Report - dramms.2kool4u.net/

Report Overview

Visitedpublic

2025-04-19 19:42:14

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dramms.2kool4u.net	unknown	2006-11-26	2025-04-19	2025-04-19	2.3 kB	15 kB	185.27.134.221
suspended-website.com	343547	2018-08-17	2018-08-19	2025-04-16	9.2 kB	44 kB	185.27.134.19
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-04-16	1.5 kB	184 kB	104.18.10.207
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-16	1.5 kB	870 kB	142.250.74.136
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-04-16	366 B	80 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed
2025-04-19	medium	suspended-website.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	suspended-website.com/index.php?host=dramms.2kool4u.net	ScriptElement	341 B	2025-03-13	2025-06-04
URL suspended-website.com/index.php?host=dramms.2kool4u.net IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-06-04 Times Seen 121 Size 341 B (341 bytes) MD5 a3ffb8b8883a988b5360ff03b611d95a SHA1 1143c4eb9ae8be2545b2cfca5518d66990c1367b SHA256 e924e275cbf0e62da188a3961846d2181cc4f81883271ddf76f1d044e30a0a2f Format Code Loading...

	suspended-website.com/k/	ScriptElement	341 B	2025-03-13	2025-06-04
URL suspended-website.com/k/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-06-04 Times Seen 121 Size 341 B (341 bytes) MD5 a3ffb8b8883a988b5360ff03b611d95a SHA1 1143c4eb9ae8be2545b2cfca5518d66990c1367b SHA256 e924e275cbf0e62da188a3961846d2181cc4f81883271ddf76f1d044e30a0a2f Format Code Loading...

	dramms.2kool4u.net/	ScriptElement	605 B	2025-04-19	2025-04-19
URL dramms.2kool4u.net/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-04-19 Last Seen 2025-04-19 Times Seen 1 Size 605 B (605 bytes) MD5 71bfec3e8d11537607acb707b315b2e5 SHA1 fd057ee777a17daba38cb01d4c29529d749b5899 SHA256 6f2e9cc305ead618f5fcba5c9949f48a61b78196d0d5f4bc642b173b0541e617 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3v838183051za200&tag_exp=101509157~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316	ScriptElement	358 kB	2025-04-19	2025-04-19
URL www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3v838183051za200&tag_exp=101509157~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316 IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-19 Last Seen 2025-04-19 Times Seen 2 Size 358 kB (357908 bytes) MD5 e7c5fcf8592c9855222a34743e1cd737 SHA1 31b6f30e10952e905642d56e4fcfe63fa0deb3cb SHA256 e2f48894f79f75abd8a160bc8f7fd1f8cfb2cf2afb6c41efb2eb537cecc0222c Format Code Loading...

	suspended-website.com/k/	ScriptElement	93 B	2025-03-13	2025-06-05
URL suspended-website.com/k/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-06-05 Times Seen 120 Size 93 B (93 bytes) MD5 44680c4cb7b1a13d35d7a9486b93db48 SHA1 8b5ff0e7a93baee4764c31310e960b22a5040f05 SHA256 cf7b09dc1397cb7ec6ecd5539da385f547e0aef8f20cdc8258260f34c41305d5 Format Code Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-08-03
URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP / ASN 104.18.10.207 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 36420 Size 37 kB (37045 bytes) MD5 5869c96cc8f19086aee625d670d741f9 SHA1 430a443d74830fe9be26efca431f448c1b3740f9 SHA256 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Format Code Loading...

	suspended-website.com/index.php?host=dramms.2kool4u.net	ScriptElement	102 B	2025-03-13	2025-04-19
URL suspended-website.com/index.php?host=dramms.2kool4u.net IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-04-19 Times Seen 6 Size 102 B (102 bytes) MD5 12809b2f26340e29a7f6449900aa0462 SHA1 9ce4c5fe097c67d749d538bf9371277c5a50c524 SHA256 1fb009125f64d2681d1d048df9878b2290b182e491880093b5a8b057f9e13816 Format Code Loading...

	suspended-website.com/k/	ScriptElement	83 B	2025-03-13	2025-06-05
URL suspended-website.com/k/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-06-05 Times Seen 64 Size 83 B (83 bytes) MD5 1bcc56c39c463c752f3c451bae1d1954 SHA1 77ba99b26395560ecf5700a88dca724bce2c1369 SHA256 771f95ec86425a84a45c7edb36794e57eec0df6bef7071016f9ce4b12c43bba6 Format Code Loading...

	dramms.2kool4u.net/aes.js	ScriptElement	14 kB	2023-10-15	2025-08-03
URL dramms.2kool4u.net/aes.js IP / ASN 185.27.134.221 #34119 Wildcard UK Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-15 Last Seen 2025-08-03 Times Seen 3652 Size 14 kB (13733 bytes) MD5 fc66e046447092c606f2587837f96874 SHA1 fcf354a8044f494ee1f9fe868dde3f570f50e593 SHA256 5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96 Format Code Loading...

	suspended-website.com/k/	ScriptElement	43 B	2025-03-13	2025-06-05
URL suspended-website.com/k/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-06-05 Times Seen 122 Size 43 B (43 bytes) MD5 53095aa8a1a84824506069c51cf56b28 SHA1 ac4b8c00b617691c9fa2983f74c516dddd6ea5e8 SHA256 246ffa27a9e3f7320d084c17b5e57370e48d63e1965dcff4757834f0f083eff3 Format Code Loading...

	suspended-website.com/k/	ScriptElement	73 B	2025-03-13	2025-06-05
URL suspended-website.com/k/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-13 Last Seen 2025-06-05 Times Seen 121 Size 73 B (73 bytes) MD5 3d03d722d6d22aa7e53ae92d2c168865 SHA1 ce43e3d728b3d87af84f522a89b59aeee2ab3adf SHA256 ade3a9d0db6e28dea9b26226aeb3eec852e9d07684668cac0016abaf557e00b4 Format Code Loading...

	suspended-website.com/k/	ScriptElement	29 B	2025-04-19	2025-04-19
URL suspended-website.com/k/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-19 Last Seen 2025-04-19 Times Seen 1 Size 29 B (29 bytes) MD5 4aed52979f51f2e429631e49910b061d SHA1 7d30e3ac3dda9e6a109cfc505318f2dd56244ab6 SHA256 7af96b8b4c4e442ff73931eb60d7a6963fe1db90b5ff9aaca5dc745c383236f5 Format Code Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js	ScriptElement	79 kB	2023-03-07	2025-08-03
URL ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js IP / ASN 142.250.74.106 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 7643 Size 79 kB (78601 bytes) MD5 73a9c334c5ca71d70d092b42064f6476 SHA1 b75990598ee8d3895448ed9d08726af63109f842 SHA256 517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c Format Code Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9	ScriptElement	255 kB	2025-04-19	2025-04-19
URL www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9 IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-19 Last Seen 2025-04-19 Times Seen 1 Size 255 kB (254684 bytes) MD5 a70df902b5acb940d2406dd5a6bfe2c8 SHA1 d6b6ae6a2360a83c146b8c8ee828f3e62f77d365 SHA256 72731fc01b97a3a30343f02044a48e269768d630189ba13a48be8892111fec0a Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3h1v838183051za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316	ScriptElement	358 kB	2025-04-19	2025-04-19
URL www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3h1v838183051za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316 IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-19 Last Seen 2025-04-19 Times Seen 1 Size 358 kB (357908 bytes) MD5 ec2f2918e6e2b67bc445a7f9ebe1a370 SHA1 1f830afcbfc6bf9d9ffd46499a0f1330b441e5ca SHA256 b04711654cbf094bb26dfbf58800ca3120418200a52bb01b9b2cdb2ecad9ad34 Format Code Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9	ScriptElement	255 kB	2025-04-19	2025-04-19
URL www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9 IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-19 Last Seen 2025-04-19 Times Seen 1 Size 255 kB (254714 bytes) MD5 6ddbe6f9788e49486cd19b7cf5741a18 SHA1 e4a36e446fd1f5206cb3b34a573258e9546beaa4 SHA256 b339b81cfeb90c7345505e1e5a116673b3266751f24854e23278e9299a91597e Format Code Loading...

HTTP Transactions (31)

URL IP Response Size

GET suspended-website.com/favicon.ico

185.27.134.19

200 OK

804 B

URL

suspended-website.com/favicon.ico

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/index.php?host=dramms.2kool4u.net

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-04-07

Last Seen2025-05-03

Times Seen63

Size804 B (804 bytes)

MD58364a096d57b389783abb78b94d93dcd

SHA1c8979b48d76a04d713393d58556c80a48f3af86c

SHA256cf8d338e78595af33d02960c996f106cef4959d3fadc9cde78f357bdf10f04ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/index.php?host=dramms.2kool4u.net
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:41:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

GET maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.10.207

200 OK

37 kB

URL

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

IP / ASN

104.18.10.207

#13335 CLOUDFLARENET

Requested byhttp://suspended-website.com/k/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32033)

First Seen2023-03-07

Last Seen2025-08-03

Times Seen36420

Size37 kB (37045 bytes)

MD55869c96cc8f19086aee625d670d741f9

SHA1430a443d74830fe9be26efca431f448c1b3740f9

SHA25653964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Certificate Info

IssuerGoogle Trust Services

Subjectbootstrapcdn.com

Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE

ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 19:41:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 03/13/2024 15:19:43
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1053
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 632ceccbdf636b11a57754734f23cf5b
cdn-cache: HIT
cf-cache-status: HIT
age: 26805122
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 932ee1f0daebb511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET suspended-website.com/favicon.ico

185.27.134.19

200 OK

804 B

URL

suspended-website.com/favicon.ico

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-04-05

Last Seen2025-05-02

Times Seen50

Size804 B (804 bytes)

MD5aba900f809c50e81cf763449307e8062

SHA1712614668ae7a35bb50cd5ed0b8e48b09d48ca60

SHA256978ef20d7b7978dc8015dd150f932a16b478095ea0cc03b3587b749529809cd2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

GET suspended-website.com/index.php?host=dramms.2kool4u.net

0.0.0.0

0 B

URL

suspended-website.com/index.php?host=dramms.2kool4u.net

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619463

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.php?host=dramms.2kool4u.net HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dramms.2kool4u.net/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

142.250.74.136

200 OK

255 kB

URL

www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttp://suspended-website.com/index.php?host=dramms.2kool4u.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2587)

First Seen2025-04-19

Last Seen2025-04-19

Times Seen1

Size255 kB (254714 bytes)

MD56ddbe6f9788e49486cd19b7cf5741a18

SHA1e4a36e446fd1f5206cb3b34a573258e9546beaa4

SHA256b339b81cfeb90c7345505e1e5a116673b3266751f24854e23278e9299a91597e

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01

ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

HTTP Headers

GET /gtm.js?id=GTM-M2K2KL9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Apr 2025 19:41:56 GMT
expires: Sat, 19 Apr 2025 19:41:56 GMT
cache-control: private, max-age=900
last-modified: Sat, 19 Apr 2025 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1297:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1297:0
report-to: {"group":"ascgcycc:1297:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1297:0"}],}
server: Google Tag Manager
content-length: 87398
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.10.207

200 OK

121 kB

URL

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

IP / ASN

104.18.10.207

#13335 CLOUDFLARENET

Requested byhttp://suspended-website.com/k/

Resource Info

File typeASCII text, with very long lines (65371)

First Seen2023-04-05

Last Seen2025-08-03

Times Seen26438

Size121 kB (121200 bytes)

MD5ec3bb52a00e176a7181d454dffaea219

SHA16527d8bf3e1e9368bab8c7b60f56bc01fa3afd68

SHA256f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Certificate Info

IssuerGoogle Trust Services

Subjectbootstrapcdn.com

Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE

ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 19:41:59 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 10/31/2023 18:51:53
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 852
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: cfd802fce195bdeaedd94c5d20c699c5
cdn-cache: HIT
cf-cache-status: HIT
age: 713763
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 932ee1f0eb0eb511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET suspended-website.com/poweredByWorldPay.gif

185.27.134.19

200 OK

3.9 kB

URL

suspended-website.com/poweredByWorldPay.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 139 x 33

First Seen2023-04-05

Last Seen2025-06-23

Times Seen693

Size3.9 kB (3862 bytes)

MD5a4f9362c7bdf471440ef07a0bb66ef5c

SHA1d45ff2bfd8d5d9dd21c6f90138a025ea93034381

SHA256ebc7d18a4ca1a678db3395431336394cd41b0235655c72abed86c8e1ed91c783

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /poweredByWorldPay.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 3862
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-f16"
Accept-Ranges: bytes

GET suspended-website.com/diners.gif

185.27.134.19

200 OK

2.5 kB

URL

suspended-website.com/diners.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 62 x 40

First Seen2023-04-05

Last Seen2025-06-23

Times Seen689

Size2.5 kB (2504 bytes)

MD5d2eb8e8405a9c28b53585f22c4f081c0

SHA13270daa45b4d443a3bccf9aec301601300186ca0

SHA25606595c098d5353960932c86e86dc03f77af77d6d5cfca543a9e9b95cc2dcc3a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /diners.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 2504
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-9c8"
Accept-Ranges: bytes

GET suspended-website.com/alipay-small-whitebg.png

185.27.134.19

200 OK

7.2 kB

URL

suspended-website.com/alipay-small-whitebg.png

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typePNG image data, 268 x 80, 8-bit/color RGB, non-interlaced

First Seen2023-04-05

Last Seen2025-06-23

Times Seen691

Size7.2 kB (7198 bytes)

MD5113e8ad310298f91dd053b2f0d862651

SHA1942305e037e1f20c6f899ac49a5c7af83d2974df

SHA256ce2ae198d2de949a94aa3106d5738cd5ffa24826770172efb907dc100c38267d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /alipay-small-whitebg.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/png
Content-Length: 7198
Last-Modified: Fri, 22 May 2020 08:34:54 GMT
Connection: keep-alive
ETag: "5ec78eae-1c1e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GET suspended-website.com/2co11.jpg

185.27.134.19

200 OK

8.4 kB

URL

suspended-website.com/2co11.jpg

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typePNG image data, 94 x 54, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-06-23

Times Seen688

Size8.4 kB (8363 bytes)

MD53cfd0c2bce4455fd4dae042e07effb6f

SHA119b7b698a5fc951be35f51d83e162312bf03ba91

SHA25614dceeb23e61280103e57d809dfa132168fe087df2222b2ddbabf8ab9e20b655

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2co11.jpg HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/jpeg
Content-Length: 8363
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-20ab"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GET www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

142.250.74.136

200 OK

255 kB

URL

www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttp://suspended-website.com/k/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2587)

First Seen2025-04-19

Last Seen2025-04-19

Times Seen1

Size255 kB (254684 bytes)

MD5a70df902b5acb940d2406dd5a6bfe2c8

SHA1d6b6ae6a2360a83c146b8c8ee828f3e62f77d365

SHA25672731fc01b97a3a30343f02044a48e269768d630189ba13a48be8892111fec0a

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01

ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

HTTP Headers

GET /gtm.js?id=GTM-M2K2KL9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Apr 2025 19:42:00 GMT
expires: Sat, 19 Apr 2025 19:42:00 GMT
cache-control: private, max-age=900
last-modified: Sat, 19 Apr 2025 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1297:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1297:0
report-to: {"group":"ascgcycc:1297:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1297:0"}],}
server: Google Tag Manager
content-length: 87375
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET suspended-website.com/k/

0.0.0.0

0 B

URL

suspended-website.com/k/

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619463

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/ HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://suspended-website.com/index.php?host=dramms.2kool4u.net
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET suspended-website.com/k/

185.27.134.19

200 OK

4.9 kB

URL

suspended-website.com/k/

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2025-04-18

Last Seen2025-06-04

Times Seen25

Size4.9 kB (4883 bytes)

MD5684e9f8b94107aa6a05c46906fb74dce

SHA1ffad083d68f87926626d20673245665ba610ed84

SHA25633cbd0f92855f96b6b1136d5d3417d373ce70c1530ba3e02d7be17da09ce0fe5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/ HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://suspended-website.com/index.php?host=dramms.2kool4u.net
DNT: 1
Connection: keep-alive
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:41:58 GMT
Content-Type: text/html
Content-Length: 4883
Last-Modified: Wed, 06 Mar 2024 08:34:24 GMT
Connection: keep-alive
ETag: "65e82a90-1313"
Accept-Ranges: bytes

GET ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

142.250.74.106

200 OK

79 kB

URL

ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

IP / ASN

142.250.74.106

#15169 GOOGLE

Requested byhttp://suspended-website.com/k/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (820)

First Seen2023-03-07

Last Seen2025-08-03

Times Seen7643

Size79 kB (78601 bytes)

MD573a9c334c5ca71d70d092b42064f6476

SHA1b75990598ee8d3895448ed9d08726af63109f842

SHA256517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c

HTTP Headers

GET /ajax/libs/jquery/1.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 27266
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 18 Apr 2025 02:28:02 GMT
Expires: Sat, 18 Apr 2026 02:28:02 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 148437

GET suspended-website.com/maestro.gif

185.27.134.19

200 OK

1.3 kB

URL

suspended-website.com/maestro.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 63 x 40

First Seen2023-04-05

Last Seen2025-06-23

Times Seen690

Size1.3 kB (1259 bytes)

MD5618e71ec2e6eaec9a1b07c22a8c57328

SHA1538707864db64379566f05d70c88ea52ff0d91b9

SHA2566d6614f8558be21c37174b8747d499f20723def8ac133d5db6b211df10bd8a8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /maestro.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:41:59 GMT
Content-Type: image/gif
Content-Length: 1259
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-4eb"
Accept-Ranges: bytes

GET suspended-website.com/JCB.gif

185.27.134.19

200 OK

1.7 kB

URL

suspended-website.com/JCB.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 52 x 40

First Seen2023-04-05

Last Seen2025-06-23

Times Seen689

Size1.7 kB (1672 bytes)

MD55172d28e70898afe10a55baf9e971f75

SHA1553557d2fc06809ab4b53ce6d8c58482a0c06439

SHA256ff060c6ee3bf890b183488f70dcd8e23751d13bd8855a7bf0737e0509d51d361

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JCB.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 1672
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-688"
Accept-Ranges: bytes

GET suspended-website.com/index.php?host=dramms.2kool4u.net

185.27.134.19

200 OK

804 B

URL

suspended-website.com/index.php?host=dramms.2kool4u.net

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-04-07

Last Seen2025-05-03

Times Seen63

Size804 B (804 bytes)

MD58364a096d57b389783abb78b94d93dcd

SHA1c8979b48d76a04d713393d58556c80a48f3af86c

SHA256cf8d338e78595af33d02960c996f106cef4959d3fadc9cde78f357bdf10f04ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.php?host=dramms.2kool4u.net HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dramms.2kool4u.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:41:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

GET suspended-website.com/visa_electron.gif

185.27.134.19

200 OK

3.0 kB

URL

suspended-website.com/visa_electron.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 64 x 40

First Seen2023-04-07

Last Seen2025-06-23

Times Seen682

Size3.0 kB (3031 bytes)

MD563380435bb880533d140cc357e289a41

SHA184be72c2964ae4362723f67da0f42151335b10ab

SHA256d8bd24c799999e5391886682295810a1324ae9a74e66b8a2cbc0f1ef6f30e367

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visa_electron.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 3031
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-bd7"
Accept-Ranges: bytes

GET suspended-website.com/AMEX.gif

185.27.134.19

200 OK

558 B

URL

suspended-website.com/AMEX.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 43 x 40

First Seen2023-04-05

Last Seen2025-06-23

Times Seen690

Size558 B (558 bytes)

MD504180b3ee4b5c82c61ba1a91ee19a730

SHA1f084fd81f12ef45167bf670cac343730a6a06126

SHA2560c00b435dc46da8c2de0feab8d8de208e5e996920fcc2ebbb5e68678d09d504f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /AMEX.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:41:59 GMT
Content-Type: image/gif
Content-Length: 558
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-22e"
Accept-Ranges: bytes

GET suspended-website.com/ELV.gif

185.27.134.19

200 OK

682 B

URL

suspended-website.com/ELV.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 40 x 40

First Seen2023-04-07

Last Seen2025-06-23

Times Seen690

Size682 B (682 bytes)

MD5c219ebab1ec147ea03930eef086a00ca

SHA11791b33de02968c38097f6074a1a18400bef6293

SHA256f8e5a3fb5c87db5635b47ed5bae27a0fe470e01b1660104a75e298d4a37fb291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ELV.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 682
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-2aa"
Accept-Ranges: bytes

GET suspended-website.com/mastercard.gif

185.27.134.19

200 OK

709 B

URL

suspended-website.com/mastercard.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 62 x 40

First Seen2023-04-07

Last Seen2025-06-23

Times Seen691

Size709 B (709 bytes)

MD51e720b07845702afe9fdae261f35ca86

SHA163d65597e44b77c31abb46b18a5978f1b1e7ac5f

SHA256070360778f733cf27020baa93d0de59c24f76a4d62be31271c336a48902db589

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mastercard.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 709
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-2c5"
Accept-Ranges: bytes

GET www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3h1v838183051za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316

142.250.74.136

200 OK

358 kB

URL

www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3h1v838183051za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttp://suspended-website.com/k/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5436)

First Seen2025-04-19

Last Seen2025-04-19

Times Seen1

Size358 kB (357908 bytes)

MD5ec2f2918e6e2b67bc445a7f9ebe1a370

SHA11f830afcbfc6bf9d9ffd46499a0f1330b441e5ca

SHA256b04711654cbf094bb26dfbf58800ca3120418200a52bb01b9b2cdb2ecad9ad34

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01

ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

HTTP Headers

GET /gtag/js?id=G-TPL3V6D1KQ&l=dataLayer&cx=c&gtm=45He54g3h1v838183051za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Apr 2025 19:42:01 GMT
expires: Sat, 19 Apr 2025 19:42:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 121228
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET dramms.2kool4u.net/aes.js

185.27.134.221

200 OK

14 kB

URL

dramms.2kool4u.net/aes.js

IP / ASN

185.27.134.221

#34119 Wildcard UK Limited

Requested byhttp://dramms.2kool4u.net/

Resource Info

File typeASCII text, with very long lines (13733), with no line terminators

First Seen2023-10-15

Last Seen2025-08-03

Times Seen3652

Size14 kB (13733 bytes)

MD5fc66e046447092c606f2587837f96874

SHA1fcf354a8044f494ee1f9fe868dde3f570f50e593

SHA2565069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

HTTP Headers

GET /aes.js HTTP/1.1
Host: dramms.2kool4u.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dramms.2kool4u.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 19 Apr 2025 19:41:53 GMT
Content-Type: application/javascript
Content-Length: 13733
Last-Modified: Sun, 15 Oct 2023 16:54:07 GMT
Connection: keep-alive
ETag: "652c192f-35a5"
Accept-Ranges: bytes

GET dramms.2kool4u.net/?i=1

0.0.0.0

0 B

URL

dramms.2kool4u.net/?i=1

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619463

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?i=1 HTTP/1.1
Host: dramms.2kool4u.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dramms.2kool4u.net/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: __test=55ea4dc3e94d7f227d50537b7d2d4ef4
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET dramms.2kool4u.net/?i=1

185.27.134.221

302 Found

0 B

URL

dramms.2kool4u.net/?i=1

IP / ASN

185.27.134.221

#34119 Wildcard UK Limited

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619463

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?i=1 HTTP/1.1
Host: dramms.2kool4u.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dramms.2kool4u.net/
DNT: 1
Connection: keep-alive
Cookie: __test=55ea4dc3e94d7f227d50537b7d2d4ef4
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: openresty
Date: Sat, 19 Apr 2025 19:41:54 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 246
Connection: keep-alive
Location: http://suspended-website.com/index.php?host=dramms.2kool4u.net
Cache-Control: max-age=0
Expires: Sat, 19 Apr 2025 19:41:54 GMT

GET maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

104.18.10.207

200 OK

23 kB

URL

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

IP / ASN

104.18.10.207

#13335 CLOUDFLARENET

Requested byhttp://suspended-website.com/k/

Resource Info

File typeASCII text, with very long lines (23192)

First Seen2023-04-05

Last Seen2025-08-03

Times Seen2850

Size23 kB (23409 bytes)

MD5ab6b02efeaf178e0247b9504051472fb

SHA18256575374f430476bdcd49de98c77990229ce31

SHA256653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Certificate Info

IssuerGoogle Trust Services

Subjectbootstrapcdn.com

Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE

ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 19:41:59 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"ab6b02efeaf178e0247b9504051472fb"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 1417ce81a3fc14458aae98a0e1eef00f
cdn-cache: HIT
cf-cache-status: HIT
age: 24883365
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 932ee1f11b5ab511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET suspended-website.com/visa_debit.gif

185.27.134.19

200 OK

2.4 kB

URL

suspended-website.com/visa_debit.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 66 x 40

First Seen2023-04-05

Last Seen2025-06-23

Times Seen685

Size2.4 kB (2442 bytes)

MD539eb00a359b1e7889e8fc1492e6e8b54

SHA1d29360ad2a8ceb9e3b1acbbb5cb3152c6d07d435

SHA25606a0da77e15940e1f2fca30d2a86f811cd374210110291d192c9889f9bcb6658

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visa_debit.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 2442
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-98a"
Accept-Ranges: bytes

GET suspended-website.com/laser.gif

185.27.134.19

200 OK

1.1 kB

URL

suspended-website.com/laser.gif

IP / ASN

185.27.134.19

#34119 Wildcard UK Limited

Requested byhttp://suspended-website.com/k/

Resource Info

File typeGIF image data, version 89a, 36 x 40

First Seen2023-04-05

Last Seen2025-06-23

Times Seen690

Size1.1 kB (1105 bytes)

MD5108fb5c8584a064f33a1093b472944fa

SHA1ff1df0f23a3c5176feabf211858a021050c698e9

SHA25665a5093a1d6e9eab7c904a3b5a261c0564ec87634cd08d8cd5bdffd2c744f66a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /laser.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/k/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 19 Apr 2025 19:42:00 GMT
Content-Type: image/gif
Content-Length: 1105
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-451"
Accept-Ranges: bytes

GET dramms.2kool4u.net/

0.0.0.0

0 B

URL

dramms.2kool4u.net/

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619463

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: dramms.2kool4u.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET dramms.2kool4u.net/

185.27.134.221

200 OK

844 B

URL

dramms.2kool4u.net/

IP / ASN

185.27.134.221

#34119 Wildcard UK Limited

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (844), with no line terminators

First Seen2025-04-19

Last Seen2025-04-19

Times Seen1

Size844 B (844 bytes)

MD5fd331a4e0533633b0d7ec1c002e75c93

SHA1895b6c9f5656102b936b1bf57df5ad8c5e6c80b8

SHA256ab44276e45d9e5623db1442a21b17f69144e4617c40c8e3cd35bfcf1d8fa22d2

HTTP Headers

GET / HTTP/1.1
Host: dramms.2kool4u.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 19 Apr 2025 19:41:52 GMT
Content-Type: text/html
Content-Length: 844
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

GET suspended-website.com/g/images/g.jpg

0.0.0.0

0 B

URL

suspended-website.com/g/images/g.jpg

IP / ASN

0.0.0.0

Requested byhttp://suspended-website.com/k/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619463

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /g/images/g.jpg HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://suspended-website.com/
Cookie: _ga_TPL3V6D1KQ=GS1.1.1745091718.1.0.1745091718.0.0.0; _ga=GA1.1.916840318.1745091718
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache