Report - babesnearyou.com/eng/multi/ms/2-170101/

Report Overview

Submitted URL
babesnearyou.com/eng/multi/ms/2-170101/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 17:37:37
Access
public
Website Title
WARNING! You will see nude photos.
Final URL
babesnearyou.com/eng/multi/ms/2-170101/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	676 B	1.9 kB	54.230.218.11
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	525 B	20 kB	216.58.207.227
alexatracker.com	unknown	2020-07-27	2020-10-28	2024-04-30	458 B	957 B	104.21.85.99
babesnearyou.com	unknown	2024-02-14	2015-03-26	2024-04-18	3.4 kB	260 kB	188.114.97.1
static.production.push-sender.com	unknown	2023-04-06	2023-06-07	2024-05-02	1.4 kB	57 kB	143.204.55.8
zeniocloud.com	unknown	2022-02-15	2022-02-16	2024-05-03	421 B	707 B	172.67.168.50

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	babesnearyou.com	Sinkholed
2024-05-04	medium	babesnearyou.com	Sinkholed
2024-05-04	medium	babesnearyou.com	Sinkholed
2024-05-04	medium	babesnearyou.com	Sinkholed
2024-05-04	medium	babesnearyou.com	Sinkholed
2024-05-04	medium	babesnearyou.com	Sinkholed
2024-05-04	medium	babesnearyou.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	babesnearyou.com/eng/multi/ms/2-170101/js/backoffer.js	430 B	2023-03-07	2024-05-18
Pretty URL babesnearyou.com/eng/multi/ms/2-170101/js/backoffer.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-18 12:07:17 Times Seen5883 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

	babesnearyou.com/eng/multi/ms/2-170101/	0 B	2023-03-07	2024-05-18
Pretty URL babesnearyou.com/eng/multi/ms/2-170101/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 12:56:12 Times Seen37785407 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=	0 B	2023-03-07	2024-05-18
Pretty URL alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= IP 104.21.85.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 12:56:12 Times Seen37785407 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	zeniocloud.com/JAIA.js?sub1=babesnearyou.com	601 B	2024-04-14	2024-05-18
Pretty URL zeniocloud.com/JAIA.js?sub1=babesnearyou.com IP 172.67.168.50 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 19:54:14 Last Seen2024-05-18 12:07:16 Times Seen39 Hash 3473dc7b7397c9d72c5f276743fd927c b7b42a6cd6c1998b1f2cb17c9ca51e8663066729 bdca5e46ad5269ddc8c5817c1dd5ddc8068651cea65fb5f15ecda7d1d8560329 Loading...

	static.production.push-sender.com/mng/subs_window.js?ver=1708011766	20 kB	2023-08-10	2024-05-18
Pretty URL static.production.push-sender.com/mng/subs_window.js?ver=1708011766 IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-10 17:34:39 Last Seen2024-05-18 12:07:16 Times Seen474 Hash e554bff5d51655316050fcc4cbc318eb fd76cffd35b9dd8efd673f9f9531c4416a2137ca d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e Loading...

	static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766	28 kB	2024-02-14	2024-05-18
Pretty URL static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766 IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 21:41:26 Last Seen2024-05-18 12:07:17 Times Seen118 Hash 8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0 Loading...

	babesnearyou.com/eng/multi/ms/2-170101/	0 B	2023-03-07	2024-05-18
Pretty URL babesnearyou.com/eng/multi/ms/2-170101/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 12:56:12 Times Seen37785407 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	babesnearyou.com/eng/multi/ms/2-170101/js/jquery.js	88 kB	2023-03-07	2024-05-17
Pretty URL babesnearyou.com/eng/multi/ms/2-170101/js/jquery.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-05-17 12:44:58 Times Seen117 Hash 269aa59eab382fa3aaa418f21d22618f 5a8b67e7c78ea66096f3b404598d246c2aa8e617 5ced49ff396bdb0070d83727ff475375b53a843a8f446ee5041245ec81f6e98e Loading...

HTTP Transactions (15)

URL IP Response Size

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
fe36a8eed405d5d087aa486ba1fd68ce
f7bbb0663a8a3be298aa8d617bc64cefaa679bee
dc5ad4bd72115bedd7edd43e09452ff8f4c7258fd382e426f70795650cef48d2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:37:11 GMT
Last-Modified: Sat, 04 May 2024 16:27:14 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gYg_WW_6mkdXqvUvty-qKnjQlGRcMV0BupK8g0tU44nD_ZIGGsHAWA==
Age: 4197

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
fe36a8eed405d5d087aa486ba1fd68ce
f7bbb0663a8a3be298aa8d617bc64cefaa679bee
dc5ad4bd72115bedd7edd43e09452ff8f4c7258fd382e426f70795650cef48d2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:37:11 GMT
Last-Modified: Sat, 04 May 2024 16:04:38 GMT
Server: ECAcc (amb/6B6A)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Eka0cSWW-w4ZsRwepRJGKNC_KJ2vUcWnNO4yytaIEaIS8x2KZmw0rQ==
Age: 5553

fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19172, version 1.0
Size
19 kB (19172 bytes)
Hash
bc3aa95dca08f5fee5291e34959c27bc
7b7c670ef2f0ba7fc0ce6437e523ccbdc847fde2
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

HTTP Headers

GET /s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:31 GMT
expires: Sat, 03 May 2025 16:31:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Jul 2019 03:46:19 GMT
content-type: font/woff2
age: 90341
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=

104.21.85.99

200 OK

0 B

URL GET HTTP/2
alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
104.21.85.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48
ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:37:12 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=39f6cfc23e5edf83344038d215a0ecd94083cce361f5fa925859010d8d52a3d5a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A6404737327514939976%3B%7D; expires=Sat, 09 May 2026 17:37:12 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RTX6SXsxARCuu974XplEm04Y2IExjQvJMFK6V433PnQdys6ikuyUB05Ramy2eppOTciOHNMq7AsI%2BY37IPYu1T412xaSHI6EVDhs%2BfJOr7KXKwq%2FpunxPdvIQh5VNj4CyyhY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e27a2856ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/2-170101/images/pic.mp4

188.114.97.1

206 Partial Content

149 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/2-170101/images/pic.mp4
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
149 kB (149199 bytes)
Hash
9958a067600e3071de7d4c6c7454e369
5d53f33501c3d5c5c6eabb3b21f3ac3ee677dc57
dc1efe5d88017ed1caed4d0959c104ad1c05ab6ab3e04ecf3ab2fe5fd0f61e37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/images/pic.mp4 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Sat, 04 May 2024 17:37:12 GMT
content-type: video/mp4
content-length: 1633780
last-modified: Wed, 17 Apr 2024 12:39:28 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 0-1633779/1633780
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gCn%2BEuFudHyBb3tVjG5%2FidnMDwOLMNdr0LKChqCra4fs20%2Fr9o7%2BT7sTNeAtuMvaCiR1%2ByveKApDtA5v3XUGCT%2BPW%2Bb4z0uMGg21VrgxsrHZSXNmp%2B%2BEBOXhXdPB%2FkAuI%2BZI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e31f2356aa-OSL
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/subs_window.css?ver=1708011766

143.204.55.8

200 OK

7.9 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.css?ver=1708011766
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
7.9 kB (7897 bytes)
Hash
dcd37d6e5639bfb65f621348aad4ef6b
f87bd828dff4880d913c97c8cf24e5c8ba94583b
df688ccc84c685f70638b99d7ea7b768ed83d7157c38ba9ddbc8706087471615

HTTP Headers

GET /mng/subs_window.css?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 05:40:39 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8BgDSm1r7ceIS82uEEkZfIWVaNJ84PxX-KHzjv9L9F6JY_v2BvaiLQ==
age: 43501
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766

143.204.55.8

200 OK

28 kB

URL GET HTTP/2
static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
28 kB (27548 bytes)
Hash
8853549c3d94b135cff7696e087dc08f
92ff4b057e92c46752e87b593677e960f80afb09
09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0

HTTP Headers

GET /mng/channels/init.min.js?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 05:40:38 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: edFvSoEmev7UGiP8_knFzEH1kpAPGELXA0LusFdjRwOejKAf9MZ9Zg==
age: 42993
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/2-170101/css/css.1.css

188.114.97.1

200 OK

1.8 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/2-170101/css/css.1.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
ASCII text, with very long lines (1882), with no line terminators
Size
1.8 kB (1842 bytes)
Hash
ad2e605954b08678009692ae51985683
0eb5c07c8a57733e9be216dfafc978b9718a5545
fbd847c01bc45df6678da7f512007d60e2b450dab2db18183a7c6c4c4d5ff0b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/css/css.1.css HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/css/style.css?12345678
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:12 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:27 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2npB1Rwb6fSsTcavu6bbOA9595dXkOhL%2BIYFth90Uzn11m%2BQErgvFV2vgxpnoPzMlcZS%2FZMi3jKqo020oS2l41luXgVxNiopoY2pe0v83p%2B8zr2QhX7m1NdPWO9hY%2FDNJy0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e1bcf756aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/2-170101/images/favicon.png

188.114.97.1

200 OK

9.2 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/2-170101/images/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
PNG image data, 229 x 201, 8-bit/color RGBA, non-interlaced
Size
9.2 kB (9154 bytes)
Hash
da18af65b565811e055fbf6a65fe73b1
0c682a203f181702b8071b357763da0823b1585d
723f23080f3c415acb82e14a51956fff2463561aa92140665e557651fbf7f6fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/images/favicon.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:12 GMT
content-type: image/png
content-length: 9154
last-modified: Wed, 17 Apr 2024 12:39:27 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QN7s17s%2BuqTCavh9HBNTTlQeJlsx3G1IdTWrMMiyDq%2BZW%2FIrJzp83tcc7JdUOqewaXSWtPtprPIfAZ0QNqpY5aIMLuENE9h5oN%2FLK%2BRk6DvCvN6V1wXl1l1yQolzKNZfX6Iw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e50aaf56aa-OSL
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/2-170101/

188.114.97.1

200 OK

2.9 kB

URL User Request GET HTTP/2
babesnearyou.com/eng/multi/ms/2-170101/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
HTML document, ASCII text, with very long lines (3073), with no line terminators
Size
2.9 kB (2889 bytes)
Hash
67cabdc5cf036e127f6d798fa202e42e
944e463a97b0a52759520f986f85532a51d3e5a6
c43cad55ede5c8cd6885cc08a0a68712eca7c3df6d0a11d227d4ad700b458804

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/ HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USxTE5snagAqPdFOAGS92cr7lwPBeyd9rM3guKf2Iczhcdl1qPvTd%2FQXsSoQZ6MHENzPuudVN1uUOohYtV3KKTIQvBJmfQME8zdlTiDHfM41RxzuqFrhsUANiWJyAZXncTbc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41de2dfd56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/2-170101/css/style.css?12345678

188.114.97.1

200 OK

3.9 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/2-170101/css/style.css?12345678
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
ASCII text, with very long lines (4387), with no line terminators
Size
3.9 kB (3922 bytes)
Hash
b22aa6895eb8365ced5cd9af0a9db1e7
58ca437e5c7af5078a92daf9feb5185635506482
420ee4bb9d0d58173d39fd2b2e96fe2703dd7f9f13a2664075bac31ae7b27956

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/css/style.css?12345678 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:27 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iEUAkDCNRrrOzgf54DukajBSwGzRfV89Kcau6ck2hnA9WsQKd9kCUPVT6L5bOTkRM9ub0o4Y808S27VKERQF7Y%2BGCbp3ZaFNs2Vrzg0h80LvLl3nPQGrBeWNACBDcRdQb%2BM9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e09aa856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/subs_window.js?ver=1708011766

143.204.55.8

200 OK

20 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.js?ver=1708011766
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type

Size
20 kB (19706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mng/subs_window.js?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 03:31:09 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: shFAFQEfOhxmfV8CnhyMue6YMo9y8uUn-UcP03Jktk3MsvdV8pbcrg==
age: 50860
X-Firefox-Spdy: h2

zeniocloud.com/JAIA.js?sub1=babesnearyou.com

172.67.168.50

200 OK

0 B

URL GET HTTP/2
zeniocloud.com/JAIA.js?sub1=babesnearyou.com
IP
172.67.168.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerGoogle Trust Services LLC
Subjectzeniocloud.com
FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37
ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 2370
last-modified: Sat, 04 May 2024 16:57:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aidl45bRayASWUgG2HtRU6yfoZIcHBFX5DaTeYjo7%2Bn%2FP6pZFbA0J1YRpyzCrszaiYsuQCzTgLYYcKnEBAEOsiEzcreh4sL02Mzr9tQtxkLdm0AdlVbtsEESs%2Fi0D0PHIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e0dc66b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

babesnearyou.com/eng/multi/ms/2-170101/js/jquery.js

188.114.97.1

200 OK

88 kB

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/2-170101/js/jquery.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (32042)
Size
88 kB (87823 bytes)
Hash
269aa59eab382fa3aaa418f21d22618f
5a8b67e7c78ea66096f3b404598d246c2aa8e617
5ced49ff396bdb0070d83727ff475375b53a843a8f446ee5041245ec81f6e98e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/js/jquery.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:28 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZx0q8MoImsZDwFxehIlRXxxYc9KcDtcc5Vs7PUWyvCG%2F4Ac0H%2BwxyoIA0WRmX5sNtoJoIVGxQCfj6ryCFlsw5Z3wVSmUqZLEr8XhdmjJIMJHGyOe8PC5JLkNy%2F1X%2Ffn7kbw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e0aacf56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/eng/multi/ms/2-170101/js/backoffer.js

188.114.97.1

200 OK

430 B

URL GET HTTP/3
babesnearyou.com/eng/multi/ms/2-170101/js/backoffer.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/eng/multi/ms/2-170101/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eng/multi/ms/2-170101/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:28 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6IzmdTvBfO75BECXTKc9FIfy1ro%2B2vKzIY8twiS2LcYhOI7qZxYjyCQUoTWTECm0ykXigUbaSw1AM11SPqvhVsO%2FpDsFbVmzMGOKB4k%2BMX2r%2BkRRYl67g5J6OnQuQry%2B3%2B6t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e0aad856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML