| babesnearyou.com/de/multi/ms/2-252402/img/logo.png | 188.114.97.1 | 200 OK | 9.0 kB |
URL GET HTTP/3babesnearyou.com/de/multi/ms/2-252402/img/logo.png IP188.114.97.1:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typePNG image data, 334 x 172, 8-bit/color RGBA, non-interlaced Hashf24a4f2fe552a16cd108fe94a5531dbd 8300575a56cd3ad81b47e7d9b027d85646ba0d6e 03cf32f3d203c9b5a8989ac563720fae3c9c915e8b82e8771a72e25817822ce1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /de/multi/ms/2-252402/img/logo.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: image/png
content-length: 8981
last-modified: Thu, 15 Feb 2024 18:46:35 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tf%2B745OPJoar9yzudZQ%2F5OX2oobpBq%2BHOZvsL8f4Nh7HgcmsB4rbQmbvQer7ghXvXtArcBeh%2B%2BP9c9fDaDj7Y88mvhl8UJpghMcDrKiQPaFMZkgbxAwPCsTBnZVFwqOKbCzZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf10a38b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| code.jquery.com/jquery-3.5.1.min.js | 151.101.66.137 | 200 OK | 31 kB |
URL GET HTTP/2code.jquery.com/jquery-3.5.1.min.js IP151.101.66.137:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 18:11:17 GMT
age: 961649
x-served-by: cache-lga21981-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 64, 21488
x-timer: S1715105477.385288,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/de/multi/ms/2-252402/img/main.webp | 188.114.97.1 | 200 OK | 547 kB |
URL GET HTTP/3babesnearyou.com/de/multi/ms/2-252402/img/main.webp IP188.114.97.1:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeRIFF (little-endian) data, Web/P image Size547 kB (547274 bytes) Hash3bd66634e02b6827a549b3566a4fc71d f58fa8c092f0d8a7196d9fd2c24830ae4aef3b4e 6baf06b328943b1b1943c2f738618b5509afff998553d2143f058afe4bdc8826
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /de/multi/ms/2-252402/img/main.webp HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: image/webp
content-length: 547274
last-modified: Thu, 15 Feb 2024 18:46:36 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8i0McmMCceiwoQH0yap1ClEd3NZS4KgGE7XUzCtuwqfzdS6Z9fIlcZapa4w9hPeTspvlvxAyVDy%2BnU%2BSZGJZB1RBmkXigB%2BsfY3tUF7kbQcA1jiZMbtZcCLZO1FCoHXV4Zp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf10a3eb51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| babesnearyou.com/de/multi/ms/2-252402/img/favicon.png | 188.114.97.1 | 200 OK | 935 B |
URL GET HTTP/3babesnearyou.com/de/multi/ms/2-252402/img/favicon.png IP188.114.97.1:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash72a7aa3560f3def2027ee620204dd909 d13ab2951dd65b68ce4bf246e0a8651f76144068 697389bfeadc7321032cb6c7946d0eb1772af5c9d127ff62c5e9cc56ef8c4d0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /de/multi/ms/2-252402/img/favicon.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: image/png
content-length: 935
last-modified: Thu, 15 Feb 2024 18:46:35 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yZFXInnj7RjYPRM88NZOv69wDorOot%2FOzWsZrTG%2FW2SfE4YN7m8kYYlbcQam%2BhKATZOGounuslCo3XVnvzM6cVtu8yX385NSrtXwuFQQQ766d1tKdWHxLxZpPxWFWkS5pWXE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf3ce38b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be | 188.114.97.1 | 200 OK | 6.0 kB |
URL User Request GET HTTP/2babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash4ff4b9d382fe7c53bb124bd91f170498 890a5a067478eedd9a8d453021d4cf2b020b0bf9 1008752309a95bc54b93a8f3c8ac2248d1cdca800b4fed2805921db7a89294c6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O70XNPOehrJezqMYhiMy60RhHPNYw0zWPy0q%2FPLov0FWCoVeZUGRRCKISYUEnkBNFrqJNB6CZ5gAybRvGt31WUUW6ofyomYcHXLeAHvsLGHsgd4qRw5Iao7lK12E4iWbS2Io"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88032bef1edf0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/de/multi/ms/2-252402/style/style.css | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3babesnearyou.com/de/multi/ms/2-252402/style/style.css IP188.114.97.1:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
Hash59f275db12b959777a908553c897c933 41f2e84b93e22cf87832793c35285b649a4ee3a9 d67b5d6016182cba664d4c579b2d42b78e46cfe7019baa655c2a9641a4e821c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /de/multi/ms/2-252402/style/style.css HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 15 Feb 2024 18:46:38 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DXffvO6ilJyCTiAoeIBwLXub%2BJi5e1cseZw7W0KrRXAUFKkTg691WBGcBSzuoI60QWlBa4KVCJXwcqMthPpS92eURynaVVePMU8HwV0Uxe%2F5cVrNzRjGCDokttMDc96Rilbr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88032bf10a30b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zeniocloud.com/JAIA.js?sub1=babesnearyou.com | 104.21.25.245 | 200 OK | 0 B |
URL GET HTTP/2zeniocloud.com/JAIA.js?sub1=babesnearyou.com IP104.21.25.245:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerGoogle Trust Services LLC Subjectzeniocloud.com FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37 ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5396
last-modified: Tue, 07 May 2024 16:41:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkYgTPGuRFatwdmnom5H4xTC65WefRfP5efWZSK7TAdhxlkrqxnSTgebtAuD9C%2Fe2P9PwCalftwR%2BqQTjEiNk%2FmX0dL6Q1mTN7%2FJKw7Uz0xoXyUd4YBFGK48bU7HFiDnBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf158c80afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| static.production.push-sender.com/mng/channels/init.min.js?ver=1708011915 | 143.204.55.81 | 200 OK | 28 kB |
URL GET HTTP/2static.production.push-sender.com/mng/channels/init.min.js?ver=1708011915 IP143.204.55.81:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerAmazon Subjectproduction.push-sender.com FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0
GET /mng/channels/init.min.js?ver=1708011915 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 05:42:35 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: STro_sNhk9cGXCqddwoW0aajY66_qnqhm2wdJr37_UhZ6k0hoKUf0w==
age: 52402
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/de/multi/ms/2-252402/js/backoffer.js | 188.114.97.1 | 200 OK | 430 B |
URL GET HTTP/3babesnearyou.com/de/multi/ms/2-252402/js/backoffer.js IP188.114.97.1:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeJavaScript source, ASCII text, with very long lines (430), with no line terminators Hash6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /de/multi/ms/2-252402/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Thu, 15 Feb 2024 18:46:37 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1DBY%2Bu39Wm6bYHfM4GQBho9HVWQ04N3CSTGbI1fzpgr20PDZ%2BcmWB5nfN5FsxNcyVa5GA%2FJCOKxkPJ0KbXVzEHnK3EtqoDUmxD1IyfPEnSggL41zYCnitU5%2BZyhY0pJCu0%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88032bf11a48b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= | 172.67.204.112 | 200 OK | 0 B |
URL GET HTTP/2alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= IP172.67.204.112:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerGoogle Trust Services LLC Subjectalexatracker.com Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48 ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 18:11:18 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=06f57ac400b943fe9082ce87395ac057973281f96563d514e22d4b62ae8e12c6a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A303754635942457029%3B%7D; expires=Tue, 12 May 2026 18:11:17 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVQI3zeyTsyrI0UWhFd%2B6HBSMueCFbnBZ16VcglQbpKZDCVB2k12skgdyCWYp19pGEQZnTV43qRvcPAoYEFOJ73sEloacId3GvjwIIsBpMzKGUsbfvwXgamaRwANFcS7GIKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf3386856c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| static.production.push-sender.com/mng/subs_window.js?ver=1708011915 | 143.204.55.81 | 200 OK | 20 kB |
URL GET HTTP/2static.production.push-sender.com/mng/subs_window.js?ver=1708011915 IP143.204.55.81:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerAmazon Subjectproduction.push-sender.com FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mng/subs_window.js?ver=1708011915 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 06:58:05 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hnQZL9RKNtz6FIEEHW5JnmNAhr9xud7PBbr2l_hyTqTDqOvkyIqtew==
age: 57553
X-Firefox-Spdy: h2
|
|
| static.production.push-sender.com/mng/subs_window.css?ver=1708011915 | 143.204.55.81 | 200 OK | 7.1 kB |
URL GET HTTP/2static.production.push-sender.com/mng/subs_window.css?ver=1708011915 IP143.204.55.81:443
Requested byhttps://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be CertificateIssuerAmazon Subjectproduction.push-sender.com FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (7434), with no line terminators Hash7edfc18d48d2641549d953ad7b35769d b57f256b8a85278ce3459c2aac1b517b40889f94 460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968
GET /mng/subs_window.css?ver=1708011915 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 05:39:12 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zGtvD4bTrLnblAbcRN9gjRB4Q3DQCbsDWBMHQnHruHloISTF7R--ZQ==
age: 45125
X-Firefox-Spdy: h2
|
|