Report - babesnearyou.com/eng/multi/ms/16-612876?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be

Report Overview

Submitted URL
babesnearyou.com/eng/multi/ms/16-612876?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 22:45:36
Access
public
Website Title
Jolly
Final URL
babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	456 B	6.9 kB	142.250.74.106
static.production.push-sender.com	unknown	2023-04-06	2023-06-07	2024-05-02	1.4 kB	56 kB	143.204.55.8
zeniocloud.com	unknown	2022-02-15	2022-02-16	2024-05-04	421 B	709 B	188.114.96.1
babesnearyou.com	unknown	2024-02-14	2015-03-26	2024-04-18	11 kB	445 kB	188.114.96.1
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-07	338 B	863 B	143.204.53.97
alexatracker.com	unknown	2020-07-27	2020-10-28	2024-05-07	458 B	957 B	172.67.204.112
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	1.5 kB	82 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed
2024-05-07	medium	babesnearyou.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be	0 B	2023-03-07	2024-05-19
Pretty URL babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 23:27:31 Times Seen37846223 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be	0 B	2023-03-07	2024-05-19
Pretty URL babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 23:27:31 Times Seen37846223 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	babesnearyou.com/eng/multi/ms/16-612876/js/function.js?1707227351	781 B	2024-05-03	2024-05-19
Pretty URL babesnearyou.com/eng/multi/ms/16-612876/js/function.js?1707227351 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 04:35:00 Last Seen2024-05-19 17:24:38 Times Seen4 Hash 3d92bd6b13f4281e1b3e050c091cf524 6d1113873c9bd0b036d25eb91cf62b450fd7b443 2c6ee7af134d6c83dfad48784b843346876e9df6232ae03628580ff09863fe6b Loading...

	static.production.push-sender.com/mng/subs_window.js?ver=1708011766	20 kB	2023-08-10	2024-05-19
Pretty URL static.production.push-sender.com/mng/subs_window.js?ver=1708011766 IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-10 17:34:39 Last Seen2024-05-19 20:16:01 Times Seen481 Hash e554bff5d51655316050fcc4cbc318eb fd76cffd35b9dd8efd673f9f9531c4416a2137ca d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e Loading...

	static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766	28 kB	2024-02-14	2024-05-19
Pretty URL static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766 IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 21:41:26 Last Seen2024-05-19 20:16:01 Times Seen131 Hash 8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0 Loading...

	alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=	0 B	2023-03-07	2024-05-19
Pretty URL alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= IP 172.67.204.112 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 23:27:31 Times Seen37846223 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	babesnearyou.com/eng/multi/ms/16-612876/js/jquery-2.2.4.min.js?1707227351	86 kB	2023-03-07	2024-05-19
Pretty URL babesnearyou.com/eng/multi/ms/16-612876/js/jquery-2.2.4.min.js?1707227351 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-19 21:25:25 Times Seen394525 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	zeniocloud.com/JAIA.js?sub1=babesnearyou.com	601 B	2024-04-14	2024-05-19
Pretty URL zeniocloud.com/JAIA.js?sub1=babesnearyou.com IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 19:54:14 Last Seen2024-05-19 20:16:01 Times Seen46 Hash 3473dc7b7397c9d72c5f276743fd927c b7b42a6cd6c1998b1f2cb17c9ca51e8663066729 bdca5e46ad5269ddc8c5817c1dd5ddc8068651cea65fb5f15ecda7d1d8560329 Loading...

	babesnearyou.com/eng/multi/ms/16-612876/js/backoffer.js	430 B	2023-03-07	2024-05-19
Pretty URL babesnearyou.com/eng/multi/ms/16-612876/js/backoffer.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-19 20:16:01 Times Seen5897 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

HTTP Transactions (23)

URL IP Response Size

babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be

188.114.96.1

301 Moved Permanently

167 B

URL User Request GET HTTP/1.1
babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 07 May 2024 22:45:10 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 07 May 2024 23:45:10 GMT
Location: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QE5Ak3oGKDYmyMLFcyu3RGnOvSeZ4r%2FxvR2D9Em1lQJzQqs8ScdWi0cM3yFulelEIA8M7ORTGfdTOkVyV187vrPq%2BI7wZb2zwd31ipMe6bJOq6MtEg3kZwnDGC5xSPp7saCZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8804bd242968568d-OSL
alt-svc: h2=":443"; ma=60

babesnearyou.com/eng/multi/ms/16-612876/images/logo-new.png

188.114.97.1

200 OK

6.0 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/logo-new.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
PNG image data, 758 x 316, 8-bit colormap, non-interlaced
Size
6.0 kB (6031 bytes)
Hash
761b4c9c16ba6bda1b1beb23199286c3
9d78ffaaf6f8a2420135e3adc0566f723207215d
403abc4c2a3966195bb32234d9a4570b912bc43a798b0a17734ec18d4da635f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/logo-new.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: image/png
content-length: 6031
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tYYmNRq0MUuu0hHlg8FF2PPoDzHRzSe95GMYiG%2B1WRz4N8fxCjFFoGE4ELsa3AiLuUrCu4IKD1u8mMWCLg4Cprq3JU6snZHCY4faW6oa15Xk7Mp3peWCJ%2BL6mCssX%2BCwnTsi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd266aa356bd-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876/images/110010_2.jpg

188.114.97.1

200 OK

29 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/110010_2.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3
Size
29 kB (29319 bytes)
Hash
2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/110010_2.jpg HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: image/jpeg
content-length: 29319
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eYSMPx3k7v8PvJsTVDGZXSgFGp%2FP%2F%2Bo%2Bfy47loEbSRiZvFXT91Htm1TnNDxRYa1NiLmoJDtGM90tcsOozECKo0pcMk8LzEyTvC1x%2F8gSJ4gR55mZXw0rPlloVwP4AI4i0LdZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd266aa256bd-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876/images/1.jpg

188.114.97.1

200 OK

57 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/1.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3
Size
57 kB (56762 bytes)
Hash
cd41e3e2c1156b62fc4645da34b10586
1e311a59c96cf4c3e18da194815deb9a63fba2ec
1b531f4a6a961037b801ecef8228a9b46efd2d3cff18bd872d32b91cd4585d79

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/1.jpg HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: image/jpeg
content-length: 56762
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3a2ySZNm%2FNREWdq%2BYJm8ZJa5dPPJoHfFqZQXApPCfl3JwqSWi%2FNN2FkZIVbWyHAPPKaaMV3gNphcv0GeT3ceH%2Bf9lj%2FCFtEdgH1Y3H5Ze6o2jIdqzta0lDnjUl9KqkB6iB%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd266aa456bd-OSL
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
38636769a9159f92fca56f18163d5e0e
f9cc8875fb92b2864213cea10aaba65b67837a82
6c77cf14b8331d492fc71be068ac9bbfe7fafc66a65de75d00f7208317f18cd3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 07 May 2024 22:45:11 GMT
Server: ECAcc (amb/6B04)
X-Cache: Miss from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xr9r635jjilt0do8inHYgNr6O7Vk122yX1b9b04FPKTgzV2McnPOmA==

alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=

172.67.204.112

200 OK

0 B

URL GET HTTP/2
alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
172.67.204.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48
ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:45:11 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=9317faffa16ca6834d036ff3fcd907009384e9f1368ebf125020a0faef6d636ca%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A7579710839192202999%3B%7D; expires=Tue, 12 May 2026 22:45:11 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D78D3POUdKmq0QQDbhjH1JlTP1l%2BprLiPmacVWb9AMPsgx68oGQuT%2BF0zVblWbdl3mBqPj1DUt9LlerHMUxEtFcZGC7q32gsQNbdBTWjAyhBLuwpYyR0lI6Exu%2FMSp3ZknhB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd291b8eb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.0
Size
27 kB (26620 bytes)
Hash
8851189b303b4d03a80b8243a4fac433
2a04886958dd3f8fc11562db9b3281699475aad3
1e3ceb99e33b0f3d149b7d617b24a487d07fe7595aa24d04a7f45a0312b0654c

HTTP Headers

GET /s/jost/v15/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:17:38 GMT
expires: Fri, 02 May 2025 18:17:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:39:33 GMT
content-type: font/woff2
age: 448053
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.0
Size
27 kB (26620 bytes)
Hash
8851189b303b4d03a80b8243a4fac433
2a04886958dd3f8fc11562db9b3281699475aad3
1e3ceb99e33b0f3d149b7d617b24a487d07fe7595aa24d04a7f45a0312b0654c

HTTP Headers

GET /s/jost/v15/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:17:38 GMT
expires: Fri, 02 May 2025 18:17:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:39:33 GMT
content-type: font/woff2
age: 448053
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.0
Size
27 kB (26620 bytes)
Hash
8851189b303b4d03a80b8243a4fac433
2a04886958dd3f8fc11562db9b3281699475aad3
1e3ceb99e33b0f3d149b7d617b24a487d07fe7595aa24d04a7f45a0312b0654c

HTTP Headers

GET /s/jost/v15/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:17:38 GMT
expires: Fri, 02 May 2025 18:17:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:39:33 GMT
content-type: font/woff2
age: 448053
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/16-612876/images/bg-desk-1-l-left-latam-adult2x.jpg

188.114.97.1

200 OK

107 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/bg-desk-1-l-left-latam-adult2x.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 945x1830, components 3
Size
107 kB (106939 bytes)
Hash
90586420ed79d679b317e41d7e4e755a
d3d112ce43fe718bb890fca01b28457438f64711
3d7cde1f215f9fd34f6302b8361723a99934a9d8a8a8cddc6b0026a2cf103997

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/bg-desk-1-l-left-latam-adult2x.jpg HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/css/style.css?1707227351
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:11 GMT
content-type: image/jpeg
content-length: 106939
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCbRKDPNt5Lzbj1zKzWOeZ6xX5H%2BroX0gieP5zjBE3mRqEK4MTvlq50DEAlK04d5ty1cLXhUnEwH%2FoqcVYT93TL9L%2BAe2L1xVV%2FGocqk60J229XrKUoAH7HAWRyfM8ZAx6eW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd2b5cc056bd-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876/images/bg-desk-1-l-right-latam-adult2x.jpg

188.114.97.1

200 OK

114 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/bg-desk-1-l-right-latam-adult2x.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 990x2149, components 3
Size
114 kB (114243 bytes)
Hash
1c32023c48a5b8b8eb1ed1ce284b0313
f3b3814a58cec1d2e2f06854a8e9a51c3b5ca232
fdb1eeb53c1dd112356882c5e2bcfba1a502f405efaec15dfd8f1c949f959e40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/bg-desk-1-l-right-latam-adult2x.jpg HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/css/style.css?1707227351
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:11 GMT
content-type: image/jpeg
content-length: 114243
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VM72kkEWRmp2bBAJ2%2FGJh3Up5AHZg0nDVm50NFYE6swhOAoIcPqxMWSoKPVZLnTU304gbNqaHdtk7b0LowzawgLJrsV2L0Wxcm44w6MT9Z4EwYg40bcP6%2BAoWhgdjdkCJt5p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd2b5cc256bd-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876/images/favicon.png?t=20240416091916

188.114.97.1

200 OK

4.1 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/favicon.png?t=20240416091916
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4093 bytes)
Hash
40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/favicon.png?t=20240416091916 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:11 GMT
content-type: image/png
content-length: 4093
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uINKt0%2BYFdc6nC2O5AXk2xit8zNeKRFvSMTX6CAd5TSty8KPhGB%2BlkpSdEr6oRjUROlNwkwOvWKTZk2zLojTkiiwdjgAg5HDRYFaWT7CSfKjYldSIKPpyypvdyYWpAEo%2F6w4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd2c8d7b56bd-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876/images/favicon.png?t=20240416091916

188.114.97.1

200 OK

4.1 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/images/favicon.png?t=20240416091916
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4093 bytes)
Hash
40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/images/favicon.png?t=20240416091916 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:11 GMT
content-type: image/png
content-length: 4093
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DW4YTJRSRclJYHSl%2BpKEO4v6exSidtO76uZ54hVG9G5ibCBhtZ%2F8C0%2Fb%2BjZFkHD5Mt2U3BNwOtNemcJScj7ZNYOF8TWCQdUtOF7VWPIDFbkJGo7Y5iqADfhcYOBEx3qf8BR5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd2c8d7956bd-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Jost:wght@400;500;700&display=swap

142.250.74.106

200 OK

6.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Jost:wght@400;500;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
6.2 kB (6233 bytes)
Hash
ebd68363669e18d0f059b7e0d18641c3
b296057d11e1d0ebc2f01f34ab10dd7d83e37f20
1c81b83c673be27aab7b3b02f02a528ce7d48bb808444aa8b65592d3bb0eebd4

HTTP Headers

GET /css2?family=Jost:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 22:45:11 GMT
date: Tue, 07 May 2024 22:45:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/subs_window.css?ver=1708011766

143.204.55.8

200 OK

7.1 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.css?ver=1708011766
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (7434), with no line terminators
Size
7.1 kB (7130 bytes)
Hash
7edfc18d48d2641549d953ad7b35769d
b57f256b8a85278ce3459c2aac1b517b40889f94
460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968

HTTP Headers

GET /mng/subs_window.css?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 05:39:12 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: r4-VYzJs7_msPOPykzmQJTblzXOsJaxeriVU_9OWAixnzZrkKcl1PQ==
age: 61558
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766

143.204.55.8

200 OK

28 kB

URL GET HTTP/2
static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
28 kB (27548 bytes)
Hash
8853549c3d94b135cff7696e087dc08f
92ff4b057e92c46752e87b593677e960f80afb09
09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0

HTTP Headers

GET /mng/channels/init.min.js?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 05:42:35 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CC5qVN1XYgUcNQnhHxEJhlyspuFDd3Bz_d6T9ncmsnuWGxBUO0dqGQ==
age: 68835
X-Firefox-Spdy: h2

zeniocloud.com/JAIA.js?sub1=babesnearyou.com

188.114.96.1

200 OK

0 B

URL GET HTTP/2
zeniocloud.com/JAIA.js?sub1=babesnearyou.com
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerGoogle Trust Services LLC
Subjectzeniocloud.com
FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37
ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5866
last-modified: Tue, 07 May 2024 21:07:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7O3QlvbT7z9zkzUOTICPulEnzsGy2Oxealz%2Ft76jhl%2BzyVtLk3rv9KdSKpyiuaOKp3X3KEWCHPcMjmTachODf%2BFPS7GkbOtkLcytzzBP%2F91stGKdBPsuqAgSJfe2pOnZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804bd26dace56ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/16-612876/js/jquery-2.2.4.min.js?1707227351

188.114.97.1

200 OK

86 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/js/jquery-2.2.4.min.js?1707227351
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/js/jquery-2.2.4.min.js?1707227351 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:24 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzfhAe2rjQGfBdbESZH3gjb5a%2FJCQ%2B%2BjfBVIMImg1c9dwej1tI83nJkPULmQmjLEWm2vk7cydDEPU5zNwF980uEwrVzg2ULooYd%2FA%2BDvZfYQH2gF8EvDi2Dc2KEjFX5CwcOp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bd265a8b56bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be

188.114.97.1

301 Moved Permanently

7.3 kB

URL User Request GET HTTP/2
babesnearyou.com/eng/multi/ms/16-612876?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type

Size
7.3 kB (7313 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 07 May 2024 22:45:10 GMT
content-type: text/html; charset=iso-8859-1
location: http://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TqvYPu%2FRe38p0A4kRk7%2BGiyCL4xWFNbWvZvpgzXEzDkFyxmbzHl%2FKSsjMgaDH8JESvhQlkmGyGZXGoroesnhGXNWhsF6Wmt4ttmNZI9W%2BYLsxKG0UPX3Za96yDbEn5cWRC5j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bd239a6e0afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/16-612876/js/function.js?1707227351

188.114.97.1

200 OK

781 B

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/js/function.js?1707227351
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (844), with no line terminators
Size
781 B (781 bytes)
Hash
4e1befb441732fed088e233df4d63d6a
f3422a1d6714244e34e9d92c3c400ba8de4d1661
f7799b66a7b7bb6fa41a3d2c98fe3631e0f9a7767f06527bef54e5d6da75f2c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/js/function.js?1707227351 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:24 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eNwtR04eISlR67a3zoDUZWDe5%2FKu4X3q1WCOv87vNUbr6L2vVZ2r1nH6dTEN0vusu6kRUU%2FUZ34wXeC4lnt0gkne5pb%2FJM0JFvRvcC33tx%2FfV6UcJc7VfiNa%2Bwaz42os8vW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bd266a9556bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/subs_window.js?ver=1708011766

143.204.55.8

200 OK

20 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.js?ver=1708011766
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type

Size
20 kB (19706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mng/subs_window.js?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 06:58:05 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9hdxNN_olekpUeRyZ1X5H-WFgNmSKRYOOOuYZHN-k7KvIuiCTpq0Zg==
age: 73987
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/16-612876/js/backoffer.js

188.114.97.1

200 OK

430 B

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/js/backoffer.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:24 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BmaPXlm%2FRdVBSxsl78OI0FAAmmpLl8fcRl7G7VWzNbHQ6Cg7JL1YHxzjNY1%2F547NDGvPo7D9WB0zhKRJfnm0E4NQQGxQg8o0yVNcCJtpqamdVe16Sagix9XH18Q6mNlC%2FQhl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bd266aa556bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/16-612876/css/style.css?1707227351

188.114.97.1

200 OK

20 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/16-612876/css/style.css?1707227351
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
ASCII text
Size
20 kB (19519 bytes)
Hash
b7803de62667f70bc5afe7feb9e1782f
01c3a799e0995cd2c65a3de60a097cc183bbc2fe
13a2fff51201dc5243073ba35809c17fdeac7ded3d2cd1722fbdcb51b2ecf9a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/16-612876/css/style.css?1707227351 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/16-612876/?cep=_6W6Z6xJecuMVStgwxvtgj7U6z_DDYBtZEpLpPWowLHFkLDCk6FLYIpbCvgqUeJ7Op6O1fpgEeZOtdpqYvJ87VCRRXCuM_rgt7ygqNfMzY1qb-XBiF1SsZgDz5cNZtw8uDWpYxseP96MoKVrVieJh4D3NeCtwgAXRUMT7I7m5AYDLDKl49OWLio77nOcqKnhNo0T0FASH2b1d_o7crvvFlZ8lg6ielmTZA6EhBOp-x6vfJ8sIgYXQj_cXW9_WutIzpvatzQUbj4jQkfwgYf-qQvfflZZeRpxTbjdLqPE0slDIwKLnI8ZoBQLf32pI_2IHnez5Lp1GhqNa1re3wX8CE2SrypdfOvS_wJ111cNKQ6Z0YYl3JzRQis7ak6LFVlKZNEPaBBvyWDZWUNmh9pU2A&lptoken=17cc15dc1174935614be
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 22:45:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:23 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65tRsyuyQHQzoJifA2ZKNQ67dxp2TNVLcQFDw6Qx5JAfXkLhi%2BPmy5wFqJlD7Npr3UYFoe1O0lAe5zbDQHJmDsKYG81aGJt8NctkB%2Bc21egLqsupbgnwmNx%2BtQbFfLLaOX64"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804bd265a8956bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML