Report - bnauth-click.zya.me/?i=1

Report Overview

Visited public
2025-05-31 16:37:26
Tags
URL
bnauth-click.zya.me/?i=1
Finishing URL
suspended-website.com/d/
IP / ASN
185.27.134.97
#34119 Wildcard UK Limited
Title
iFastNet.com Special offer and Discount Coupon

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
suspended-website.com	343547	2018-08-17	2018-08-19	2025-05-31	20 kB	810 kB	185.27.134.19
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-28	4.2 kB	2.5 MB	142.250.74.168
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-05-28	2.9 kB	369 kB	104.18.11.207
bnauth-click.zya.me	unknown	unknown	No data	No data	1.5 kB	16 kB	185.27.134.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed
2025-05-31	medium	suspended-website.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247	ScriptElement	359 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash ae445021c7083d26a3859340dc0f581e bfea4bb6f12592a950d1525c298d69a743be717d de67406440a5d877269ff9a3ee9654ea2ad90c82a7f99afa5a80ee18368c77ee Loading...

	suspended-website.com/d/	ScriptElement	341 B	2025-03-13	2025-06-04
Pretty URL suspended-website.com/d/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-04 16:47 Times Seen121 Hash a3ffb8b8883a988b5360ff03b611d95a 1143c4eb9ae8be2545b2cfca5518d66990c1367b e924e275cbf0e62da188a3961846d2181cc4f81883271ddf76f1d044e30a0a2f Loading...

	suspended-website.com/index.php?host=bnauth-click.zya.me	ScriptElement	341 B	2025-03-13	2025-06-04
Pretty URL suspended-website.com/index.php?host=bnauth-click.zya.me IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-04 16:47 Times Seen121 Hash a3ffb8b8883a988b5360ff03b611d95a 1143c4eb9ae8be2545b2cfca5518d66990c1367b e924e275cbf0e62da188a3961846d2181cc4f81883271ddf76f1d044e30a0a2f Loading...

	www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2h1v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247	ScriptElement	359 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2h1v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash 010ee19b763b73a4b87459cb5c8e8444 ae065a1401792a325e4a476a5e8307416f109f80 3039200023b19d5e6a687aa8ca366dc77f97d6140805bcbe08b14fe2889b990a Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-06-09
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-09 01:56 Times Seen29425 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9	ScriptElement	264 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash 2344ec8f70cdb840eb288e8a8d49ed67 307f1f240a159b1eb5b998810a63a59939a7a4e4 6e6d2cecc25c175961cdd084e2c78fffad5650fb07894c24438f0f710b484d01 Loading...

	suspended-website.com/d/	ScriptElement	93 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/d/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen120 Hash 44680c4cb7b1a13d35d7a9486b93db48 8b5ff0e7a93baee4764c31310e960b22a5040f05 cf7b09dc1397cb7ec6ecd5539da385f547e0aef8f20cdc8258260f34c41305d5 Loading...

	suspended-website.com/d/	ScriptElement	100 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/d/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen75 Hash 8f3ee1c4ce5d40d5bda6729f5570a268 759d99bc318040394b68a0c7f93dc80d8a0cde20 ca54903f209447ff9ac72d4b6fae1f8fc0995811beb9f875214bcc992616e473 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-06-09
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-09 01:56 Times Seen29425 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	suspended-website.com/h/	ScriptElement	341 B	2025-03-13	2025-06-04
Pretty URL suspended-website.com/h/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-04 16:47 Times Seen121 Hash a3ffb8b8883a988b5360ff03b611d95a 1143c4eb9ae8be2545b2cfca5518d66990c1367b e924e275cbf0e62da188a3961846d2181cc4f81883271ddf76f1d044e30a0a2f Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9	ScriptElement	264 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash 77e47a7a34c30542d8f0c52e17b9056d ebbf4f60b2d4635ef653ee71ade9815332d4a8f3 24bc5e8e78eb79ed0ef114e439f9b51dcf72ad171e2c68058082b7f090989df5 Loading...

	www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247	ScriptElement	359 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash 9fe83cf9e66129c4a186fad3f24885c6 91663ea91cbdf0e43e797f4715749dab3ca66248 c1671bf20b76087cb555f8222d13a2903d5cabe146456d0f8c6aa603df12b38c Loading...

	suspended-website.com/	ScriptElement	341 B	2025-03-13	2025-06-04
Pretty URL suspended-website.com/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-04 16:47 Times Seen121 Hash a3ffb8b8883a988b5360ff03b611d95a 1143c4eb9ae8be2545b2cfca5518d66990c1367b e924e275cbf0e62da188a3961846d2181cc4f81883271ddf76f1d044e30a0a2f Loading...

	suspended-website.com/	ScriptElement	103 B	2025-05-04	2025-05-31
Pretty URL suspended-website.com/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 19:02 Last Seen2025-05-31 16:37 Times Seen11 Hash 5a0252e35b697c119698fe64d50dde8e f8794ac1df6fa28d00066092989ddab5e45da95d 31188c1463df2a16dc1dd367695160390f39a0521e996c176544d7a38e8135fa Loading...

	suspended-website.com/d/	ScriptElement	43 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/d/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen122 Hash 53095aa8a1a84824506069c51cf56b28 ac4b8c00b617691c9fa2983f74c516dddd6ea5e8 246ffa27a9e3f7320d084c17b5e57370e48d63e1965dcff4757834f0f083eff3 Loading...

	suspended-website.com/d/	ScriptElement	73 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/d/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen121 Hash 3d03d722d6d22aa7e53ae92d2c168865 ce43e3d728b3d87af84f522a89b59aeee2ab3adf ade3a9d0db6e28dea9b26226aeb3eec852e9d07684668cac0016abaf557e00b4 Loading...

	bnauth-click.zya.me/?i=1	ScriptElement	607 B	2025-05-31	2025-05-31
Pretty URL bnauth-click.zya.me/?i=1 IP 185.27.134.97 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash 925da55b6479398b254e0cd9c419b5cd 579c2f0d467cc36769c507c66a5147687d590334 dc2ff28db619a0e371c937e000cd56dcfc9f7912b5fc37faf99e07f4e6a82276 Loading...

	suspended-website.com/h/	ScriptElement	156 B	2025-04-04	2025-05-31
Pretty URL suspended-website.com/h/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-04 12:04 Last Seen2025-05-31 16:37 Times Seen11 Hash 72fed3ab3ee36eed4df4f2e59f89b603 5da52fdd2b1dd633aac879b84346224f603567a2 9f2a83923fb923b5236c7015c7ef15285c9e8c5b323af4c4312585d39534a167 Loading...

	suspended-website.com/h/	ScriptElement	83 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/h/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen64 Hash 1bcc56c39c463c752f3c451bae1d1954 77ba99b26395560ecf5700a88dca724bce2c1369 771f95ec86425a84a45c7edb36794e57eec0df6bef7071016f9ce4b12c43bba6 Loading...

	suspended-website.com/h/	ScriptElement	43 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/h/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen122 Hash 53095aa8a1a84824506069c51cf56b28 ac4b8c00b617691c9fa2983f74c516dddd6ea5e8 246ffa27a9e3f7320d084c17b5e57370e48d63e1965dcff4757834f0f083eff3 Loading...

	suspended-website.com/h/	ScriptElement	73 B	2025-03-13	2025-06-05
Pretty URL suspended-website.com/h/ IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-13 02:42 Last Seen2025-06-05 09:04 Times Seen121 Hash 3d03d722d6d22aa7e53ae92d2c168865 ce43e3d728b3d87af84f522a89b59aeee2ab3adf ade3a9d0db6e28dea9b26226aeb3eec852e9d07684668cac0016abaf557e00b4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9	ScriptElement	264 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash b560139b0c22cd09c34f8b89ab2fbdfe ccbc2ce6289762100fedced5ffe9a53a045b5e41 74febaac0357c9f1d48ce989867559dd4909da301c2693c06b890549e5cf99c2 Loading...

	www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247	ScriptElement	359 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash ae445021c7083d26a3859340dc0f581e bfea4bb6f12592a950d1525c298d69a743be717d de67406440a5d877269ff9a3ee9654ea2ad90c82a7f99afa5a80ee18368c77ee Loading...

	bnauth-click.zya.me/aes.js	ScriptElement	14 kB	2023-10-15	2025-06-09
Pretty URL bnauth-click.zya.me/aes.js IP 185.27.134.97 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 19:29 Last Seen2025-06-09 00:24 Times Seen3175 Hash fc66e046447092c606f2587837f96874 fcf354a8044f494ee1f9fe868dde3f570f50e593 5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96 Loading...

	suspended-website.com/index.php?host=bnauth-click.zya.me	ScriptElement	103 B	2025-05-04	2025-05-31
Pretty URL suspended-website.com/index.php?host=bnauth-click.zya.me IP 185.27.134.19 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 19:52 Last Seen2025-05-31 16:37 Times Seen8 Hash 480a23ed64b003dd71c4a5f8fcee390a 6a7e7a6f7c77fa376bf4b8c9d3c7015c3065ecbb a0a5befaba7a227ac7a7c0c4dd5854256ba55dc56eb40653c5913e129345c188 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9	ScriptElement	264 kB	2025-05-31	2025-05-31
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 16:37 Last Seen2025-05-31 16:37 Times Seen1 Hash 3c067450680cdab2211b538a78842eae 4d622bc36ab3c65d549275fd5208e70965504f5f 381e22841e057da1e6d3cc5b2ef8cc21a3361244095e651ed4d6462e51e96421 Loading...

HTTP Transactions (54)

URL IP Response Size

suspended-website.com/JCB.gif

185.27.134.19

200 OK

1.7 kB

URL GET
suspended-website.com/JCB.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 52 x 40
Size
1.7 kB (1672 bytes)
Hash
5172d28e70898afe10a55baf9e971f75
553557d2fc06809ab4b53ce6d8c58482a0c06439
ff060c6ee3bf890b183488f70dcd8e23751d13bd8855a7bf0737e0509d51d361

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JCB.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 1672
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-688"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247

142.250.74.168

200 OK

359 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/d/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
359 kB (358764 bytes)
Hash
ae445021c7083d26a3859340dc0f581e
bfea4bb6f12592a950d1525c298d69a743be717d
de67406440a5d877269ff9a3ee9654ea2ad90c82a7f99afa5a80ee18368c77ee

HTTP Headers

GET /gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:18 GMT
expires: Sat, 31 May 2025 16:37:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 123348
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

suspended-website.com/laser.gif

185.27.134.19

200 OK

1.1 kB

URL GET
suspended-website.com/laser.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 36 x 40
Size
1.1 kB (1105 bytes)
Hash
108fb5c8584a064f33a1093b472944fa
ff1df0f23a3c5176feabf211858a021050c698e9
65a5093a1d6e9eab7c904a3b5a261c0564ec87634cd08d8cd5bdffd2c744f66a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /laser.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 1105
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-451"
Accept-Ranges: bytes

suspended-website.com/h/images/ifastnet.png

185.27.134.19

200 OK

18 kB

URL GET
suspended-website.com/h/images/ifastnet.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 240 x 75, 8-bit/color RGBA, non-interlaced
Size
18 kB (18188 bytes)
Hash
f4451b9611b3cc72a9a6f951f3f4f935
4e98794d2d79147fbd4e01cfa13bc81e3856a60d
6fb0c6372a2e62ae48e04bfe81bbb7f3d66ffa43a6158f127fb24614ee13316f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /h/images/ifastnet.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/png
Content-Length: 18188
Last-Modified: Sun, 23 Sep 2018 11:25:09 GMT
Connection: keep-alive
ETag: "5ba77815-470c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

suspended-website.com/favicon.ico

185.27.134.19

200 OK

805 B

URL GET
suspended-website.com/favicon.ico
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
JavaScript source, ASCII text
Size
805 B (805 bytes)
Hash
d7ffe603db502a88ad2d8a8fd2efe230
b7efe589ae783d4e18bf291931b320a4e6dd776c
3fd48d989c7366b2b71699e468e1b068f39736d3b6794201d9cefe5425de0f35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709426$j59$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

142.250.74.168

200 OK

264 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/d/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2587)
Size
264 kB (263863 bytes)
Hash
b560139b0c22cd09c34f8b89ab2fbdfe
ccbc2ce6289762100fedced5ffe9a53a045b5e41
74febaac0357c9f1d48ce989867559dd4909da301c2693c06b890549e5cf99c2

HTTP Headers

GET /gtm.js?id=GTM-M2K2KL9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:18 GMT
expires: Sat, 31 May 2025 16:37:18 GMT
cache-control: private, max-age=900
last-modified: Sat, 31 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 91520
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

suspended-website.com/d/images/backgroundblue.png

185.27.134.19

200 OK

124 kB

URL GET
suspended-website.com/d/images/backgroundblue.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 101 x 1400, 8-bit/color RGB, non-interlaced
Size
124 kB (123734 bytes)
Hash
f5b3a161ce671abd69d10af88bd0b780
fb4a5fa4fd332d74f4bc598692dadd733a146520
647062294b782e82fe92da08ba86bec487e792dc41b49731db41c3ed8fe980ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d/images/backgroundblue.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/png
Content-Length: 123734
Last-Modified: Sun, 23 Sep 2018 11:25:10 GMT
Connection: keep-alive
ETag: "5ba77816-1e356"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

suspended-website.com/JCB.gif

185.27.134.19

200 OK

1.7 kB

URL GET
suspended-website.com/JCB.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 52 x 40
Size
1.7 kB (1672 bytes)
Hash
5172d28e70898afe10a55baf9e971f75
553557d2fc06809ab4b53ce6d8c58482a0c06439
ff060c6ee3bf890b183488f70dcd8e23751d13bd8855a7bf0737e0509d51d361

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JCB.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 1672
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-688"
Accept-Ranges: bytes

www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

142.250.74.168

200 OK

264 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2587)
Size
264 kB (263863 bytes)
Hash
2344ec8f70cdb840eb288e8a8d49ed67
307f1f240a159b1eb5b998810a63a59939a7a4e4
6e6d2cecc25c175961cdd084e2c78fffad5650fb07894c24438f0f710b484d01

HTTP Headers

GET /gtm.js?id=GTM-M2K2KL9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:16 GMT
expires: Sat, 31 May 2025 16:37:16 GMT
cache-control: private, max-age=900
last-modified: Sat, 31 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 91526
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.11.207

200 OK

37 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://suspended-website.com/d/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
JavaScript source, ASCII text, with very long lines (32033)
Size
37 kB (37045 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 May 2025 16:37:17 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6333b80dd72321c8266416f38d4f25b2
cdn-cache: HIT
cdn-requesttime: 0
cf-cache-status: HIT
age: 2430917
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9487e5231a5e712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suspended-website.com/index.php?host=bnauth-click.zya.me

185.27.134.19

200 OK

805 B

URL User Request GET
suspended-website.com/index.php?host=bnauth-click.zya.me
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
JavaScript source, ASCII text
Size
805 B (805 bytes)
Hash
c7752e5dd6bc0b1e379c58392e80ce12
6cdf5efb1bba2a40d98ca335aec121f8336fb872
be9a88bb7ec46ec14e08736b7bb18df8ddf8df1f6d1145c7b9bb63d4a0cf204c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.php?host=bnauth-click.zya.me HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

142.250.74.168

200 OK

264 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/index.php?host=bnauth-click.zya.me
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2587)
Size
264 kB (263863 bytes)
Hash
3c067450680cdab2211b538a78842eae
4d622bc36ab3c65d549275fd5208e70965504f5f
381e22841e057da1e6d3cc5b2ef8cc21a3361244095e651ed4d6462e51e96421

HTTP Headers

GET /gtm.js?id=GTM-M2K2KL9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:05 GMT
expires: Sat, 31 May 2025 16:37:05 GMT
cache-control: private, max-age=900
last-modified: Sat, 31 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 91525
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

suspended-website.com/h/

185.27.134.19

200 OK

5.2 kB

URL User Request GET
suspended-website.com/h/
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
HTML document, ASCII text
Size
5.2 kB (5230 bytes)
Hash
814bc162fb0e07f9b6b9ced0e0db613a
11b9b5faa51dff35f33a389ec7d82686572313e9
7cce0a4bd67fd2e7d752aaa2f822cba3b621448783ef90829fc6693b22798108

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /h/ HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/index.php?host=bnauth-click.zya.me
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:05 GMT
Content-Type: text/html
Content-Length: 5230
Last-Modified: Wed, 06 Mar 2024 08:34:14 GMT
Connection: keep-alive
ETag: "65e82a86-146e"
Accept-Ranges: bytes

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.11.207

200 OK

37 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://suspended-website.com/h/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
JavaScript source, ASCII text, with very long lines (32033)
Size
37 kB (37045 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 May 2025 16:37:06 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6333b80dd72321c8266416f38d4f25b2
cdn-cache: HIT
cdn-requesttime: 0
cf-cache-status: HIT
age: 2430906
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9487e4d94e5b712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suspended-website.com/mastercard.gif

185.27.134.19

200 OK

709 B

URL GET
suspended-website.com/mastercard.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 62 x 40
Size
709 B (709 bytes)
Hash
1e720b07845702afe9fdae261f35ca86
63d65597e44b77c31abb46b18a5978f1b1e7ac5f
070360778f733cf27020baa93d0de59c24f76a4d62be31271c336a48902db589

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mastercard.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 709
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-2c5"
Accept-Ranges: bytes

suspended-website.com/visa_electron.gif

185.27.134.19

200 OK

3.0 kB

URL GET
suspended-website.com/visa_electron.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 64 x 40
Size
3.0 kB (3031 bytes)
Hash
63380435bb880533d140cc357e289a41
84be72c2964ae4362723f67da0f42151335b10ab
d8bd24c799999e5391886682295810a1324ae9a74e66b8a2cbc0f1ef6f30e367

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visa_electron.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 3031
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-bd7"
Accept-Ranges: bytes

suspended-website.com/ELV.gif

185.27.134.19

200 OK

682 B

URL GET
suspended-website.com/ELV.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 40 x 40
Size
682 B (682 bytes)
Hash
c219ebab1ec147ea03930eef086a00ca
1791b33de02968c38097f6074a1a18400bef6293
f8e5a3fb5c87db5635b47ed5bae27a0fe470e01b1660104a75e298d4a37fb291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ELV.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 682
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-2aa"
Accept-Ranges: bytes

suspended-website.com/

185.27.134.19

200 OK

805 B

URL User Request GET
suspended-website.com/
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
JavaScript source, ASCII text
Size
805 B (805 bytes)
Hash
7acce6da04ff1c66e0eeaa4e4cfed7f9
47d78d60faa1031bb6ab16c890a1e9e6c8328ce8
01d3fea83935310b7b0e96d485d110b5a48650472624578cc733c8792ef0a98f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709426$j59$l0$h0; _ga=GA1.1.1337647815.1748709426
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

bnauth-click.zya.me/aes.js

185.27.134.97

200 OK

14 kB

URL GET
bnauth-click.zya.me/aes.js
IP
185.27.134.97:443
ASN
#34119 Wildcard UK Limited

Requested by
https://bnauth-click.zya.me/?i=1
Certificate
IssuerZeroSSL
Subjectzya.me
Fingerprint77:17:1C:34:C8:9F:41:C0:1F:07:65:08:D4:E5:8D:43:39:48:ED:FE
ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT

File type
ASCII text, with very long lines (13733), with no line terminators
Size
14 kB (13733 bytes)
Hash
fc66e046447092c606f2587837f96874
fcf354a8044f494ee1f9fe868dde3f570f50e593
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

HTTP Headers

GET /aes.js HTTP/1.1
Host: bnauth-click.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bnauth-click.zya.me/?i=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 31 May 2025 16:37:04 GMT
Content-Type: application/javascript
Content-Length: 13733
Last-Modified: Sun, 15 Oct 2023 16:49:09 GMT
Connection: keep-alive
ETag: "652c1805-35a5"
Accept-Ranges: bytes

suspended-website.com/visa_debit.gif

185.27.134.19

200 OK

2.4 kB

URL GET
suspended-website.com/visa_debit.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 66 x 40
Size
2.4 kB (2442 bytes)
Hash
39eb00a359b1e7889e8fc1492e6e8b54
d29360ad2a8ceb9e3b1acbbb5cb3152c6d07d435
06a0da77e15940e1f2fca30d2a86f811cd374210110291d192c9889f9bcb6658

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visa_debit.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 2442
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-98a"
Accept-Ranges: bytes

suspended-website.com/favicon.ico

185.27.134.19

200 OK

805 B

URL GET
suspended-website.com/favicon.ico
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
JavaScript source, ASCII text
Size
805 B (805 bytes)
Hash
b151e3c97b296072dff504c322b61a4c
e4ca1701a3d98235e3d27c66bea17ccd6514244c
505a8c1d219bef8b4d37ee70e9293606c05d8e77a06ec0bdd7f4e9dd84895e83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

suspended-website.com/AMEX.gif

185.27.134.19

200 OK

558 B

URL GET
suspended-website.com/AMEX.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 43 x 40
Size
558 B (558 bytes)
Hash
04180b3ee4b5c82c61ba1a91ee19a730
f084fd81f12ef45167bf670cac343730a6a06126
0c00b435dc46da8c2de0feab8d8de208e5e996920fcc2ebbb5e68678d09d504f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /AMEX.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 558
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-22e"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2h1v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247

142.250.74.168

200 OK

359 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2h1v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/index.php?host=bnauth-click.zya.me
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
359 kB (358781 bytes)
Hash
010ee19b763b73a4b87459cb5c8e8444
ae065a1401792a325e4a476a5e8307416f109f80
3039200023b19d5e6a687aa8ca366dc77f97d6140805bcbe08b14fe2889b990a

HTTP Headers

GET /gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2h1v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:05 GMT
expires: Sat, 31 May 2025 16:37:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 123213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

suspended-website.com/f/images/backgroundblue.png

185.27.134.19

200 OK

124 kB

URL GET
suspended-website.com/f/images/backgroundblue.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 101 x 1400, 8-bit/color RGB, non-interlaced
Size
124 kB (123734 bytes)
Hash
f5b3a161ce671abd69d10af88bd0b780
fb4a5fa4fd332d74f4bc598692dadd733a146520
647062294b782e82fe92da08ba86bec487e792dc41b49731db41c3ed8fe980ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f/images/backgroundblue.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/png
Content-Length: 123734
Last-Modified: Sun, 23 Sep 2018 11:25:10 GMT
Connection: keep-alive
ETag: "5ba77816-1e356"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.11.207

200 OK

121 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://suspended-website.com/d/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 May 2025 16:37:17 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 02/25/2025 23:55:13
cdn-proxyver: 1.19
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1077
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 0507317c7bf66af2351ac2031d3b36eb
cdn-cache: HIT
cf-cache-status: HIT
age: 1940347
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9487e5231a4e712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suspended-website.com/d/

185.27.134.19

200 OK

4.9 kB

URL User Request GET
suspended-website.com/d/
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
HTML document, ASCII text
Size
4.9 kB (4946 bytes)
Hash
effac5006d2924f25796a927ea6ae9a7
c4068880ebfdf164845dd224c5adc3d9823c80aa
5541a6102f3635982f1c6fee99b823e0a08dac48742e9630b69f070016d9944b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d/ HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:17 GMT
Content-Type: text/html
Content-Length: 4946
Last-Modified: Wed, 19 Jul 2023 13:46:39 GMT
Connection: keep-alive
ETag: "64b7e93f-1352"
Accept-Ranges: bytes

suspended-website.com/favicon.ico

185.27.134.19

200 OK

805 B

URL GET
suspended-website.com/favicon.ico
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
JavaScript source, ASCII text
Size
805 B (805 bytes)
Hash
02a0015965162b9a154f2ae55577204d
ef02111d0d90c992fab67083f11e4a72336b874d
0c8a690baf0959c128b0ca6935bfe19aad2b7f32fc8eb70a9b6623d3e8e0b375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

suspended-website.com/favicon.ico

185.27.134.19

200 OK

805 B

URL GET
suspended-website.com/favicon.ico
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/index.php?host=bnauth-click.zya.me
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
JavaScript source, ASCII text
Size
805 B (805 bytes)
Hash
d7ffe603db502a88ad2d8a8fd2efe230
b7efe589ae783d4e18bf291931b320a4e6dd776c
3fd48d989c7366b2b71699e468e1b068f39736d3b6794201d9cefe5425de0f35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/index.php?host=bnauth-click.zya.me
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

104.18.11.207

200 OK

23 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://suspended-website.com/h/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
ASCII text, with very long lines (23192)
Size
23 kB (23409 bytes)
Hash
ab6b02efeaf178e0247b9504051472fb
8256575374f430476bdcd49de98c77990229ce31
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 May 2025 16:37:06 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"ab6b02efeaf178e0247b9504051472fb"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 7beb082255b1e931d24a836e8f423f4c
cdn-cache: HIT
cdn-requesttime: 0
cf-cache-status: HIT
age: 2428991
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9487e4d94e56712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suspended-website.com/h/images/oogd.png

185.27.134.19

200 OK

116 kB

URL GET
suspended-website.com/h/images/oogd.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 603 x 458, 8-bit/color RGB, non-interlaced
Size
116 kB (116089 bytes)
Hash
85a64646a189930536d6ed54a39c3b07
a8679ed06789934cef70d165cb460254b2deb7e4
ebdbe575c6872208a214250d5d47a3ceaa50cda750edf9a92bc4fd9055a06a53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /h/images/oogd.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/png
Content-Length: 116089
Last-Modified: Sun, 23 Sep 2018 11:25:09 GMT
Connection: keep-alive
ETag: "5ba77815-1c579"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

104.18.11.207

200 OK

23 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://suspended-website.com/d/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
ASCII text, with very long lines (23192)
Size
23 kB (23409 bytes)
Hash
ab6b02efeaf178e0247b9504051472fb
8256575374f430476bdcd49de98c77990229ce31
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 May 2025 16:37:17 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"ab6b02efeaf178e0247b9504051472fb"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 7beb082255b1e931d24a836e8f423f4c
cdn-cache: HIT
cdn-requesttime: 0
cf-cache-status: HIT
age: 2429002
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9487e5231a54712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.11.207

200 OK

121 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://suspended-website.com/h/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://suspended-website.com
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 May 2025 16:37:06 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 02/25/2025 23:55:13
cdn-proxyver: 1.19
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1077
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 0507317c7bf66af2351ac2031d3b36eb
cdn-cache: HIT
cf-cache-status: HIT
age: 1940336
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9487e4d93e32712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suspended-website.com/2co11.jpg

185.27.134.19

200 OK

8.4 kB

URL GET
suspended-website.com/2co11.jpg
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 94 x 54, 8-bit/color RGBA, non-interlaced
Size
8.4 kB (8363 bytes)
Hash
3cfd0c2bce4455fd4dae042e07effb6f
19b7b698a5fc951be35f51d83e162312bf03ba91
14dceeb23e61280103e57d809dfa132168fe087df2222b2ddbabf8ab9e20b655

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2co11.jpg HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/jpeg
Content-Length: 8363
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-20ab"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9

142.250.74.168

200 OK

264 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-M2K2KL9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/h/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2587)
Size
264 kB (263863 bytes)
Hash
77e47a7a34c30542d8f0c52e17b9056d
ebbf4f60b2d4635ef653ee71ade9815332d4a8f3
24bc5e8e78eb79ed0ef114e439f9b51dcf72ad171e2c68058082b7f090989df5

HTTP Headers

GET /gtm.js?id=GTM-M2K2KL9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:06 GMT
expires: Sat, 31 May 2025 16:37:06 GMT
cache-control: private, max-age=900
last-modified: Sat, 31 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 91522
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

suspended-website.com/maestro.gif

185.27.134.19

200 OK

1.3 kB

URL GET
suspended-website.com/maestro.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 63 x 40
Size
1.3 kB (1259 bytes)
Hash
618e71ec2e6eaec9a1b07c22a8c57328
538707864db64379566f05d70c88ea52ff0d91b9
6d6614f8558be21c37174b8747d499f20723def8ac133d5db6b211df10bd8a8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /maestro.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 1259
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-4eb"
Accept-Ranges: bytes

suspended-website.com/visa_electron.gif

185.27.134.19

200 OK

3.0 kB

URL GET
suspended-website.com/visa_electron.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 64 x 40
Size
3.0 kB (3031 bytes)
Hash
63380435bb880533d140cc357e289a41
84be72c2964ae4362723f67da0f42151335b10ab
d8bd24c799999e5391886682295810a1324ae9a74e66b8a2cbc0f1ef6f30e367

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visa_electron.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 3031
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-bd7"
Accept-Ranges: bytes

suspended-website.com/ELV.gif

185.27.134.19

200 OK

682 B

URL GET
suspended-website.com/ELV.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 40 x 40
Size
682 B (682 bytes)
Hash
c219ebab1ec147ea03930eef086a00ca
1791b33de02968c38097f6074a1a18400bef6293
f8e5a3fb5c87db5635b47ed5bae27a0fe470e01b1660104a75e298d4a37fb291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ELV.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 682
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-2aa"
Accept-Ranges: bytes

suspended-website.com/a/images/a.png

185.27.134.19

200 OK

337 kB

URL GET
suspended-website.com/a/images/a.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 1226 x 693, 8-bit/color RGBA, non-interlaced
Size
337 kB (337195 bytes)
Hash
ed3183a637727f5e10478f7ce975a83b
8212a223034ee94c49b62e17e9aed83aa1d372c2
ab4fa65ebb2eedf1f65fe4dc59f8c212a7fa448d90bdc026a2a8618c0c3219d8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a/images/a.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:17 GMT
Content-Type: image/png
Content-Length: 337195
Last-Modified: Sun, 23 Sep 2018 11:25:11 GMT
Connection: keep-alive
ETag: "5ba77817-5252b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

suspended-website.com/alipay-small-whitebg.png

185.27.134.19

200 OK

7.2 kB

URL GET
suspended-website.com/alipay-small-whitebg.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 268 x 80, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7198 bytes)
Hash
113e8ad310298f91dd053b2f0d862651
942305e037e1f20c6f899ac49a5c7af83d2974df
ce2ae198d2de949a94aa3106d5738cd5ffa24826770172efb907dc100c38267d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /alipay-small-whitebg.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/png
Content-Length: 7198
Last-Modified: Fri, 22 May 2020 08:34:54 GMT
Connection: keep-alive
ETag: "5ec78eae-1c1e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247

142.250.74.168

200 OK

359 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
359 kB (358764 bytes)
Hash
ae445021c7083d26a3859340dc0f581e
bfea4bb6f12592a950d1525c298d69a743be717d
de67406440a5d877269ff9a3ee9654ea2ad90c82a7f99afa5a80ee18368c77ee

HTTP Headers

GET /gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351866~103351868~104481633~104481635~104559073~104559075~104612245~104612247 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:17 GMT
expires: Sat, 31 May 2025 16:37:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 123348
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

suspended-website.com/2co11.jpg

185.27.134.19

200 OK

8.4 kB

URL GET
suspended-website.com/2co11.jpg
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 94 x 54, 8-bit/color RGBA, non-interlaced
Size
8.4 kB (8363 bytes)
Hash
3cfd0c2bce4455fd4dae042e07effb6f
19b7b698a5fc951be35f51d83e162312bf03ba91
14dceeb23e61280103e57d809dfa132168fe087df2222b2ddbabf8ab9e20b655

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2co11.jpg HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/jpeg
Content-Length: 8363
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-20ab"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

suspended-website.com/alipay-small-whitebg.png

185.27.134.19

200 OK

7.2 kB

URL GET
suspended-website.com/alipay-small-whitebg.png
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
PNG image data, 268 x 80, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7198 bytes)
Hash
113e8ad310298f91dd053b2f0d862651
942305e037e1f20c6f899ac49a5c7af83d2974df
ce2ae198d2de949a94aa3106d5738cd5ffa24826770172efb907dc100c38267d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /alipay-small-whitebg.png HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/png
Content-Length: 7198
Last-Modified: Fri, 22 May 2020 08:34:54 GMT
Connection: keep-alive
ETag: "5ec78eae-1c1e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

bnauth-click.zya.me/?i=1

185.27.134.97

200 OK

846 B

URL User Request GET
bnauth-click.zya.me/?i=1
IP
185.27.134.97:443
ASN
#34119 Wildcard UK Limited

Certificate
IssuerZeroSSL
Subjectzya.me
Fingerprint77:17:1C:34:C8:9F:41:C0:1F:07:65:08:D4:E5:8D:43:39:48:ED:FE
ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (846), with no line terminators
Size
846 B (846 bytes)
Hash
1b460b7f2b1952960880047f7229fa52
4b2e1c96f8ce0574f65cb787f38315f8a3030ee3
78455a945ba6c900bb62feef634a0771ed111f98c635b0a92f0aad47a0f9891d

HTTP Headers

GET /?i=1 HTTP/1.1
Host: bnauth-click.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 31 May 2025 16:37:04 GMT
Content-Type: text/html
Content-Length: 846
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

suspended-website.com/diners.gif

185.27.134.19

200 OK

2.5 kB

URL GET
suspended-website.com/diners.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 62 x 40
Size
2.5 kB (2504 bytes)
Hash
d2eb8e8405a9c28b53585f22c4f081c0
3270daa45b4d443a3bccf9aec301601300186ca0
06595c098d5353960932c86e86dc03f77af77d6d5cfca543a9e9b95cc2dcc3a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /diners.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 2504
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-9c8"
Accept-Ranges: bytes

bnauth-click.zya.me/?i=2

185.27.134.97

302 Found

805 B

URL User Request GET
bnauth-click.zya.me/?i=2
IP
185.27.134.97:443
ASN
#34119 Wildcard UK Limited

Certificate
IssuerZeroSSL
Subjectzya.me
Fingerprint77:17:1C:34:C8:9F:41:C0:1F:07:65:08:D4:E5:8D:43:39:48:ED:FE
ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT

File type

Size
805 B (805 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?i=2 HTTP/1.1
Host: bnauth-click.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bnauth-click.zya.me/?i=1
Cookie: __test=579269e5c08f6327dff961c8802300cd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: openresty
Date: Sat, 31 May 2025 16:37:04 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 247
Connection: keep-alive
Location: http://suspended-website.com/index.php?host=bnauth-click.zya.me
Cache-Control: max-age=0
Expires: Sat, 31 May 2025 16:37:04 GMT

suspended-website.com/maestro.gif

185.27.134.19

200 OK

1.3 kB

URL GET
suspended-website.com/maestro.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 63 x 40
Size
1.3 kB (1259 bytes)
Hash
618e71ec2e6eaec9a1b07c22a8c57328
538707864db64379566f05d70c88ea52ff0d91b9
6d6614f8558be21c37174b8747d499f20723def8ac133d5db6b211df10bd8a8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /maestro.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 1259
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-4eb"
Accept-Ranges: bytes

suspended-website.com/poweredByWorldPay.gif

185.27.134.19

200 OK

3.9 kB

URL GET
suspended-website.com/poweredByWorldPay.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 139 x 33
Size
3.9 kB (3862 bytes)
Hash
a4f9362c7bdf471440ef07a0bb66ef5c
d45ff2bfd8d5d9dd21c6f90138a025ea93034381
ebc7d18a4ca1a678db3395431336394cd41b0235655c72abed86c8e1ed91c783

