caa892441bc611070dbfef0f172cda2639cbb00dc80c4e602e931e10ce47ae72973a824ebfca3bf04252ee1ce650d7f3a830c4b035","ssdeep":"","tlshash":"f9016593f31187a48d282faceb7f929e2831e9ded752e724158df220c15b406606630b","first_seen":"2025-02-26T18:00:22.736926Z","last_seen":"2026-06-20T16:22:07.782671Z","times_seen":21,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/en.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.759Z","timestamp":1781707740759,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/en.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 12 Sep 2021 07:19:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"613da9f6-740\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wun5a%2BU5YrU9SWu23QQspjRf48NQ8908TT2UUVrmBbKOxipQ97%2BrUFz6e%2B6jhnVJeOg1WJIeHt3ux2tkStJvE559DX9Ym%2FlCLhm1KhWytlXvtyFAsJWAD35z6PiDZaM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3bedc5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1856,"size_decoded":2656,"mime_type":"image/png","magic":"PNG image data, 49 x 32, 8-bit/color RGBA, non-interlaced","md5":"19e8aa640b1d129c94e299dfd580f210","sha1":"ccfa030c16120a11d224fa1ba72afd55f0776523","sha256":"7385aee2de7d89a525b33e6ff1e8c1246de9234fcc7346f5877ee7d3301f8ca1","sha512":"6ca9e3f44d4ce8a0f7734c8f814138fe54c3224f08905a6e0634f36f1c4de6ecef43281df8a7b29f473300a1096565b148ced5e51fb23b050457c63714af11c3","ssdeep":"","tlshash":"e4311bb469a26052fa5e2ad4be1045df4ef89c0605d89251e60645e13c9eef19f0c437","first_seen":"2023-05-06T18:37:16Z","last_seen":"2026-06-20T16:22:07.821989Z","times_seen":429,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":372,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/tr.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.769Z","timestamp":1781707740769,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/tr.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 21 Mar 2025 10:32:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67dd4058-b4f\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=5,i\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hx5vrXsBdYAYQD73mJwUVR9vpe%2BEZ1Wf6gwHb90TJMa5U1%2FRLqM6%2FUKbtkWt0HxD29%2FHDkhVBx5YMDQg2q%2FqUYxC4kpsj65E%2F5K7KkJPdEizzLz9dc2nH5S6eQxTirg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc3cee65688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2895,"size_decoded":3612,"mime_type":"image/png","magic":"PNG image data, 320 x 214, 8-bit colormap, non-interlaced","md5":"97582d82eb90615dba006f36def639a3","sha1":"ff0e2e1193a6cd1c7c46c5e85350bf36898c2e76","sha256":"f3e9b9a36c38e34c48aa1c3b331e9cb57951b96d36f17ef045a750781c760114","sha512":"bae1a9011af7b0ca791b177ac67da4b4b16821e27444f90ee6839cab8e98e4f1af3b8777e3cf139d3c8d38ec99e792b2a3e0f5744202c505675415eaee4af6f5","ssdeep":"","tlshash":"39513afbc6b1f674c9a18a96044393e3cd5502a783ff8990f8a7852b5dda68325843c4","first_seen":"2025-10-09T14:27:31.976548Z","last_seen":"2026-06-20T16:22:07.768055Z","times_seen":8,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/lib/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.318Z","timestamp":1781707741318,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/lib/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/static/mobile/lib/font-awesome-4.7.0/css/font-awesome.min.css?v=1781707740\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: font/woff2\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 17 Aug 2021 08:01:02 GMT\r\netag: \"611b6cbe-12d68\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sl%2FK7ggi%2FXBCjbvVTkvhr%2FZz8R0pC5Aa0iHIkRVnbX86BZ%2F2aDU7BXrdS0RvQ5KuDm9DeAYSl6ZR0DbTvKqheySbtm0sYkprSBqXPX6Z7LyE%2B9M%2Bs1yPkhMMtnD3jpI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 77160\r\ncf-ray: a0d2dbc73f5b5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77160,"size_decoded":77901,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-06-25T17:17:53.346255Z","times_seen":502457,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":480,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/index/images/de.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.765Z","timestamp":1781707740765,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/index/images/de.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 04 Dec 2022 20:43:40 GMT\r\netag: \"638d067c-9a\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GeXP3hgGNje0zHjvU3F%2Fz5w3QRKE9lxGJY5eEjXPbjIQ0JCDMcLdzJrqOUih1sdTKAz%2FQ3BbJgD37x5QjPujHctlsXvLZtik7%2B17kWF38IIW7gJqSr1xrqEk%2FPemIyo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 154\r\ncf-ray: a0d2dbc3cee25688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154,"size_decoded":924,"mime_type":"image/png","magic":"PNG image data, 92 x 92, 8-bit colormap, non-interlaced","md5":"72a365a37b672f5a20da4f8f0880e857","sha1":"1d395668bd5404aa8b26e4d9586d1129798e5f21","sha256":"3da97ff56eb98940e046126ce7c727856df8722c833128141d15c640013675e6","sha512":"7b828444c21dcb95b151bca6b8d30a8466dee73019ec8096d04f85ebcacd6131480c2cf83885559d251be96da019f74a84260109760d3dc57643624281eea934","ssdeep":"","tlshash":"f1c08caeea8928a4c34aa1b21b781c349907a17ac1a49222a085981c1d1a1281486aa3","first_seen":"2024-08-20T10:15:14.338399Z","last_seen":"2026-06-20T16:22:07.788051Z","times_seen":56,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/imgn/Dark/seconds_ico.png","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:00.780Z","timestamp":1781707740780,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/imgn/Dark/seconds_ico.png HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\nlast-modified: Sun, 19 Feb 2023 16:24:57 GMT\r\netag: \"63f24d59-3df\"\r\nexpires: Fri, 17 Jul 2026 14:49:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8tlwdNEZOsDi6UVS00we2DL4d1i46%2F1ojdHgwWb5qci7XgAv73eXsmMSUJyEwtLiwhlsBDDQ1oyXu%2BfUsTphe6IAd9zM4DCGGzZP5o7IjSqG%2BorQnIEiFU5f%2Bhr6010%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 991\r\ncf-ray: a0d2dbc3eef15688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":991,"size_decoded":1762,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"eb5a8645a22737bc2a96e6fcc99a2be0","sha1":"ddc67712433fda0e165540b3a541b2737f88ef73","sha256":"4b03282e4b7af9c6e0be37c2ed9c984558de3a5d1ea1be9ce76aae92177a4c58","sha512":"aa97e017f03fbbd4385ec3c0487c90f60e50ad54ab4e95b5ae7d48ffb7b9412edbeffd0300aa49326098523a68c93e70bfb722db7230ac0025a5212e7e5fd54b","ssdeep":"","tlshash":"5111ccb32109ce31bd7dd62ad536379486250eb56703706ca0f99030b4d204131cc963","first_seen":"2025-02-26T18:00:22.717741Z","last_seen":"2026-06-20T16:22:07.833057Z","times_seen":10,"resource_available":false,"data":null}},"time_used":383,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":383,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/static/mobile/layui/font/iconfont.woff2?v=256","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.319Z","timestamp":1781707741319,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"GET /static/mobile/layui/font/iconfont.woff2?v=256 HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/static/mobile/layui/css/layui.css?v=1781707740\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: font/woff2\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 17 Aug 2021 08:01:00 GMT\r\netag: \"611b6cbc-656c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zCFP7w4m5egs9gX6AHSrQzkawykqruhGK0gzOUP6NnbMAvTyMNX18eXJRNpew84kvisQ%2B9diXLPYFVHJU3xn%2Ba6L32Frb%2Bfn4ZRDPX6%2B%2FNUvtwIyDDeHu5gQt22pYrw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 25964\r\ncf-ray: a0d2dbc74f5c5688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25964,"size_decoded":26702,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 25964, version 1.0","md5":"d8c214c89e33a7bea93d656bd865e869","sha1":"c188dbfc6951b7c305940ac3a279227aeb5617f4","sha256":"bef73f87b8a3972427dcece922ed8f59d1d01c4a3fd572316efa70de9aec9c09","sha512":"0e5897c1b874a714fbab221e97717c5bd8b6c525b539a24eca76391206f931abf5cad2441743c441239ca2830f3fb33c34d207e13ee4d1eb3eeba806763f8405","ssdeep":"768:4kZIXl8feK5HavVh7VQB+l9yDbzKu1eNxECo:4kZIV8fqxQB+l03zdeNq3","tlshash":"fbc2e1c340bb8ab8b077783c6a9e96b9d51134261dde919427cc096043feb49eace701","first_seen":"2023-04-14T13:17:16Z","last_seen":"2026-06-25T16:41:57.568631Z","times_seen":1011,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":111,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"btcusdt.cyou/mobile/ajax/findcpm.html","fqdn":"btcusdt.cyou","domain":"btcusdt.cyou","tld":"cyou"},"ip":{"addr":"172.67.214.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://btcusdt.cyou/","date":"2026-06-17T14:49:01.508Z","timestamp":1781707741508,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"btcusdt.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Jun 2026 09:31:17 GMT","end":"Wed, 02 Sep 2026 10:28:38 GMT"},"fingerprint":{"sha1":"B2:AF:40:55:99:3B:CD:4D:99:CA:C0:3E:80:B2:FE:3C:04:26:7C:02","sha256":"4E:8A:D6:50:53:7A:15:E9:1D:0E:76:0A:32:32:98:AB:AD:E2:B3:1B:5B:01:BE:D2:70:88:B5:BD:35:3A:C1:16"}}},"request":{"raw":"POST /mobile/ajax/findcpm.html HTTP/1.1\r\nHost: btcusdt.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 16\r\nOrigin: https://btcusdt.cyou\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://btcusdt.cyou/\r\nCookie: lang=en-us; PHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; SITE_TOTAL_ID=78a6cf98bfd03eb1b63b623a9179eadf\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 14:49:01 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: lang=en-us; path=/\nPHPSESSID=37cfc15ba7d8d80546d3a84b3e559b31; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JVDlvtP3T%2B7oILcCivQuVHNv7TEVVttZAttr9VOZQmFEY2Dn3KdxYMh5znrxoKHsq1x9kCi8VNQpOwy5KGXY8597uaMhe6NBZ%2B%2BQmuQZ8ErE4WgcP9D1u7wozMX1wt0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0d2dbc87f695688-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10,"size_decoded":774,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b9e754add75d51d888ce7585dc9dfe41","sha1":"0fd53114199a1a46e887032b7efa05f1fd74c807","sha256":"7a97b9b4d758a3929b8a2be53fbe189c9ba9378d6fbb8190d37f7cc14f5cf5d3","sha512":"6ea97d926607e77cda3275af2c3ba966fd45c1d4b4aa97b53d63a718f0941d93c1d4e67939885740dc6bfd59a0021ed049073ddfc61cfd0e8a5553efb449b539","ssdeep":"","tlshash":"2f500000003c000300030000000c0000c33f00000c0000000c0c033000000000000030","first_seen":"2023-04-06T21:01:20Z","last_seen":"2026-06-24T23:17:32.587506Z","times_seen":5338,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"btcusdt.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}