Report - betqiuqiu.com/

Report Overview

Submitted URL

betqiuqiu.com/
IP

23.254.132.245

ASN

#54290 HOSTWINDS
Submitted

2023-09-22T21:26:57Z

Access

public
Website Title

Website Suspended Contact Hostwinds Support
Final URL

betqiuqiu.com/cgi-sys/suspendedpage.cgi
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

4

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
betqiuqiu.com (4)	unknown	2019-08-10 09:52:17	2023-04-06 23:49:34	1539	4049	23.254.132.245
www.hostwinds.com (1)	unknown	2012-09-30 17:17:20	2023-08-18 03:16:12	457	12516	104.18.7.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-22	medium	betqiuqiu.com	Sinkholed
2023-09-22	medium	betqiuqiu.com	Sinkholed
2023-09-22	medium	betqiuqiu.com	Sinkholed
2023-09-22	medium	betqiuqiu.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

betqiuqiu.com/

23.254.132.245

683

URL User Request GET

betqiuqiu.com/
IP

23.254.132.245:0
ASN

#54290 HOSTWINDS

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators

Size

683
Hash

6371befc85069a96b0cb3c52e754a55a

de3def799f60ce2a16721687937ffb2a3f9bd3ae

db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET / HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 683
date: Fri, 22 Sep 2023 21:26:40 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

betqiuqiu.com/cgi-sys/suspendedpage.cgi

23.254.132.245

200 OK

814

URL GET HTTP/1.1

betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP

23.254.132.245:80
ASN

#54290 HOSTWINDS

Requested by

http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

Size

814
Hash

dcb6f86ac7f8d3e9c23608fdb2714550

5eb2a51d85a3688ae76a606d01884bf3156f9c36

5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 814
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 22 Sep 2023 21:26:40 GMT
server: LiteSpeed

www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png

104.18.7.250

200 OK

11566

URL GET HTTP/2

www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png
IP

104.18.7.250:443
ASN

#13335 CLOUDFLARENET

Requested by

http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
Certificate

IssuerCloudflare, Inc.

Subjecthostwinds.com

Fingerprint45:84:45:89:D0:EB:E3:0F:48:E0:B1:DD:89:2B:64:FE:87:98:18:82

ValidityMon, 31 Oct 2022 00:00:00 GMT - Mon, 30 Oct 2023 23:59:59 GMT

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

11566
Hash

dbcf9ced120c881433cf5a83a1525876

3305331e79843868c3dc65fcbf660881d3f20cba

4965a9768d7257c0e35b52bd91bc3027d7ea3cdd0359246b4d357181a7c61f63

HTTP Headers

                                        GET /images/partners/hosted-by-hostwinds-alien.png HTTP/1.1
Host: www.hostwinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://betqiuqiu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Fri, 22 Sep 2023 21:26:41 GMT
content-type: image/webp
content-length: 11566
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=21238
content-disposition: inline; filename="hosted-by-hostwinds-alien.webp"
access-control-allow-origin: *
etag: "52f6-64e9f81e;gz"
last-modified: Sat, 26 Aug 2023 13:03:26 GMT
vary: Accept
cf-cache-status: HIT
age: 1769014
accept-ranges: bytes
set-cookie: __cf_bm=m3FfyipIpb.3pk_g.Yn8cXkYzu6ZimHxrjbaAgm4R78-1695418001-0-AVeH0GObFh3FLw9OXruSTqoeyrrF2/bcu/ryhSf7p8US+gvgs+EkBGlTigXJluPjw9Z/WLpVUa5XgzVs/CPUXqDyM8NBc8CNjxVEx1vdIRo6; path=/; expires=Fri, 22-Sep-23 21:56:41 GMT; domain=.hostwinds.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 80ada0abea5db523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

betqiuqiu.com/favicon.ico

23.254.132.245

302 Found

683

URL GET HTTP/1.1

betqiuqiu.com/favicon.ico
IP

23.254.132.245:80
ASN

#54290 HOSTWINDS

Requested by

http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators

Size

683
Hash

6371befc85069a96b0cb3c52e754a55a

de3def799f60ce2a16721687937ffb2a3f9bd3ae

db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 683
date: Fri, 22 Sep 2023 21:26:41 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

betqiuqiu.com/cgi-sys/suspendedpage.cgi

23.254.132.245

200 OK

820

URL GET HTTP/1.1

betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP

23.254.132.245:80
ASN

#54290 HOSTWINDS

Requested by

http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

Size

820
Hash

dcb6f86ac7f8d3e9c23608fdb2714550

5eb2a51d85a3688ae76a606d01884bf3156f9c36

5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 22 Sep 2023 21:26:41 GMT
server: LiteSpeed

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers