Report - betqiuqiu.com/

Report Overview

Visited public
2023-09-22 21:26:57
Tags
Submit Tags
URL
betqiuqiu.com/
Finishing URL
betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP / ASN
23.254.132.245
#54290 HOSTWINDS
Title
Website Suspended Contact Hostwinds Support

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
betqiuqiu.com	unknown	unknown	2019-08-10 09:52:17	2023-04-06 23:49:34	1.5 kB	4.0 kB	23.254.132.245
www.hostwinds.com	unknown	2010-07-07	2012-09-30 17:17:20	2023-08-18 03:16:12	457 B	12 kB	104.18.7.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-22	medium	betqiuqiu.com	Sinkholed
2023-09-22	medium	betqiuqiu.com	Sinkholed
2023-09-22	medium	betqiuqiu.com	Sinkholed
2023-09-22	medium	betqiuqiu.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

GET betqiuqiu.com/

23.254.132.245

683 B

URL User Request GET
betqiuqiu.com/
IP
23.254.132.245:0
ASN
#54290 HOSTWINDS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
683 B (683 bytes)
Hash
6371befc85069a96b0cb3c52e754a55a
de3def799f60ce2a16721687937ffb2a3f9bd3ae
db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 683
date: Fri, 22 Sep 2023 21:26:40 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

GET betqiuqiu.com/cgi-sys/suspendedpage.cgi

23.254.132.245

200 OK

814 B

URL GET HTTP/1.1
betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP
23.254.132.245:80
ASN
#54290 HOSTWINDS

Requested by
http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
814 B (814 bytes)
Hash
dcb6f86ac7f8d3e9c23608fdb2714550
5eb2a51d85a3688ae76a606d01884bf3156f9c36
5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 814
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 22 Sep 2023 21:26:40 GMT
server: LiteSpeed

GET www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png

104.18.7.250

200 OK

12 kB

URL GET HTTP/2
www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png
IP
104.18.7.250:443
ASN
#13335 CLOUDFLARENET

Requested by
http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
Certificate
IssuerCloudflare, Inc.
Subjecthostwinds.com
Fingerprint45:84:45:89:D0:EB:E3:0F:48:E0:B1:DD:89:2B:64:FE:87:98:18:82
ValidityMon, 31 Oct 2022 00:00:00 GMT - Mon, 30 Oct 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
12 kB (11566 bytes)
Hash
dbcf9ced120c881433cf5a83a1525876
3305331e79843868c3dc65fcbf660881d3f20cba
4965a9768d7257c0e35b52bd91bc3027d7ea3cdd0359246b4d357181a7c61f63

HTTP Headers

GET /images/partners/hosted-by-hostwinds-alien.png HTTP/1.1
Host: www.hostwinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://betqiuqiu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 21:26:41 GMT
content-type: image/webp
content-length: 11566
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=21238
content-disposition: inline; filename="hosted-by-hostwinds-alien.webp"
access-control-allow-origin: *
etag: "52f6-64e9f81e;gz"
last-modified: Sat, 26 Aug 2023 13:03:26 GMT
vary: Accept
cf-cache-status: HIT
age: 1769014
accept-ranges: bytes
set-cookie: __cf_bm=m3FfyipIpb.3pk_g.Yn8cXkYzu6ZimHxrjbaAgm4R78-1695418001-0-AVeH0GObFh3FLw9OXruSTqoeyrrF2/bcu/ryhSf7p8US+gvgs+EkBGlTigXJluPjw9Z/WLpVUa5XgzVs/CPUXqDyM8NBc8CNjxVEx1vdIRo6; path=/; expires=Fri, 22-Sep-23 21:56:41 GMT; domain=.hostwinds.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 80ada0abea5db523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET betqiuqiu.com/favicon.ico

23.254.132.245

302 Found

683 B

URL GET HTTP/1.1
betqiuqiu.com/favicon.ico
IP
23.254.132.245:80
ASN
#54290 HOSTWINDS

Requested by
http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
683 B (683 bytes)
Hash
6371befc85069a96b0cb3c52e754a55a
de3def799f60ce2a16721687937ffb2a3f9bd3ae
db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 683
date: Fri, 22 Sep 2023 21:26:41 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

GET betqiuqiu.com/cgi-sys/suspendedpage.cgi

23.254.132.245

200 OK

820 B

URL GET HTTP/1.1
betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP
23.254.132.245:80
ASN
#54290 HOSTWINDS

Requested by
http://betqiuqiu.com/cgi-sys/suspendedpage.cgi

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
820 B (820 bytes)
Hash
dcb6f86ac7f8d3e9c23608fdb2714550
5eb2a51d85a3688ae76a606d01884bf3156f9c36
5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 22 Sep 2023 21:26:41 GMT
server: LiteSpeed

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers