| ocsp.r2m03.amazontrust.com/ | 54.230.218.11 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP54.230.218.11:0
Hashfe36a8eed405d5d087aa486ba1fd68ce f7bbb0663a8a3be298aa8d617bc64cefaa679bee dc5ad4bd72115bedd7edd43e09452ff8f4c7258fd382e426f70795650cef48d2
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:37:11 GMT
Last-Modified: Sat, 04 May 2024 16:27:14 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gYg_WW_6mkdXqvUvty-qKnjQlGRcMV0BupK8g0tU44nD_ZIGGsHAWA==
Age: 4197
|
|
| ocsp.r2m03.amazontrust.com/ | 54.230.218.11 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP54.230.218.11:0
Hashfe36a8eed405d5d087aa486ba1fd68ce f7bbb0663a8a3be298aa8d617bc64cefaa679bee dc5ad4bd72115bedd7edd43e09452ff8f4c7258fd382e426f70795650cef48d2
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 17:37:11 GMT
Last-Modified: Sat, 04 May 2024 16:04:38 GMT
Server: ECAcc (amb/6B6A)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Eka0cSWW-w4ZsRwepRJGKNC_KJ2vUcWnNO4yytaIEaIS8x2KZmw0rQ==
Age: 5553
|
|
| fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 | 216.58.207.227 | 200 OK | 19 kB |
URL GET HTTP/2fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP216.58.207.227:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 19172, version 1.0 Hashbc3aa95dca08f5fee5291e34959c27bc 7b7c670ef2f0ba7fc0ce6437e523ccbdc847fde2 8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
GET /s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:31 GMT
expires: Sat, 03 May 2025 16:31:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Jul 2019 03:46:19 GMT
content-type: font/woff2
age: 90341
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= | 104.21.85.99 | 200 OK | 0 B |
URL GET HTTP/2alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= IP104.21.85.99:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerGoogle Trust Services LLC Subjectalexatracker.com Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48 ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:37:12 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=39f6cfc23e5edf83344038d215a0ecd94083cce361f5fa925859010d8d52a3d5a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A6404737327514939976%3B%7D; expires=Sat, 09 May 2026 17:37:12 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RTX6SXsxARCuu974XplEm04Y2IExjQvJMFK6V433PnQdys6ikuyUB05Ramy2eppOTciOHNMq7AsI%2BY37IPYu1T412xaSHI6EVDhs%2BfJOr7KXKwq%2FpunxPdvIQh5VNj4CyyhY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e27a2856ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/eng/multi/ms/2-170101/images/pic.mp4 | 188.114.97.1 | 206 Partial Content | 149 kB |
URL GET HTTP/3babesnearyou.com/eng/multi/ms/2-170101/images/pic.mp4 IP188.114.97.1:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003] Size149 kB (149199 bytes) Hash9958a067600e3071de7d4c6c7454e369 5d53f33501c3d5c5c6eabb3b21f3ac3ee677dc57 dc1efe5d88017ed1caed4d0959c104ad1c05ab6ab3e04ecf3ab2fe5fd0f61e37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/images/pic.mp4 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Sat, 04 May 2024 17:37:12 GMT
content-type: video/mp4
content-length: 1633780
last-modified: Wed, 17 Apr 2024 12:39:28 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
content-range: bytes 0-1633779/1633780
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gCn%2BEuFudHyBb3tVjG5%2FidnMDwOLMNdr0LKChqCra4fs20%2Fr9o7%2BT7sTNeAtuMvaCiR1%2ByveKApDtA5v3XUGCT%2BPW%2Bb4z0uMGg21VrgxsrHZSXNmp%2B%2BEBOXhXdPB%2FkAuI%2BZI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e31f2356aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.production.push-sender.com/mng/subs_window.css?ver=1708011766 | 143.204.55.8 | 200 OK | 7.9 kB |
URL GET HTTP/2static.production.push-sender.com/mng/subs_window.css?ver=1708011766 IP143.204.55.8:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerAmazon Subjectproduction.push-sender.com FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
File typegzip compressed data, from Unix Hashdcd37d6e5639bfb65f621348aad4ef6b f87bd828dff4880d913c97c8cf24e5c8ba94583b df688ccc84c685f70638b99d7ea7b768ed83d7157c38ba9ddbc8706087471615
GET /mng/subs_window.css?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 05:40:39 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8BgDSm1r7ceIS82uEEkZfIWVaNJ84PxX-KHzjv9L9F6JY_v2BvaiLQ==
age: 43501
X-Firefox-Spdy: h2
|
|
| static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766 | 143.204.55.8 | 200 OK | 28 kB |
URL GET HTTP/2static.production.push-sender.com/mng/channels/init.min.js?ver=1708011766 IP143.204.55.8:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerAmazon Subjectproduction.push-sender.com FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0
GET /mng/channels/init.min.js?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 05:40:38 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: edFvSoEmev7UGiP8_knFzEH1kpAPGELXA0LusFdjRwOejKAf9MZ9Zg==
age: 42993
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/eng/multi/ms/2-170101/css/css.1.css | 188.114.97.1 | 200 OK | 1.8 kB |
URL GET HTTP/3babesnearyou.com/eng/multi/ms/2-170101/css/css.1.css IP188.114.97.1:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeASCII text, with very long lines (1882), with no line terminators Hashad2e605954b08678009692ae51985683 0eb5c07c8a57733e9be216dfafc978b9718a5545 fbd847c01bc45df6678da7f512007d60e2b450dab2db18183a7c6c4c4d5ff0b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/css/css.1.css HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/css/style.css?12345678
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:12 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:27 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2npB1Rwb6fSsTcavu6bbOA9595dXkOhL%2BIYFth90Uzn11m%2BQErgvFV2vgxpnoPzMlcZS%2FZMi3jKqo020oS2l41luXgVxNiopoY2pe0v83p%2B8zr2QhX7m1NdPWO9hY%2FDNJy0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e1bcf756aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| babesnearyou.com/eng/multi/ms/2-170101/images/favicon.png | 188.114.97.1 | 200 OK | 9.2 kB |
URL GET HTTP/3babesnearyou.com/eng/multi/ms/2-170101/images/favicon.png IP188.114.97.1:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typePNG image data, 229 x 201, 8-bit/color RGBA, non-interlaced Hashda18af65b565811e055fbf6a65fe73b1 0c682a203f181702b8071b357763da0823b1585d 723f23080f3c415acb82e14a51956fff2463561aa92140665e557651fbf7f6fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/images/favicon.png HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:12 GMT
content-type: image/png
content-length: 9154
last-modified: Wed, 17 Apr 2024 12:39:27 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QN7s17s%2BuqTCavh9HBNTTlQeJlsx3G1IdTWrMMiyDq%2BZW%2FIrJzp83tcc7JdUOqewaXSWtPtprPIfAZ0QNqpY5aIMLuENE9h5oN%2FLK%2BRk6DvCvN6V1wXl1l1yQolzKNZfX6Iw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e50aaf56aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| babesnearyou.com/eng/multi/ms/2-170101/ | 188.114.97.1 | 200 OK | 2.9 kB |
URL User Request GET HTTP/2babesnearyou.com/eng/multi/ms/2-170101/ IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeHTML document, ASCII text, with very long lines (3073), with no line terminators Hash67cabdc5cf036e127f6d798fa202e42e 944e463a97b0a52759520f986f85532a51d3e5a6 c43cad55ede5c8cd6885cc08a0a68712eca7c3df6d0a11d227d4ad700b458804
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/ HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USxTE5snagAqPdFOAGS92cr7lwPBeyd9rM3guKf2Iczhcdl1qPvTd%2FQXsSoQZ6MHENzPuudVN1uUOohYtV3KKTIQvBJmfQME8zdlTiDHfM41RxzuqFrhsUANiWJyAZXncTbc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41de2dfd56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/eng/multi/ms/2-170101/css/style.css?12345678 | 188.114.97.1 | 200 OK | 3.9 kB |
URL GET HTTP/3babesnearyou.com/eng/multi/ms/2-170101/css/style.css?12345678 IP188.114.97.1:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeASCII text, with very long lines (4387), with no line terminators Hashb22aa6895eb8365ced5cd9af0a9db1e7 58ca437e5c7af5078a92daf9feb5185635506482 420ee4bb9d0d58173d39fd2b2e96fe2703dd7f9f13a2664075bac31ae7b27956
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/css/style.css?12345678 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:27 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iEUAkDCNRrrOzgf54DukajBSwGzRfV89Kcau6ck2hnA9WsQKd9kCUPVT6L5bOTkRM9ub0o4Y808S27VKERQF7Y%2BGCbp3ZaFNs2Vrzg0h80LvLl3nPQGrBeWNACBDcRdQb%2BM9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e09aa856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| static.production.push-sender.com/mng/subs_window.js?ver=1708011766 | 143.204.55.8 | 200 OK | 20 kB |
URL GET HTTP/2static.production.push-sender.com/mng/subs_window.js?ver=1708011766 IP143.204.55.8:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerAmazon Subjectproduction.push-sender.com FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mng/subs_window.js?ver=1708011766 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 03:31:09 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: shFAFQEfOhxmfV8CnhyMue6YMo9y8uUn-UcP03Jktk3MsvdV8pbcrg==
age: 50860
X-Firefox-Spdy: h2
|
|
| zeniocloud.com/JAIA.js?sub1=babesnearyou.com | 172.67.168.50 | 200 OK | 0 B |
URL GET HTTP/2zeniocloud.com/JAIA.js?sub1=babesnearyou.com IP172.67.168.50:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerGoogle Trust Services LLC Subjectzeniocloud.com FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37 ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 2370
last-modified: Sat, 04 May 2024 16:57:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aidl45bRayASWUgG2HtRU6yfoZIcHBFX5DaTeYjo7%2Bn%2FP6pZFbA0J1YRpyzCrszaiYsuQCzTgLYYcKnEBAEOsiEzcreh4sL02Mzr9tQtxkLdm0AdlVbtsEESs%2Fi0D0PHIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea41e0dc66b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| babesnearyou.com/eng/multi/ms/2-170101/js/jquery.js | 188.114.97.1 | 200 OK | 88 kB |
URL GET HTTP/3babesnearyou.com/eng/multi/ms/2-170101/js/jquery.js IP188.114.97.1:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeJavaScript source, ASCII text, with very long lines (32042) Hash269aa59eab382fa3aaa418f21d22618f 5a8b67e7c78ea66096f3b404598d246c2aa8e617 5ced49ff396bdb0070d83727ff475375b53a843a8f446ee5041245ec81f6e98e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/js/jquery.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:28 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZx0q8MoImsZDwFxehIlRXxxYc9KcDtcc5Vs7PUWyvCG%2F4Ac0H%2BwxyoIA0WRmX5sNtoJoIVGxQCfj6ryCFlsw5Z3wVSmUqZLEr8XhdmjJIMJHGyOe8PC5JLkNy%2F1X%2Ffn7kbw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e0aacf56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| babesnearyou.com/eng/multi/ms/2-170101/js/backoffer.js | 188.114.97.1 | 200 OK | 430 B |
URL GET HTTP/3babesnearyou.com/eng/multi/ms/2-170101/js/backoffer.js IP188.114.97.1:443
Requested byhttps://babesnearyou.com/eng/multi/ms/2-170101/ CertificateIssuerLet's Encrypt Subjectbabesnearyou.com Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86 ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File typeJavaScript source, ASCII text, with very long lines (430), with no line terminators Hash6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /eng/multi/ms/2-170101/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/multi/ms/2-170101/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 17:37:11 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:39:28 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6IzmdTvBfO75BECXTKc9FIfy1ro%2B2vKzIY8twiS2LcYhOI7qZxYjyCQUoTWTECm0ykXigUbaSw1AM11SPqvhVsO%2FpDsFbVmzMGOKB4k%2BMX2r%2BkRRYl67g5J6OnQuQry%2B3%2B6t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ea41e0aad856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|