babesnearyou.com/eng/gr1/2-201102/images/Loader.gif
104.21.1.57200 OK 24 kB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/images/Loader.gif
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type GIF image data, version 89a, 198 x 194
Hash 3b52fbfb4a0a69f3596cf8b99dd666ee
fe4274510ec7c40b020a319832c7d9430495bdf9
f9b4aaf63dd45cda6d9d20f00235b9955054ab7f78343657d7e4fd8a8725df50
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/images/Loader.gif HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:27 GMT
content-type: image/gif
content-length: 24210
last-modified: Wed, 17 Apr 2024 12:38:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5jKFOICcLXj28YotnUN%2FnCVuIw2APLGojEXNM32Tlha9oZO1%2B6uPvUcifTO2cYgWWdzWVVfjNuk0nlcdg7Fv1nuvkyM01rWz49V%2FOvxGlsBC1yXN%2B0nm9fal5lvV9UjVKO3I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876316445a96b4ff-OSL
alt-svc: h3=":443"; ma=86400
babesnearyou.com/eng/gr1/2-201102/images/gif.gif
104.21.1.57200 OK 2.3 MB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/images/gif.gif
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type GIF image data, version 89a, 360 x 640
Size 2.3 MB (2348893 bytes)
Hash af6bc4a5332ff9851b5b8d817ee10f1a
ae05263b45543bbef0743bbb9fe7f0d6150646f8
e63091a2e50240b7ca0b66daa2c6c15587efa099bc9321f86622e476da3b1b38
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/images/gif.gif HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: image/gif
content-length: 2348893
last-modified: Wed, 17 Apr 2024 12:38:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YDJRisv108Rh14Ff26u8KCVU%2BjOuU3gFXqPot0gkeFtji8WC2edm6%2FQEly2%2BGLqQ3wX2F%2FcqZ4fVa1Dgt8vPMB9CZeFbQZ0OiQ8%2B1JowzA7AyPMQZt%2BQyC5m7nZlZ9bPm1h5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876316445a90b4ff-OSL
alt-svc: h3=":443"; ma=86400
alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=
172.67.204.112200 OK 0 B URL GET HTTP/2 alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=
IP 172.67.204.112:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48
ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=43a15dedb630d4f1c0a02289f90da45ae0c5d630cfcfb891689a8ace2dd7c9c1a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A1748238423478555060%3B%7D; expires=Thu, 23 Apr 2026 07:54:28 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VC%2F%2BKNvqd8cnPRzqywDm3o2ZafPAyU5bPBvv1ZQart%2BM07Db%2FQbwLVy4NlUUWze44A6UyPs48lAAzw9LqaHrlCsIoyq51fZ18G2gCdKmjJIpGjHw95FDypYrG8y1q9W%2FPvtJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763164878e556bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
babesnearyou.com/eng/gr1/2-201102/css/centurygothic-bold.ttf
104.21.1.57200 OK 130 kB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/css/centurygothic-bold.ttf
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 71 names, Macintosh, Typeface � The Monotype Corporation plc. Data � The Monotype Corporation plc / Type Solutions In
Size 130 kB (129676 bytes)
Hash bc420c1c2b98e2ee8b2a75c1ce1fe083
6e1179475f9a806d6a77ac475c1cb405e12f577a
90cb613b492874a560c0ff18a3402b1d24fb7e846dff11295d5c4644d6c75e83
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/css/centurygothic-bold.ttf HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/gr1/2-201102/css/66d97eef242c2f5579e76b7193274c26.css?1565960495
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: font/ttf
last-modified: Wed, 17 Apr 2024 12:38:07 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E8W77hPqHnTu%2F5Au9PRLJHrp4sQs5idP%2BlvKDedz0G0%2FFkcNcLHhLoEysCc5COus7bJ4LCKLGvpUwavKiTYkG5Nj%2BomWA%2FilNE%2FUqpwOudRf3rXjL1%2BQqO1mdJnf5YcVIair"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876316485a09b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
babesnearyou.com/eng/gr1/2-201102/
104.21.1.57200 OK 15 kB URL User Request GET HTTP/2 babesnearyou.com/eng/gr1/2-201102/
IP 104.21.1.57:443
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type HTML document, ASCII text
Hash cf20f66ff6dce2a7e74e3c0d0df8c6c4
3f5d886544d2274c8468214aa14863d06ad8331d
2245564efc9d4852e6b1373810a12584ab3d56d07f93fa5657163dc2ade9c3a3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/ HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:54:27 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3H3aV6281RKuzir57dOS44EXA1bbJNlxWNtUoIAZdk%2FZuhMDDpbWvcsgv%2BH9iA3g3pvtWfATN%2BaHi6zY3%2BD3JMOI5JczidifvePT%2BtS5bE%2F4CxK8o4eXxKYELCdMkqX1Nvao"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876316423bfc7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
babesnearyou.com/eng/gr1/2-201102/css/66d97eef242c2f5579e76b7193274c26.css?1565960495
104.21.1.57200 OK 6.1 kB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/css/66d97eef242c2f5579e76b7193274c26.css?1565960495
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type ASCII text, with very long lines (6405), with no line terminators
Hash cf579e3b8abaa804f1c863aed4114a14
0dd1d93aecc82c1a3a831943464cbe22eacfe3a2
abb7689cfb8226765fa3a31524e1dc3bac52a54311e0d953cbe917e6565fd983
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/css/66d97eef242c2f5579e76b7193274c26.css?1565960495 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:27 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:38:07 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8vkivGEinDnjKOyKEE1zcyagnX%2FDW1PfptMQjw%2FRDVAteoABEGHg%2Fj6gVONopt9t5ls1xgHUlAGmkWVT91P%2BFUmaHSrpxkssqi4obJ2H9hEZ5ZxDrqxnvm4%2FnbAYB1syTgQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876316444a71b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
zeniocloud.com/JAIA.js?sub1=babesnearyou.com
188.114.96.1200 OK 0 B URL GET HTTP/2 zeniocloud.com/JAIA.js?sub1=babesnearyou.com
IP 188.114.96.1:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerGoogle Trust Services LLC
Subjectzeniocloud.com
FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37
ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 18 Apr 2024 04:23:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BN74sgH7euJf9TvS%2FisNop1Fp4OROm7soR2i5nFqi0Y3czi9PFFeQ73KcbrimRVBrHapIFL%2F6cYqvyIzw57SwgWUC0MnmmJrZlzNcN2jQ9nvSjDKobVwpQGy%2BxzAGopo6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87631644cdf45690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.production.push-sender.com/mng/channels/init.min.js?ver=1709284333
143.204.55.82200 OK 28 kB URL GET HTTP/2 static.production.push-sender.com/mng/channels/init.min.js?ver=1709284333
IP 143.204.55.82:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
File type JavaScript source, ASCII text
Hash 8853549c3d94b135cff7696e087dc08f
92ff4b057e92c46752e87b593677e960f80afb09
09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0
GET /mng/channels/init.min.js?ver=1709284333 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Thu, 18 Apr 2024 04:37:40 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iYrP303zvJArBoJ83JMqeKr-azXXzighVygClRhnD8xhT2u5kAWezA==
age: 16209
X-Firefox-Spdy: h2
static.production.push-sender.com/mng/subs_window.js?ver=1709284333
143.204.55.82200 OK 20 kB URL GET HTTP/2 static.production.push-sender.com/mng/subs_window.js?ver=1709284333
IP 143.204.55.82:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mng/subs_window.js?ver=1709284333 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Thu, 18 Apr 2024 01:51:58 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qpbD_WuW-jWkE2fVzgf-qKZ98BkVWyBcLZt6mXIVk1JuTF8HssxL6g==
age: 21779
X-Firefox-Spdy: h2
babesnearyou.com/eng/gr1/2-201102/js/backoffer.js
104.21.1.57200 OK 430 B URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/js/backoffer.js
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type JavaScript source, ASCII text, with very long lines (430), with no line terminators
Hash 6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:27 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:38:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=42A0tjnHmh7h1Jlyy891LljgnHlhPTaHishd9giGqZwgS64z6N3mKg85Dn0m16po1VLyKJAGrSneY2C74C4%2BwgelwZB9wkjYtgMTAG4aBkTrCMSN9TQNXLWFYQAnkjKsAGYl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876316445aa1b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
babesnearyou.com/eng/gr1/2-201102/css/centurygothic.ttf
104.21.1.57200 OK 138 kB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/css/centurygothic.ttf
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 47 names, Macintosh, Typeface � The Monotype Corporation plc. Data � The Monotype Corporation plc / Type Solutions In
Size 138 kB (137568 bytes)
Hash cfce6abbbff0099b15691345d8b94dcc
a2f9ca2ae529a6cc03cad88fefb0a0e45b7046f4
3a9cbb5d75b2a2b0d22dc94571608e4e9dc7b88e825374985880c5722c1c9e5f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/css/centurygothic.ttf HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/eng/gr1/2-201102/css/66d97eef242c2f5579e76b7193274c26.css?1565960495
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: font/ttf
last-modified: Wed, 17 Apr 2024 12:38:07 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vsRTSx8cZ9i7CJXloArQiexdvIGF%2ByEBuyQPrJEQ2%2B0DcLCoap8NJdcLVNnD6O5KdwQ2Bd8JgSlxG%2B6FS7pgepuGL8uPNN0I3BmhC7lSSEgnWaQR3jSFER6K51395jDoAnCm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876316484a01b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
babesnearyou.com/eng/gr1/2-201102/images/favicon.ico
104.21.1.57200 OK 4.1 kB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/images/favicon.ico
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 4cdf3256cd7b8ec3917adb79d6bf457e
bc615337e9223183a126c8fb649774866fb53e69
fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/images/favicon.ico HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:38:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ai82hIGX2CRRx8vculuYuAf4txwl8BtkxxYhlGqhEqi0Zo2fWSeZ7HSAcpEMGFyBESsuH8U%2B94mPzwyc30yxgYghUK7cgPUij5NfxAX%2FHL0vRU6vp1j%2BJK2MQJNXk1Xo1Jdc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763164a0d24b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
babesnearyou.com/eng/gr1/2-201102/js/jquery.min.js?1
104.21.1.57200 OK 90 kB URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/js/jquery.min.js?1
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type JavaScript source, ASCII text, with very long lines (65451)
Hash 2638d1d30825ceeafa9ebe92cc8b5b14
d695a32237c98ae7bcf0eaa651b39cddbc839efc
d474183d02bcc95f1a9b3a6b3d63525909b06506e4116dbd99dd12fddb1b1a2d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/js/jquery.min.js?1 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:28 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:38:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=br232Gj2WH%2FREupDKRT9V9L120ArNbifg7Qgo9kWkLn3LVYjNBGCvCir3q9BIjTSPfkH4jDqo6xmxKJKw5U8d7IgO2ybr88XzwVkveOaYXhslNgmZewKSjjWj3VgE%2B2Y4Obq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876316444a75b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
babesnearyou.com/eng/gr1/2-201102/js/script2.js?1565960495
104.21.1.57200 OK 978 B URL GET HTTP/3 babesnearyou.com/eng/gr1/2-201102/js/script2.js?1565960495
IP 104.21.1.57:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT
File type JavaScript source, ASCII text, with very long lines (1154), with no line terminators
Hash 44c3ac222e94d4f15e7b36c4f001cfe1
1b71823d9972d58c34822d57e2009759a37cbd4f
259e251f591d309625722b7156c06ee8fbdf4df30e06f02b4c794cb7833e79c7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /eng/gr1/2-201102/js/script2.js?1565960495 HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesnearyou.com/eng/gr1/2-201102/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:54:27 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 17 Apr 2024 12:38:09 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5meUAH0CWdMYFOGkNiUV9gx9MgUiOwnThkz8XYZIGopXVSNAjv2XHf%2BfcvCvOYAIn9guK2lW1U5wiji99tAINqkGiS4%2Bp8V4s%2FfgUTD%2BiUc35NRzOFkHsbyfQzleapkta%2BeT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876316444a77b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
static.production.push-sender.com/mng/subs_window.css?ver=1709284333
143.204.55.82200 OK 7.1 kB URL GET HTTP/2 static.production.push-sender.com/mng/subs_window.css?ver=1709284333
IP 143.204.55.82:443
Requested by https://babesnearyou.com/eng/gr1/2-201102/
Certificate IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (7434), with no line terminators
Hash 7edfc18d48d2641549d953ad7b35769d
b57f256b8a85278ce3459c2aac1b517b40889f94
460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968
GET /mng/subs_window.css?ver=1709284333 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Thu, 18 Apr 2024 05:29:55 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HcQDgru3vJObB2TDFwQZ1OLyj-zp4RkIS5xTpIVYDWDDRDZraicIbQ==
age: 17767
X-Firefox-Spdy: h2