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /poweredByWorldPay.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 3862
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-f16"
Accept-Ranges: bytes

142.250.74.168

200 OK

359 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://suspended-website.com/h/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
359 kB (358764 bytes)
Hash
9fe83cf9e66129c4a186fad3f24885c6
91663ea91cbdf0e43e797f4715749dab3ca66248
c1671bf20b76087cb555f8222d13a2903d5cabe146456d0f8c6aa603df12b38c

HTTP Headers

GET /gtag/js?id=G-TPL3V6D1KQ&cx=c&gtm=45He55s2v838183051za200&tag_exp=101509157~103116026~103200004~103233427~103252644~103252646~103351869~103351871~104481633~104481635~104559073~104559075~104612245~104612247 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 May 2025 16:37:06 GMT
expires: Sat, 31 May 2025 16:37:06 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 123351
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

suspended-website.com/diners.gif

185.27.134.19

200 OK

2.5 kB

URL GET
suspended-website.com/diners.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 62 x 40
Size
2.5 kB (2504 bytes)
Hash
d2eb8e8405a9c28b53585f22c4f081c0
3270daa45b4d443a3bccf9aec301601300186ca0
06595c098d5353960932c86e86dc03f77af77d6d5cfca543a9e9b95cc2dcc3a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /diners.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 2504
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-9c8"
Accept-Ranges: bytes

suspended-website.com/poweredByWorldPay.gif

185.27.134.19

200 OK

3.9 kB

URL GET
suspended-website.com/poweredByWorldPay.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 139 x 33
Size
3.9 kB (3862 bytes)
Hash
a4f9362c7bdf471440ef07a0bb66ef5c
d45ff2bfd8d5d9dd21c6f90138a025ea93034381
ebc7d18a4ca1a678db3395431336394cd41b0235655c72abed86c8e1ed91c783

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /poweredByWorldPay.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 3862
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-f16"
Accept-Ranges: bytes

suspended-website.com/laser.gif

185.27.134.19

200 OK

1.1 kB

URL GET
suspended-website.com/laser.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/h/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 36 x 40
Size
1.1 kB (1105 bytes)
Hash
108fb5c8584a064f33a1093b472944fa
ff1df0f23a3c5176feabf211858a021050c698e9
65a5093a1d6e9eab7c904a3b5a261c0564ec87634cd08d8cd5bdffd2c744f66a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /laser.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/h/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g0$t1748709425$j60$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:06 GMT
Content-Type: image/gif
Content-Length: 1105
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-451"
Accept-Ranges: bytes

suspended-website.com/visa_debit.gif

185.27.134.19

200 OK

2.4 kB

URL GET
suspended-website.com/visa_debit.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 66 x 40
Size
2.4 kB (2442 bytes)
Hash
39eb00a359b1e7889e8fc1492e6e8b54
d29360ad2a8ceb9e3b1acbbb5cb3152c6d07d435
06a0da77e15940e1f2fca30d2a86f811cd374210110291d192c9889f9bcb6658

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visa_debit.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 2442
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-98a"
Accept-Ranges: bytes

suspended-website.com/mastercard.gif

185.27.134.19

200 OK

709 B

URL GET
suspended-website.com/mastercard.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 62 x 40
Size
709 B (709 bytes)
Hash
1e720b07845702afe9fdae261f35ca86
63d65597e44b77c31abb46b18a5978f1b1e7ac5f
070360778f733cf27020baa93d0de59c24f76a4d62be31271c336a48902db589

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mastercard.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 709
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-2c5"
Accept-Ranges: bytes

suspended-website.com/AMEX.gif

185.27.134.19

200 OK

558 B

URL GET
suspended-website.com/AMEX.gif
IP
185.27.134.19:443
ASN
#34119 Wildcard UK Limited

Requested by
https://suspended-website.com/d/
Certificate
IssuerLet's Encrypt
Subjectsuspended-website.com
FingerprintC5:86:4E:CF:69:C3:DB:82:E9:1C:AD:90:91:BB:53:B3:60:08:0B:D9
ValiditySat, 03 May 2025 12:09:48 GMT - Fri, 01 Aug 2025 12:09:47 GMT

File type
GIF image data, version 89a, 43 x 40
Size
558 B (558 bytes)
Hash
04180b3ee4b5c82c61ba1a91ee19a730
f084fd81f12ef45167bf670cac343730a6a06126
0c00b435dc46da8c2de0feab8d8de208e5e996920fcc2ebbb5e68678d09d504f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /AMEX.gif HTTP/1.1
Host: suspended-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://suspended-website.com/d/
Cookie: _ga_TPL3V6D1KQ=GS2.1.s1748709425$o1$g1$t1748709437$j48$l0$h0; _ga=GA1.1.1337647815.1748709426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.0
Date: Sat, 31 May 2025 16:37:18 GMT
Content-Type: image/gif
Content-Length: 558
Last-Modified: Thu, 21 Nov 2019 14:36:21 GMT
Connection: keep-alive
ETag: "5dd6a0e5-22e"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML