{"report_id":"6d70aec6-9fb0-41f9-b34a-6c20ebee5842","version":6,"status":"done","tags":[],"date":"2025-10-09T01:58:47Z","url":{"schema":"http","addr":"babyage0.store/register?i=xx2aue","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"babyage0.store/register?i=xx2aue","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"title":"Happy Community"},"submit":{"url":{"schema":"http","addr":"babyage0.store/register?i=xx2aue","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-13T01:58:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"babyage0.store","ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-08","domain_rank":0,"first_seen":"2025-10-09T01:58:47.617455Z","last_seen":"2025-10-09T01:58:47.617455Z","alert_count":6,"request_count":6,"received_data":264658,"sent_data":2870,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"babyage0.store/register?i=xx2aue","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"867931fa2b4d4db5865fb420c0c9f9fe","sha1":"7e7b60727e9b30caf5f6093b9a629a93ab9d9709","sha256":"35e86f8a1e1d919104c177b8383538faf5d6acde5c6d4f668e73cb78e59b8c0a","sha512":"e1c141baaa722e9641c437bdb7703358812e699a29f2cb90b3c8943063dfa58728430158e5cbf15d2df9a71629ec171b36fe63243a352585799cbe6780c6a6c4","ssdeep":"","tlshash":"9241a8a1535e57a72bf32264097f036ae53d986376106d42fc9c38d2bf6c76c213691c","size":1913,"data":"","first_seen":"2025-03-04T10:40:07.271004Z","last_seen":"2026-02-18T03:59:53.866174Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"babyage0.store/template/temp/js/jquery.min.js","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"895323ed2f7258af4fae2c738c8aea49","sha1":"276c87ff3e1e3155679c318938e74e5c1b76d809","sha256":"ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8","sha512":"c40111c3cc0754e90cf71f72f7f16f43b835b7e808423dfd99f90dd5177538b702e64ff1d9ee8d3bc86aeaa11b6f7a0ef826184e354b162158839ffb75d174cc","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmc:R+41ZqLTW8xRrqSb8qGH77da98Hrf","tlshash":"3b93d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","size":95957,"data":"","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-06-10T01:37:25.781327Z","times_seen":17432,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"babyage0.store/register?i=xx2aue","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T01:58:25.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"babyage0.store","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 09:40:28 GMT","end":"Tue, 06 Jan 2026 10:39:16 GMT"},"fingerprint":{"sha1":"3B:D7:74:F1:DD:87:CF:19:D4:24:F9:F8:FB:43:8D:6C:EC:7D:5B:C3","sha256":"DD:6E:66:E2:2B:4C:75:89:B2:EE:9C:A3:E2:CB:E5:23:85:D8:EA:A2:59:ED:4F:DC:0B:57:D8:51:A8:5E:27:83"}}},"request":{"raw":"GET /register?i=xx2aue HTTP/1.1\r\nHost: babyage0.store\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 09 Oct 2025 01:58:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HocMHmSHJl8y1f5wkYJxVy7vlEVpGuKaOXsJ1crxxa4y94GEI%2FQelMXQM75Yf%2BAfuHqPH82eMxE1ccfwnlbpaUaLHu38LgY%2BZgAcg%2FSc\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98ba45d7a8b98deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4174,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"36ee1766745ea666d050c507915d7d18","sha1":"1e9876a219bd2993e4680cbdeb4e7905821129a2","sha256":"428eff698d85f35cae66d201eabb35ad33faac35979308c3cbc56abbaf12a013","sha512":"dc16ebb495d877bd6b94a03277fdab41f5a1a38d72fd59f7a777866811c0a58fa2ec4de7eb1be54fd7b420c4f17e6d30af1144f200643c009c9de3f2a8e57ca7","ssdeep":"96:kC9VroA/zc8SU42NE4fhBfHMflGf83uG55X3u/MAbX:kCnroArcM4SEahBfHMflGf83uG55X3uf","tlshash":"bf81732083ed896796f3126459ea9609a91dc523a3001c45feec38d67f9df5c4233a6c","first_seen":"2025-10-09T01:58:50.35779Z","last_seen":"2025-10-09T01:58:50.35779Z","times_seen":1,"resource_available":false,"data":null}},"time_used":541,"timings":{"blocked":93,"dns":70,"connect":1,"send":0,"wait":355,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"babyage0.store/template/temp/css/register.css","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://babyage0.store/register?i=xx2aue","date":"2025-10-09T01:58:25.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"babyage0.store","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 09:40:28 GMT","end":"Tue, 06 Jan 2026 10:39:16 GMT"},"fingerprint":{"sha1":"3B:D7:74:F1:DD:87:CF:19:D4:24:F9:F8:FB:43:8D:6C:EC:7D:5B:C3","sha256":"DD:6E:66:E2:2B:4C:75:89:B2:EE:9C:A3:E2:CB:E5:23:85:D8:EA:A2:59:ED:4F:DC:0B:57:D8:51:A8:5E:27:83"}}},"request":{"raw":"GET /template/temp/css/register.css HTTP/1.1\r\nHost: babyage0.store\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://babyage0.store/register?i=xx2aue\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Oct 2025 01:58:25 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 Aug 2025 13:02:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tuimGE91D3pg8gk5WNqtmfsJKdUNQySGTfCjDGx6HSPX7YemUkPhLm8AHamn%2FcUuvtP%2FZbf3yyccVA%2BlM2H547n7jUcILu5me0trLFjy\"}]}\r\nvary: Accept-Encoding\r\netag: \"68b2f64d-779\"\r\ncontent-encoding: gzip\r\nage: 4082\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\ncf-ray: 98ba45db9ef25a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1913,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"57135ffd58094d92fd140e5d9203f09d","sha1":"8348509537bbf7c8e7850c195f2ad6d8247f5279","sha256":"3f46da6187eed89d2fa119a751581c26b7df06a56ea37362a61b42fda469d313","sha512":"77235a6142090fe457750e43be127c10c54150d733996cb8575be2084ffc3c1b0083e6706bd8e423ae697faefc584b8ae9f79e5529502020166bc543c590a2bb","ssdeep":"","tlshash":"cf419c48db040546b23395ac67f3474aea6d80938b4a067d3b59e690cfbe16c8672fc8","first_seen":"2024-11-27T18:28:24.386073Z","last_seen":"2026-03-19T01:47:22.827725Z","times_seen":150,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"babyage0.store/template/temp/js/jquery.min.js","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://babyage0.store/register?i=xx2aue","date":"2025-10-09T01:58:25.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"babyage0.store","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 09:40:28 GMT","end":"Tue, 06 Jan 2026 10:39:16 GMT"},"fingerprint":{"sha1":"3B:D7:74:F1:DD:87:CF:19:D4:24:F9:F8:FB:43:8D:6C:EC:7D:5B:C3","sha256":"DD:6E:66:E2:2B:4C:75:89:B2:EE:9C:A3:E2:CB:E5:23:85:D8:EA:A2:59:ED:4F:DC:0B:57:D8:51:A8:5E:27:83"}}},"request":{"raw":"GET /template/temp/js/jquery.min.js HTTP/1.1\r\nHost: babyage0.store\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://babyage0.store/register?i=xx2aue\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Oct 2025 01:58:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 30 Aug 2025 13:02:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=98c9d%2B2YKSOCp24SAS3%2BFpHY91Cq9T6jvJ4j4Bmq1JG3FCBE2vtRW7DBIeEliyRUVWi3Uja%2FOOlfPoTQXy0js8P%2B1esYCCrtM4SkfmC5\"}]}\r\nvary: Accept-Encoding\r\netag: \"68b2f64d-176d5\"\r\ncontent-encoding: gzip\r\nage: 4584\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\ncf-ray: 98ba45dbaef35a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95957,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32038)","md5":"895323ed2f7258af4fae2c738c8aea49","sha1":"276c87ff3e1e3155679c318938e74e5c1b76d809","sha256":"ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8","sha512":"c40111c3cc0754e90cf71f72f7f16f43b835b7e808423dfd99f90dd5177538b702e64ff1d9ee8d3bc86aeaa11b6f7a0ef826184e354b162158839ffb75d174cc","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmc:R+41ZqLTW8xRrqSb8qGH77da98Hrf","tlshash":"3b93d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-06-10T01:37:25.781327Z","times_seen":17432,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"babyage0.store/verify/index.html","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://babyage0.store/register?i=xx2aue","date":"2025-10-09T01:58:25.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"babyage0.store","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 09:40:28 GMT","end":"Tue, 06 Jan 2026 10:39:16 GMT"},"fingerprint":{"sha1":"3B:D7:74:F1:DD:87:CF:19:D4:24:F9:F8:FB:43:8D:6C:EC:7D:5B:C3","sha256":"DD:6E:66:E2:2B:4C:75:89:B2:EE:9C:A3:E2:CB:E5:23:85:D8:EA:A2:59:ED:4F:DC:0B:57:D8:51:A8:5E:27:83"}}},"request":{"raw":"GET /verify/index.html HTTP/1.1\r\nHost: babyage0.store\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://babyage0.store/register?i=xx2aue\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Oct 2025 01:58:26 GMT\r\ncontent-type: image/png; charset=utf-8\r\ncontent-length: 473\r\nset-cookie: PHPSESSID=e0va38f0hlsspkgp82r4qts4om; Path=/\r\npriority: u=4,i=?0\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6DU4zUUmtCyv3czxogFCaBGu3Ww8JFexPbaa7OIYpMimUxMBluumAKkWR8sz2fOKj5sJUPV3t6iejZz2vJkAGtIxeKnjEOaTyV%2BUGWrC\"}]}\r\ncf-ray: 98ba45dbaef55a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":473,"size_decoded":0,"mime_type":"image/png; charset=utf-8","magic":"PNG image data, 128 x 40, 4-bit colormap, non-interlaced","md5":"0d5d02a6b51a4091fa447e92c1ea43bf","sha1":"a90b93cf8436c86cfe32c81c8c1b2e98a32ec597","sha256":"97f105907e8a923b1cfad3c089575404f168a18f25a3a467e3e149a17271cd7b","sha512":"281a9f40ca3b4f4c72b4213be43ce26e9df59631d6c67e2b8e48d7a3c25e4af31bfc848864eaecdbcc0a505da4922930e655c0e1e370d5ca295dd3ed795abbf6","ssdeep":"","tlshash":"f0f09ee283914dd01268b8bae1e2a951cd33419143212c0aaf994d66c7965d6d79449f","first_seen":"2025-10-09T01:58:50.360202Z","last_seen":"2025-10-09T01:58:50.360202Z","times_seen":1,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"babyage0.store/upload/site/20250922-1/e4400c049a031de83bd06de1a443105a.jpg","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://babyage0.store/register?i=xx2aue","date":"2025-10-09T01:58:25.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"babyage0.store","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 09:40:28 GMT","end":"Tue, 06 Jan 2026 10:39:16 GMT"},"fingerprint":{"sha1":"3B:D7:74:F1:DD:87:CF:19:D4:24:F9:F8:FB:43:8D:6C:EC:7D:5B:C3","sha256":"DD:6E:66:E2:2B:4C:75:89:B2:EE:9C:A3:E2:CB:E5:23:85:D8:EA:A2:59:ED:4F:DC:0B:57:D8:51:A8:5E:27:83"}}},"request":{"raw":"GET /upload/site/20250922-1/e4400c049a031de83bd06de1a443105a.jpg HTTP/1.1\r\nHost: babyage0.store\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://babyage0.store/register?i=xx2aue\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Oct 2025 01:58:25 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 150973\r\nlast-modified: Sun, 21 Sep 2025 21:21:07 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5e4vmZihNgikFHUMrzhmQ8%2B8%2FnAUK6Xy58nNhYh93FluIq5GEtCmXlkkboT%2BZ2aHJ6N1lyFTOOgGkOLImp15GWzHBl5x7WCWlFzne8ic\"}]}\r\netag: \"68d06c43-24dbd\"\r\naccept-ranges: bytes\r\nage: 4082\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98ba45dbaef45a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":150973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 807x605, components 3","md5":"f1926654df4ad74be9c37b1368df63e6","sha1":"7d079f1f561ac10cb9223704577520f7f01d46d4","sha256":"4192f724519db335a6dc42e4f0d6d8ec6daf2d8cd426a48b240698f2c9ca7ba5","sha512":"abc48788cc00f89f9ff00ad3d76a6c4fc69af1652ebade3ea0d5ee743f9eed62b01a413b57e8c86ef76b10fbf7d496196f59a1a4babd9494ce60ee80483a4eaa","ssdeep":"3072:zjvyFScabKS5izBqQ7XuECmcZcd500d9L9Ky4UVaX3M4j+Y5j:Xv7KS5KBqQ7PDuctd9LEUVaX84lF","tlshash":"45e3127dba013999443e21b5c40d8c4f2a649adbd1b4d11e0778c898f21dda37babb3d","first_seen":"2025-10-05T10:20:24.057328Z","last_seen":"2025-10-09T01:58:50.361397Z","times_seen":2,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"babyage0.store/favicon.ico","fqdn":"babyage0.store","domain":"babyage0.store","tld":"store"},"ip":{"addr":"172.67.146.238","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://babyage0.store/register?i=xx2aue","date":"2025-10-09T01:58:26.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"babyage0.store","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 09:40:28 GMT","end":"Tue, 06 Jan 2026 10:39:16 GMT"},"fingerprint":{"sha1":"3B:D7:74:F1:DD:87:CF:19:D4:24:F9:F8:FB:43:8D:6C:EC:7D:5B:C3","sha256":"DD:6E:66:E2:2B:4C:75:89:B2:EE:9C:A3:E2:CB:E5:23:85:D8:EA:A2:59:ED:4F:DC:0B:57:D8:51:A8:5E:27:83"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: babyage0.store\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://babyage0.store/register?i=xx2aue\r\nCookie: PHPSESSID=e0va38f0hlsspkgp82r4qts4om\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Thu, 09 Oct 2025 01:58:26 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XLhrnEQVDV%2BQeJjOSkSSx%2B%2F6hbKSWVvXvrD6mL607ypPDRkivEY7AHE2pDWWRpaS%2BFsI4UZ0fYRiQrLFfSJ0ryoZFjIJmTeAfAy8rrhL\"}]}\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\ncf-ray: 98ba45dcfefc5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7197,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"cadea9088faed7f1f493a2d72ffc5a7f","sha1":"06270cfc0a44bb32fe6f851fa1e8f027182ec2c5","sha256":"ff761d4960cb0813b67e3350f4e97c0dfbbb1a52eeb8d035de157f22d10e81fe","sha512":"de45be77d5cb8a5d46bb26e6e7457be3ff949c28603cc6a17ffc8818a4799ee969fcb025cefefeb17a11bb9baf47842cfdf67c31c5dd4359c5bdae953ff3510c","ssdeep":"192:1qsADVCZHK2StRyByEXkHlXWLH5de6H5wdpAqszyb817bHpy2byTxC:wwU2bbH3iC","tlshash":"2fe1045b4ee30002b913d4397b7b2205322e86578156ed6d7e8dd748cfc16a5c9d2bcd","first_seen":"2024-10-20T23:28:43.055636Z","last_seen":"2026-03-19T01:47:22.828686Z","times_seen":166,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":339,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"babyage0.store","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}