Report - babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F

Report Overview

Submitted URL
babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 18:11:42
Access
public
Website Title
Tiktok für Singles
Final URL
babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-07	441 B	32 kB	151.101.66.137
zeniocloud.com	unknown	2022-02-15	2022-02-16	2024-05-04	421 B	709 B	104.21.25.245
static.production.push-sender.com	unknown	2023-04-06	2023-06-07	2024-05-02	1.4 kB	56 kB	143.204.55.81
alexatracker.com	unknown	2020-07-27	2020-10-28	2024-05-07	460 B	954 B	172.67.204.112
babesnearyou.com	unknown	2024-02-14	2015-03-26	2024-04-18	5.5 kB	579 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be	0 B	2023-03-07	2024-05-29
Pretty URL babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-29 00:37:47 Times Seen38432074 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=	0 B	2023-03-07	2024-05-29
Pretty URL alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= IP 172.67.204.112 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-29 00:37:47 Times Seen38432074 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	zeniocloud.com/JAIA.js?sub1=babesnearyou.com	601 B	2024-04-14	2024-05-28
Pretty URL zeniocloud.com/JAIA.js?sub1=babesnearyou.com IP 104.21.25.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 19:54:14 Last Seen2024-05-28 08:50:41 Times Seen65 Hash 3473dc7b7397c9d72c5f276743fd927c b7b42a6cd6c1998b1f2cb17c9ca51e8663066729 bdca5e46ad5269ddc8c5817c1dd5ddc8068651cea65fb5f15ecda7d1d8560329 Loading...

	static.production.push-sender.com/mng/subs_window.js?ver=1708011915	20 kB	2023-08-10	2024-05-28
Pretty URL static.production.push-sender.com/mng/subs_window.js?ver=1708011915 IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-10 17:34:39 Last Seen2024-05-28 20:00:15 Times Seen508 Hash e554bff5d51655316050fcc4cbc318eb fd76cffd35b9dd8efd673f9f9531c4416a2137ca d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e Loading...

	static.production.push-sender.com/mng/channels/init.min.js?ver=1708011915	28 kB	2024-02-14	2024-05-28
Pretty URL static.production.push-sender.com/mng/channels/init.min.js?ver=1708011915 IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 21:41:26 Last Seen2024-05-28 20:00:16 Times Seen178 Hash 8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0 Loading...

	babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be	0 B	2023-03-07	2024-05-29
Pretty URL babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-29 00:37:47 Times Seen38432074 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	code.jquery.com/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-05-29
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-29 00:19:35 Times Seen149327 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	babesnearyou.com/de/multi/ms/2-252402/js/backoffer.js	430 B	2023-03-07	2024-05-28
Pretty URL babesnearyou.com/de/multi/ms/2-252402/js/backoffer.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-28 20:00:16 Times Seen5951 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

HTTP Transactions (12)

URL IP Response Size

babesnearyou.com/de/multi/ms/2-252402/img/logo.png

188.114.97.1

200 OK

9.0 kB

URL GET HTTP/3
babesnearyou.com/de/multi/ms/2-252402/img/logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
PNG image data, 334 x 172, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (8981 bytes)
Hash
f24a4f2fe552a16cd108fe94a5531dbd
8300575a56cd3ad81b47e7d9b027d85646ba0d6e
03cf32f3d203c9b5a8989ac563720fae3c9c915e8b82e8771a72e25817822ce1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /de/multi/ms/2-252402/img/logo.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: image/png
content-length: 8981
last-modified: Thu, 15 Feb 2024 18:46:35 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tf%2B745OPJoar9yzudZQ%2F5OX2oobpBq%2BHOZvsL8f4Nh7HgcmsB4rbQmbvQer7ghXvXtArcBeh%2B%2BP9c9fDaDj7Y88mvhl8UJpghMcDrKiQPaFMZkgbxAwPCsTBnZVFwqOKbCzZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf10a38b51e-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-3.5.1.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 18:11:17 GMT
age: 961649
x-served-by: cache-lga21981-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 64, 21488
x-timer: S1715105477.385288,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

babesnearyou.com/de/multi/ms/2-252402/img/main.webp

188.114.97.1

200 OK

547 kB

URL GET HTTP/3
babesnearyou.com/de/multi/ms/2-252402/img/main.webp
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
RIFF (little-endian) data, Web/P image
Size
547 kB (547274 bytes)
Hash
3bd66634e02b6827a549b3566a4fc71d
f58fa8c092f0d8a7196d9fd2c24830ae4aef3b4e
6baf06b328943b1b1943c2f738618b5509afff998553d2143f058afe4bdc8826

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /de/multi/ms/2-252402/img/main.webp HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: image/webp
content-length: 547274
last-modified: Thu, 15 Feb 2024 18:46:36 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8i0McmMCceiwoQH0yap1ClEd3NZS4KgGE7XUzCtuwqfzdS6Z9fIlcZapa4w9hPeTspvlvxAyVDy%2BnU%2BSZGJZB1RBmkXigB%2BsfY3tUF7kbQcA1jiZMbtZcCLZO1FCoHXV4Zp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf10a3eb51e-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/de/multi/ms/2-252402/img/favicon.png

188.114.97.1

200 OK

935 B

URL GET HTTP/3
babesnearyou.com/de/multi/ms/2-252402/img/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
935 B (935 bytes)
Hash
72a7aa3560f3def2027ee620204dd909
d13ab2951dd65b68ce4bf246e0a8651f76144068
697389bfeadc7321032cb6c7946d0eb1772af5c9d127ff62c5e9cc56ef8c4d0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /de/multi/ms/2-252402/img/favicon.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: image/png
content-length: 935
last-modified: Thu, 15 Feb 2024 18:46:35 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yZFXInnj7RjYPRM88NZOv69wDorOot%2FOzWsZrTG%2FW2SfE4YN7m8kYYlbcQam%2BhKATZOGounuslCo3XVnvzM6cVtu8yX385NSrtXwuFQQQ766d1tKdWHxLxZpPxWFWkS5pWXE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf3ce38b51e-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be

188.114.97.1

200 OK

6.0 kB

URL User Request GET HTTP/2
babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
6.0 kB (6037 bytes)
Hash
4ff4b9d382fe7c53bb124bd91f170498
890a5a067478eedd9a8d453021d4cf2b020b0bf9
1008752309a95bc54b93a8f3c8ac2248d1cdca800b4fed2805921db7a89294c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O70XNPOehrJezqMYhiMy60RhHPNYw0zWPy0q%2FPLov0FWCoVeZUGRRCKISYUEnkBNFrqJNB6CZ5gAybRvGt31WUUW6ofyomYcHXLeAHvsLGHsgd4qRw5Iao7lK12E4iWbS2Io"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88032bef1edf0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

babesnearyou.com/de/multi/ms/2-252402/style/style.css

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
babesnearyou.com/de/multi/ms/2-252402/style/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
ASCII text
Size
11 kB (11140 bytes)
Hash
59f275db12b959777a908553c897c933
41f2e84b93e22cf87832793c35285b649a4ee3a9
d67b5d6016182cba664d4c579b2d42b78e46cfe7019baa655c2a9641a4e821c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /de/multi/ms/2-252402/style/style.css HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 15 Feb 2024 18:46:38 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DXffvO6ilJyCTiAoeIBwLXub%2BJi5e1cseZw7W0KrRXAUFKkTg691WBGcBSzuoI60QWlBa4KVCJXwcqMthPpS92eURynaVVePMU8HwV0Uxe%2F5cVrNzRjGCDokttMDc96Rilbr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88032bf10a30b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

zeniocloud.com/JAIA.js?sub1=babesnearyou.com

104.21.25.245

200 OK

0 B

URL GET HTTP/2
zeniocloud.com/JAIA.js?sub1=babesnearyou.com
IP
104.21.25.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerGoogle Trust Services LLC
Subjectzeniocloud.com
FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37
ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5396
last-modified: Tue, 07 May 2024 16:41:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkYgTPGuRFatwdmnom5H4xTC65WefRfP5efWZSK7TAdhxlkrqxnSTgebtAuD9C%2Fe2P9PwCalftwR%2BqQTjEiNk%2FmX0dL6Q1mTN7%2FJKw7Uz0xoXyUd4YBFGK48bU7HFiDnBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf158c80afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/channels/init.min.js?ver=1708011915

143.204.55.81

200 OK

28 kB

URL GET HTTP/2
static.production.push-sender.com/mng/channels/init.min.js?ver=1708011915
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
28 kB (27548 bytes)
Hash
8853549c3d94b135cff7696e087dc08f
92ff4b057e92c46752e87b593677e960f80afb09
09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0

HTTP Headers

GET /mng/channels/init.min.js?ver=1708011915 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 05:42:35 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: STro_sNhk9cGXCqddwoW0aajY66_qnqhm2wdJr37_UhZ6k0hoKUf0w==
age: 52402
X-Firefox-Spdy: h2

babesnearyou.com/de/multi/ms/2-252402/js/backoffer.js

188.114.97.1

200 OK

430 B

URL GET HTTP/3
babesnearyou.com/de/multi/ms/2-252402/js/backoffer.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /de/multi/ms/2-252402/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:11:17 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Thu, 15 Feb 2024 18:46:37 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1DBY%2Bu39Wm6bYHfM4GQBho9HVWQ04N3CSTGbI1fzpgr20PDZ%2BcmWB5nfN5FsxNcyVa5GA%2FJCOKxkPJ0KbXVzEHnK3EtqoDUmxD1IyfPEnSggL41zYCnitU5%2BZyhY0pJCu0%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88032bf11a48b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=

172.67.204.112

200 OK

0 B

URL GET HTTP/2
alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
172.67.204.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48
ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:11:18 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=06f57ac400b943fe9082ce87395ac057973281f96563d514e22d4b62ae8e12c6a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A303754635942457029%3B%7D; expires=Tue, 12 May 2026 18:11:17 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVQI3zeyTsyrI0UWhFd%2B6HBSMueCFbnBZ16VcglQbpKZDCVB2k12skgdyCWYp19pGEQZnTV43qRvcPAoYEFOJ73sEloacId3GvjwIIsBpMzKGUsbfvwXgamaRwANFcS7GIKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032bf3386856c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/subs_window.js?ver=1708011915

143.204.55.81

200 OK

20 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.js?ver=1708011915
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type

Size
20 kB (19706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mng/subs_window.js?ver=1708011915 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 06:58:05 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hnQZL9RKNtz6FIEEHW5JnmNAhr9xud7PBbr2l_hyTqTDqOvkyIqtew==
age: 57553
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/subs_window.css?ver=1708011915

143.204.55.81

200 OK

7.1 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.css?ver=1708011915
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/de/multi/ms/2-252402/?cep=bBuq6dBzYkjmpd6-tU5Z3bWpW53U7y2glKd34Uq5kbjVLJbqiZu9VGMVpKm-mJOgxquQyGmehjRLHcaZts5kfMXzruglPKGNn9Fym2vNo38SDmIz2ncImH2QJ0DjliFeAvqqttFc8evVqZ16to8yLbwFBbe-4hGq-O9ItGlAmFzFU0xHhTM_2Gg-VX-99jqw6yAa0BU2EZ2f73mn7xv37igaxK8jmYm7Ad0BoknBtYA8PdQiWnwoIqlK4PYfZywsUDS5DfvoJislp5iAnKo4J2aKZDGDmemqscboS3aolERkk_r-00WFwdd_nbXx9c51a6KaQ41ODrkGBVQp0cXIcIk1rkqD-lkOb4WXsxqK1jqlr94GNFe2LRPZmbMTvPAV17KPVI3fccHDlGX_F_ZRww&lptoken=174d151410d1726252be
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (7434), with no line terminators
Size
7.1 kB (7130 bytes)
Hash
7edfc18d48d2641549d953ad7b35769d
b57f256b8a85278ce3459c2aac1b517b40889f94
460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968

HTTP Headers

GET /mng/subs_window.css?ver=1708011915 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 05:39:12 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zGtvD4bTrLnblAbcRN9gjRB4Q3DQCbsDWBMHQnHruHloISTF7R--ZQ==
age: 45125
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML