Overview

URL 18teens.blue/
IP94.100.24.174
ASNAS35017 Swiftway Sp. z o.o.
Location Netherlands
Report completed2019-06-30 16:35:17 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-06-30 16:34:46 CEST 1  94.100.24.174 Client IP ET INFO Suspicious Darkwave Popads Pop Under Redirect
2019-06-30 16:34:46 CEST 2 Client IP  Internal IP ET DNS Query to a *.top domain - Likely Hostile


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 94.100.24.174

Date UQ / IDS / BL URL IP
2019-06-30 16:55:29 +0200
0 - 1 - 0 fap18videos.com/ 94.100.24.174
2019-06-30 16:53:52 +0200
0 - 1 - 0 teen18folders.mobi/ 94.100.24.174
2019-06-30 16:47:46 +0200
0 - 1 - 0 teen18forum.mobi/ 94.100.24.174
2019-06-30 16:47:18 +0200
0 - 1 - 0 joyteens.blue/ 94.100.24.174
2019-06-30 16:44:14 +0200
0 - 1 - 0 teenfolder.org/ 94.100.24.174
2019-06-30 16:43:37 +0200
0 - 1 - 0 teen18folders.mobi/ 94.100.24.174
2019-06-30 16:36:45 +0200
0 - 1 - 0 teen18planet.link/ 94.100.24.174
2019-06-30 16:35:47 +0200
0 - 1 - 0 joyteens.blue/ 94.100.24.174
2019-06-30 16:34:16 +0200
0 - 1 - 0 teen18forum.mobi/ 94.100.24.174
2019-06-30 16:32:38 +0200
0 - 1 - 0 newteens.org/ 94.100.24.174

Last 10 reports on ASN: AS35017 Swiftway Sp. z o.o.

Date UQ / IDS / BL URL IP
2019-06-30 17:40:16 +0200
0 - 0 - 0 crazy-holiday.biz/ 46.21.146.239
2019-06-30 16:55:29 +0200
0 - 1 - 0 fap18videos.com/ 94.100.24.174
2019-06-30 16:53:52 +0200
0 - 1 - 0 teen18folders.mobi/ 94.100.24.174
2019-06-30 16:47:46 +0200
0 - 1 - 0 teen18forum.mobi/ 94.100.24.174
2019-06-30 16:47:18 +0200
0 - 1 - 0 joyteens.blue/ 94.100.24.174
2019-06-30 16:44:14 +0200
0 - 1 - 0 teenfolder.org/ 94.100.24.174
2019-06-30 16:43:37 +0200
0 - 1 - 0 teen18folders.mobi/ 94.100.24.174
2019-06-30 16:36:45 +0200
0 - 1 - 0 teen18planet.link/ 94.100.24.174
2019-06-30 16:35:47 +0200
0 - 1 - 0 joyteens.blue/ 94.100.24.174
2019-06-30 16:34:16 +0200
0 - 1 - 0 teen18forum.mobi/ 94.100.24.174

Last 1 reports on domain: 18teens.blue

Date UQ / IDS / BL URL IP
2018-06-04 23:07:48 +0200
0 - 1 - 0 18teens.blue/view.php 185.147.14.226


JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 286, repeated: 1) - SHA256: 3f470fa4b5c1cac26d0345ab9445d3084ddedb38c7a66f3c2ad687f0460d7852

                                        < a href = '//www.liveinternet.ru/click'
target = _blank > < img src = '//counter.yadro.ru/hit?t45.6;r;s1176*885*24;uhttp%3A//18teens.blue/;hTeen%20Girls%2C%20Nonude%20Models%2C%20Young%20Nudist%20Free%20Sites;0.3563814551226151'
alt = ''
title = 'LiveInternet'
border = '0'
width = '31'
height = '31' > < /a>
                                    


HTTP Transactions (7)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: 18teens.blue
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         94.100.24.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sun, 30 Jun 2019 14:34:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.6.40
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3398
Md5:    d492e7e15852b3cad7a77971ada62d65
Sha1:   a40ff027ce9ac518c1bc0aa89b5d0d3998490f79
Sha256: 60663797caf77aa23d328b9cc04286794b59bc5e0152df365cc47260ef840144

Alerts:
  IDS:
    - ET INFO Suspicious Darkwave Popads Pop Under Redirect
                                        
                                            GET /im/g2.jpg HTTP/1.1 
Host: 18teens.blue
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://18teens.blue/
Cookie: from=noref; lfrom=noref; idcheck=1561905286

                                         
                                         94.100.24.174
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Sun, 30 Jun 2019 14:34:46 GMT
Content-Length: 207
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   207
Md5:    f3d5a50f5d863bae0e773901e5d84892
Sha1:   5200c2de17ff8fac58ddfe725bf2c98f350d16cb
Sha256: 75f2d63a63f27e4257cf1d0b9a76b316f3d6b7fc0f6f7329146993e88a058d95
                                        
                                            GET /favicon.png HTTP/1.1 
Host: 18teens.blue
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: from=noref; lfrom=noref; idcheck=1561905286

                                         
                                         94.100.24.174
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 30 Jun 2019 14:34:46 GMT
Content-Length: 683
Last-Modified: Thu, 07 Mar 2019 06:40:24 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Etag: "5c80bcd8-2ab"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGB, non-interlaced
Size:   683
Md5:    8a9661bfd064f010895a67f52098885f
Sha1:   180a60a6ccf2cce52c700ad0fc11dc6301456983
Sha256: 2d0baf2b9c2e4f02f4eb1aa029b5cbc8387d78330ec40ed1822ed75a361dcda6
                                        
                                            GET /im/t1.jpg HTTP/1.1 
Host: 18teens.blue
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://18teens.blue/
Cookie: from=noref; lfrom=noref; idcheck=1561905286

                                         
                                         94.100.24.174
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 30 Jun 2019 14:34:46 GMT
Content-Length: 11615
Last-Modified: Thu, 07 Mar 2019 06:39:58 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Etag: "5c80bcbe-2d5f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   11615
Md5:    fc6a3204a4378b5220af6462b38b09ce
Sha1:   2436f965a411ecbb2b27ad54f4a7d36fe54d81af
Sha256: dd114e417003448d0c8fb077bd91027238666222e83be05dbb819e11623a0c87
                                        
                                            GET /hit?t45.6;r;s1176*885*24;uhttp%3A//18teens.blue/;hTeen%20Girls%2C%20Nonude%20Models%2C%20Young%20Nudist%20Free%20Sites;0.3563814551226151 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://18teens.blue/

                                         
                                         88.212.196.124
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Date: Sun, 30 Jun 2019 14:34:46 GMT
Server: 0W/0.8c
Location: http://counter.yadro.ru/hit?q;t45.6;r;s1176*885*24;uhttp%3A//18teens.blue/;hTeen%20Girls%2C%20Nonude%20Models%2C%20Young%20Nudist%20Free%20Sites;0.3563814551226151
Content-Length: 32
Expires: Fri, 29 Jun 2018 21:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: FTID=1T6CY60OLzPq1T6CY600BDkG; path=/; expires=Sun, 28 Jun 2020 21:00:00 GMT; domain=.yadro.ru


--- Additional Info ---
Magic:  HTML document text
Size:   32
Md5:    3e9c09a8c5a87f266e047a596f48578c
Sha1:   07d7b1940b7e3f9a3db43197458f9b8ef18a6bce
Sha256: 57fad7ae62012ff4a38ecb6045ac6e8e3a070a33bbd033b21ab6cad3566d9254
                                        
                                            GET /pop.js HTTP/1.1 
Host: c1.popads.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://18teens.blue/

                                         
                                         185.76.9.12
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 30 Jun 2019 14:34:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 17 Jun 2019 22:20:49 GMT
Etag: W/"5d081241-79ce"
Access-Control-Allow-Origin: *
Server: CDN77-Turbo
X-Edge-IP: 185.76.9.10
X-Edge-Location: stockholmSE
X-Cache: HIT
X-Age: 477
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9448
Md5:    989be0ca0efce8c39ce8b327b469df64
Sha1:   6c8664f02aba2581cfcc6b2652de42b2241f113f
Sha256: 50fcdbd5ec565470db320b3f61da3ee99186d52e2651fddb99e48bffe57044cb
                                        
                                            GET /hit?q;t45.6;r;s1176*885*24;uhttp%3A//18teens.blue/;hTeen%20Girls%2C%20Nonude%20Models%2C%20Young%20Nudist%20Free%20Sites;0.3563814551226151 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://18teens.blue/
Cookie: FTID=1T6CY60OLzPq1T6CY600BDkG

                                         
                                         88.212.196.124
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sun, 30 Jun 2019 14:34:46 GMT
Server: 0W/0.8c
Connection: Close
Content-Length: 104
Expires: Fri, 29 Jun 2018 21:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: VID=2zyGWj13SQfq1T6CY600BDkM; path=/; expires=Sun, 28 Jun 2020 21:00:00 GMT; domain=.yadro.ru


--- Additional Info ---
Magic:  GIF image data, version 87a, 31 x 31
Size:   104
Md5:    77be1b29d5a9ddd0b4cf1878f1de4b25
Sha1:   29ee14ca48b313868412505ba4fb102dccf7dc6b
Sha256: aba98d0405c2aad0b6513f606b491a6f03c19811d9dfb2640d5ec9899652a970