{"report_id":"a8efb6e0-aefa-428c-b652-0ec6ba51ba88","version":6,"status":"done","tags":[],"date":"2023-09-22T21:26:57Z","url":{"schema":"http","addr":"betqiuqiu.com/","fqdn":"betqiuqiu.com","domain":"betqiuqiu.com","tld":"com"},"ip":{"addr":"23.254.132.245","port":0,"asn":54290,"as":"HOSTWINDS","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"betqiuqiu.com/cgi-sys/suspendedpage.cgi","fqdn":"betqiuqiu.com","domain":"betqiuqiu.com","tld":"com"},"title":"Website Suspended Contact Hostwinds Support"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T21:59:53Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"betqiuqiu.com","ip":{"addr":"23.254.132.245","port":0,"asn":54290,"as":"HOSTWINDS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2019-08-10 09:52:17","last_seen":"2023-04-06 23:49:34","alert_count":4,"request_count":4,"received_data":4049,"sent_data":1539,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.hostwinds.com","ip":{"addr":"104.18.7.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2010-07-07","domain_rank":0,"first_seen":"2012-09-30 17:17:20","last_seen":"2023-08-18 03:16:12","alert_count":0,"request_count":1,"received_data":12516,"sent_data":457,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"betqiuqiu.com/","fqdn":"betqiuqiu.com","domain":"betqiuqiu.com","tld":"com"},"ip":{"addr":"23.254.132.245","port":0,"asn":54290,"as":"HOSTWINDS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-22T21:26:39.840Z","timestamp":1695417999840,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: betqiuqiu.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ncontent-length: 683\r\ndate: Fri, 22 Sep 2023 21:26:40 GMT\r\nserver: LiteSpeed\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\nlocation: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":683,"size_decoded":0,"mime_type":"","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"6371befc85069a96b0cb3c52e754a55a","sha1":"de3def799f60ce2a16721687937ffb2a3f9bd3ae","sha256":"db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77","sha512":"32af2a22ec623a342b451bb5010d861c9176ebdf7fb174096929c7bc9533c1bc5614f8b25afe4c5dec5161606489d56484a92707cd98864abb2606cd970b3680","ssdeep":"","tlshash":"90014e3ac142a80ad0233150f951eaa020548202238b1f106bdffb77f2ce2a35eb23cc","first_seen":"2023-04-05T06:46:57Z","last_seen":"2025-03-02T05:55:11.84724Z","times_seen":2988,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":285,"dns":0,"connect":138,"send":0,"wait":0,"receive":0,"ssl":158},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"betqiuqiu.com/cgi-sys/suspendedpage.cgi","fqdn":"betqiuqiu.com","domain":"betqiuqiu.com","tld":"com"},"ip":{"addr":"23.254.132.245","port":80,"asn":54290,"as":"HOSTWINDS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://betqiuqiu.com/cgi-sys/suspendedpage.cgi","date":"2023-09-22T21:26:41.796Z","timestamp":1695418001796,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cgi-sys/suspendedpage.cgi HTTP/1.1\r\nHost: betqiuqiu.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ncontent-length: 814\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Fri, 22 Sep 2023 21:26:40 GMT\r\nserver: LiteSpeed\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":814,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text","md5":"dcb6f86ac7f8d3e9c23608fdb2714550","sha1":"5eb2a51d85a3688ae76a606d01884bf3156f9c36","sha256":"5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e","sha512":"c28b322dfa72e8e88a31ca262c72888138af4a498526a90a60c5888b3bf55aef018cf8d070a0cf18d261c24f7055669f28069a51001802f5b694032a0b51ef4f","ssdeep":"","tlshash":"da31510ba0e3961a30570e4833dfb7446a0d1d9b5507bea477da6260cfcd297e1e279c","first_seen":"2023-04-07T01:17:27Z","last_seen":"2026-05-03T11:34:56.269404Z","times_seen":48,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hostwinds.com/images/partners/hosted-by-hostwinds-alien.png","fqdn":"www.hostwinds.com","domain":"hostwinds.com","tld":"com"},"ip":{"addr":"104.18.7.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://betqiuqiu.com/cgi-sys/suspendedpage.cgi","date":"2023-09-22T21:26:41.445Z","timestamp":1695418001445,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hostwinds.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Mon, 31 Oct 2022 00:00:00 GMT","end":"Mon, 30 Oct 2023 23:59:59 GMT"},"fingerprint":{"sha1":"45:84:45:89:D0:EB:E3:0F:48:E0:B1:DD:89:2B:64:FE:87:98:18:82","sha256":"B8:0D:6E:4F:45:87:A1:C5:FF:1B:60:D7:7B:5C:73:F6:BF:68:11:63:27:1E:C3:70:88:7F:7A:FB:F7:62:DF:98"}}},"request":{"raw":"GET /images/partners/hosted-by-hostwinds-alien.png HTTP/1.1\r\nHost: www.hostwinds.