23.254.132.245 683 B IP 23.254.132.245:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 6371befc85069a96b0cb3c52e754a55a
de3def799f60ce2a16721687937ffb2a3f9bd3ae
db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 683
date: Fri, 22 Sep 2023 21:26:40 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
betqiuqiu.com/cgi-sys/suspendedpage.cgi
23.254.132.245200 OK 814 B URL GET HTTP/1.1 betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP 23.254.132.245:80
Requested by http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash dcb6f86ac7f8d3e9c23608fdb2714550
5eb2a51d85a3688ae76a606d01884bf3156f9c36
5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 814
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 22 Sep 2023 21:26:40 GMT
server: LiteSpeed
www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png
104.18.7.250200 OK 12 kB URL GET HTTP/2 www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png
IP 104.18.7.250:443
Requested by http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
Certificate IssuerCloudflare, Inc.
Subjecthostwinds.com
Fingerprint45:84:45:89:D0:EB:E3:0F:48:E0:B1:DD:89:2B:64:FE:87:98:18:82
ValidityMon, 31 Oct 2022 00:00:00 GMT - Mon, 30 Oct 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash dbcf9ced120c881433cf5a83a1525876
3305331e79843868c3dc65fcbf660881d3f20cba
4965a9768d7257c0e35b52bd91bc3027d7ea3cdd0359246b4d357181a7c61f63
GET /images/partners/hosted-by-hostwinds-alien.png HTTP/1.1
Host: www.hostwinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://betqiuqiu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 22 Sep 2023 21:26:41 GMT
content-type: image/webp
content-length: 11566
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=21238
content-disposition: inline; filename="hosted-by-hostwinds-alien.webp"
access-control-allow-origin: *
etag: "52f6-64e9f81e;gz"
last-modified: Sat, 26 Aug 2023 13:03:26 GMT
vary: Accept
cf-cache-status: HIT
age: 1769014
accept-ranges: bytes
set-cookie: __cf_bm=m3FfyipIpb.3pk_g.Yn8cXkYzu6ZimHxrjbaAgm4R78-1695418001-0-AVeH0GObFh3FLw9OXruSTqoeyrrF2/bcu/ryhSf7p8US+gvgs+EkBGlTigXJluPjw9Z/WLpVUa5XgzVs/CPUXqDyM8NBc8CNjxVEx1vdIRo6; path=/; expires=Fri, 22-Sep-23 21:56:41 GMT; domain=.hostwinds.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 80ada0abea5db523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
betqiuqiu.com/favicon.ico
23.254.132.245302 Found 683 B URL GET HTTP/1.1 betqiuqiu.com/favicon.ico
IP 23.254.132.245:80
Requested by http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 6371befc85069a96b0cb3c52e754a55a
de3def799f60ce2a16721687937ffb2a3f9bd3ae
db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 683
date: Fri, 22 Sep 2023 21:26:41 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
betqiuqiu.com/cgi-sys/suspendedpage.cgi
23.254.132.245200 OK 820 B URL GET HTTP/1.1 betqiuqiu.com/cgi-sys/suspendedpage.cgi
IP 23.254.132.245:80
Requested by http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash dcb6f86ac7f8d3e9c23608fdb2714550
5eb2a51d85a3688ae76a606d01884bf3156f9c36
5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: betqiuqiu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 22 Sep 2023 21:26:41 GMT
server: LiteSpeed