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://betqiuqiu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 Sep 2023 21:26:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11566\r\ncache-control: public, max-age=31536000\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=21238\r\ncontent-disposition: inline; filename=\"hosted-by-hostwinds-alien.webp\"\r\naccess-control-allow-origin: *\r\netag: \"52f6-64e9f81e;gz\"\r\nlast-modified: Sat, 26 Aug 2023 13:03:26 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 1769014\r\naccept-ranges: bytes\r\nset-cookie: __cf_bm=m3FfyipIpb.3pk_g.Yn8cXkYzu6ZimHxrjbaAgm4R78-1695418001-0-AVeH0GObFh3FLw9OXruSTqoeyrrF2/bcu/ryhSf7p8US+gvgs+EkBGlTigXJluPjw9Z/WLpVUa5XgzVs/CPUXqDyM8NBc8CNjxVEx1vdIRo6; path=/; expires=Fri, 22-Sep-23 21:56:41 GMT; domain=.hostwinds.com; HttpOnly; Secure; SameSite=None\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 80ada0abea5db523-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11566,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image\\012- data","md5":"dbcf9ced120c881433cf5a83a1525876","sha1":"3305331e79843868c3dc65fcbf660881d3f20cba","sha256":"4965a9768d7257c0e35b52bd91bc3027d7ea3cdd0359246b4d357181a7c61f63","sha512":"70d38b279ee49e47cbb595b8354fe2b4d785c503d98f6d476aefba98037747a8cbb480848175a30f79792c5699cd8eea103f98b5eb445c2f895cfb6448920caf","ssdeep":"192:2vPY92x/i/m4icicX2Z8Uq8puc75WgYNy/6QhZz9qzAHk56R8NmFrF58+lUy:uO+/i/bX2alIuc75pjLrU8QKr0AF","tlshash":"a332af8727b2f975ebd0b0af4a7ef046d320a16017d58ac6c707564e731b539aae3780","first_seen":"2023-05-21T15:18:49Z","last_seen":"2025-02-01T02:29:28.336713Z","times_seen":588,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":46,"dns":31,"connect":1,"send":0,"wait":10,"receive":2,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"betqiuqiu.com/favicon.ico","fqdn":"betqiuqiu.com","domain":"betqiuqiu.com","tld":"com"},"ip":{"addr":"23.254.132.245","port":80,"asn":54290,"as":"HOSTWINDS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://betqiuqiu.com/cgi-sys/suspendedpage.cgi","date":"2023-09-22T21:26:41.651Z","timestamp":1695418001651,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: betqiuqiu.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ncontent-length: 683\r\ndate: Fri, 22 Sep 2023 21:26:41 GMT\r\nserver: LiteSpeed\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\nlocation: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":683,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"6371befc85069a96b0cb3c52e754a55a","sha1":"de3def799f60ce2a16721687937ffb2a3f9bd3ae","sha256":"db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77","sha512":"32af2a22ec623a342b451bb5010d861c9176ebdf7fb174096929c7bc9533c1bc5614f8b25afe4c5dec5161606489d56484a92707cd98864abb2606cd970b3680","ssdeep":"","tlshash":"90014e3ac142a80ad0233150f951eaa020548202238b1f106bdffb77f2ce2a35eb23cc","first_seen":"2023-04-05T06:46:57Z","last_seen":"2025-03-02T05:55:11.84724Z","times_seen":2988,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"betqiuqiu.com/cgi-sys/suspendedpage.cgi","fqdn":"betqiuqiu.com","domain":"betqiuqiu.com","tld":"com"},"ip":{"addr":"23.254.132.245","port":80,"asn":54290,"as":"HOSTWINDS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://betqiuqiu.com/cgi-sys/suspendedpage.cgi","date":"2023-09-22T21:26:41.796Z","timestamp":1695418001796,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cgi-sys/suspendedpage.cgi HTTP/1.1\r\nHost: betqiuqiu.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://betqiuqiu.com/cgi-sys/suspendedpage.cgi\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ntransfer-encoding: chunked\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Fri, 22 Sep 2023 21:26:41 GMT\r\nserver: LiteSpeed\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":820,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text","md5":"dcb6f86ac7f8d3e9c23608fdb2714550","sha1":"5eb2a51d85a3688ae76a606d01884bf3156f9c36","sha256":"5bcef930a126905a57534af2c6c5d0b7726d1568806f80600ce94dcc3165783e","sha512":"c28b322dfa72e8e88a31ca262c72888138af4a498526a90a60c5888b3bf55aef018cf8d070a0cf18d261c24f7055669f28069a51001802f5b694032a0b51ef4f","ssdeep":"","tlshash":"da31510ba0e3961a30570e4833dfb7446a0d1d9b5507bea477da6260cfcd297e1e279c","first_seen":"2023-04-07T01:17:27Z","last_seen":"2026-05-03T11:34:56.269404Z","times_seen":48,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-22","alert":"Sinkholed","trigger":"betqiuqiu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}