Report - babesnearyou.com/es/multi/ms/2-563719/

Report Overview

Submitted URL
babesnearyou.com/es/multi/ms/2-563719/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 08:30:37
Access
public
Website Title
Sinder
Final URL
babesnearyou.com/es/multi/ms/2-563719/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
babesnearyou.com	unknown	2024-02-14	2015-03-26	2024-04-18	4.3 kB	178 kB	188.114.97.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-23	1.6 kB	86 kB	216.58.207.227
alexatracker.com	unknown	2020-07-27	2020-10-28	2024-04-19	458 B	955 B	104.21.85.99
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-24	460 B	1.9 kB	142.250.74.106
static.production.push-sender.com	unknown	2023-04-06	2023-06-07	2024-04-23	1.4 kB	56 kB	143.204.55.8
zeniocloud.com	unknown	2022-02-15	2022-02-16	2024-04-23	421 B	712 B	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed
2024-04-24	medium	babesnearyou.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	static.production.push-sender.com/mng/subs_window.js?ver=1708012075	20 kB	2023-08-10	2024-05-05
Pretty URL static.production.push-sender.com/mng/subs_window.js?ver=1708012075 IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-10 17:34:39 Last Seen2024-05-05 17:59:07 Times Seen452 Hash e554bff5d51655316050fcc4cbc318eb fd76cffd35b9dd8efd673f9f9531c4416a2137ca d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e Loading...

	babesnearyou.com/es/multi/ms/2-563719/	0 B	2023-03-07	2024-05-06
Pretty URL babesnearyou.com/es/multi/ms/2-563719/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:53:22 Times Seen37373366 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	babesnearyou.com/es/multi/ms/2-563719/js/jquery.min.js	96 kB	2023-03-07	2024-05-05
Pretty URL babesnearyou.com/es/multi/ms/2-563719/js/jquery.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:11 Last Seen2024-05-05 21:57:51 Times Seen15484 Hash f03e5a3bf534f4a738bc350631fd05bd 37b1db88b57438f1072a8ebc7559c909c9d3a682 aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947 Loading...

	babesnearyou.com/es/multi/ms/2-563719/	0 B	2023-03-07	2024-05-06
Pretty URL babesnearyou.com/es/multi/ms/2-563719/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:53:22 Times Seen37373366 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=	0 B	2023-03-07	2024-05-06
Pretty URL alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= IP 104.21.85.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 05:53:22 Times Seen37373366 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	zeniocloud.com/JAIA.js?sub1=babesnearyou.com	601 B	2024-04-14	2024-05-05
Pretty URL zeniocloud.com/JAIA.js?sub1=babesnearyou.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 19:54:14 Last Seen2024-05-05 17:59:07 Times Seen23 Hash 3473dc7b7397c9d72c5f276743fd927c b7b42a6cd6c1998b1f2cb17c9ca51e8663066729 bdca5e46ad5269ddc8c5817c1dd5ddc8068651cea65fb5f15ecda7d1d8560329 Loading...

	static.production.push-sender.com/mng/channels/init.min.js?ver=1708012075	28 kB	2024-02-14	2024-05-05
Pretty URL static.production.push-sender.com/mng/channels/init.min.js?ver=1708012075 IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 21:41:26 Last Seen2024-05-05 17:59:07 Times Seen74 Hash 8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0 Loading...

	babesnearyou.com/es/multi/ms/2-563719/js/main.js	2.6 kB	2023-03-07	2024-05-03
Pretty URL babesnearyou.com/es/multi/ms/2-563719/js/main.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:25 Last Seen2024-05-03 23:10:44 Times Seen6 Hash 4f1a19af02c4cefd171f5e368244fcf2 254a55975406b16e005a475ae7a3054383667058 80d155a88c7230e86188f634b209a46a7d0d0d5ea8762e2bac5593d8551c3863 Loading...

	babesnearyou.com/es/multi/ms/2-563719/js/backoffer.js	430 B	2023-03-07	2024-05-05
Pretty URL babesnearyou.com/es/multi/ms/2-563719/js/backoffer.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-05 17:59:07 Times Seen5844 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

HTTP Transactions (18)

URL IP Response Size

babesnearyou.com/es/multi/ms/2-563719/css/style_ru.css

188.114.97.1

200 OK

6.0 kB

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/css/style_ru.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
ASCII text
Size
6.0 kB (5981 bytes)
Hash
c90698f38bc8f3a87f7842a01b24a0e1
3fedbb08b31f64000280c118ed1fe9b67923aa5e
2a1df40ddc71ac66865591e32a6650d830bb7af136e5eb7b18d78380967ae1a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/css/style_ru.css HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 08:30:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 15 Apr 2024 13:10:03 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmmwTQDPRdPuSXCex%2B6nmrpmAGIygAkk0E17azpp0jbFd1mLXPwJ4euR5rng%2FwARw%2BeSZmzi4rv3HYp9aLBzB99cWbTG5QCZAbJZy4Fp9WUGofE0doPg0X7XbXl2OLzkhmfo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad5f995b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 16:27:38 GMT
expires: Wed, 23 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 57753
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 01:54:31 GMT
expires: Wed, 23 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 110140
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://babesnearyou.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Apr 2024 02:08:09 GMT
expires: Thu, 24 Apr 2025 02:08:09 GMT
cache-control: public, max-age=31536000
age: 22922
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

babesnearyou.com/es/multi/ms/2-563719/images/3.15.jpg

188.114.97.1

200 OK

47 kB

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/images/3.15.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x422, components 3
Size
47 kB (46726 bytes)
Hash
ebb55730fae35fcc243ec112dec7a227
3f4351f39378791302cc5f3663e25f23babda940
307e18933bbbd15a87291e6d16506386ded9d25116e951a23688413a17a76f1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/images/3.15.jpg HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/css/style_ru.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 08:30:11 GMT
content-type: image/jpeg
content-length: 46726
last-modified: Mon, 15 Apr 2024 13:10:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LOHkooSRA6ao%2FXGvzP3DZtO3FzsH1kV0DbJWIf%2BWI%2FUggP5%2FZkLxSQOWw6i%2BNcLM0haIIwHcdYtMfk%2BeqAYZe%2B3xcCZmXDnjNteXFu0H9b2tITrCNCd9Pd6yuMuF1gWoxDHC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8794bad82b66b4f4-OSL
alt-svc: h3=":443"; ma=86400

alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=

104.21.85.99

200 OK

0 B

URL GET HTTP/2
alexatracker.com/jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
104.21.85.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48
ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jscode/JAIA.js?sub1=babesnearyou.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:30:11 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=8c4375a583f2b07dbb48e6352fcbaa81cb54d90e9c4426386d5a293edba4bebaa%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A5694989167191704339%3B%7D; expires=Wed, 29 Apr 2026 08:30:11 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSR2yjuiLQjflMDEWGXWGbhPuqH4pZnvNasvb0KFqdSnpfKXsfVTdYoJL6PRVN27TzV5x4DsOWa5xAgWioSUYQyzOG5ysl6jv%2BuBzeSisgeQ6trTfmLkoARcqcSIXjAoDLc%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8794bad87ae556cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
1.3 kB (1307 bytes)
Hash
29e08a402030fa38901afb1a47798511
a118de06f70fa05f16ad30156887ab008ba2219e
2d281742db3bef231672fb89f4e662b9ea5d9e0269aae585f47a326af40356d7

HTTP Headers

GET /css?family=Roboto+Condensed:400,700|Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 08:30:10 GMT
date: Wed, 24 Apr 2024 08:30:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

babesnearyou.com/favicon.ico

188.114.97.1

404 Not Found

8.6 kB

URL GET HTTP/3
babesnearyou.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
HTML document, ASCII text
Size
8.6 kB (8560 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 24 Apr 2024 08:30:11 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWf47KLf44y99oANAkEfOz25tYtZfuQbEe01HlPPycLmZNOWZsrZ2VH7Q8Xu6H2iuj42V3Qs5lFZ3Dtf64B7cjKPhXdc9r%2FgDb2D7%2FN2C5ppymW3r1rzR8Rymthp%2BMG%2B9%2FH3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad9ed03b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/es/multi/ms/2-563719/images/svg/icon.svg

188.114.97.1

404 Not Found

2.8 kB

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/images/svg/icon.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
HTML document, ASCII text
Size
2.8 kB (2829 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/images/svg/icon.svg HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/css/style_ru.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 24 Apr 2024 08:30:11 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZwjNJnNTzgg3Auxi6FdOmZLtGO2ZyOcfs5pyJ5N9UBnlMH4S54FXQCFC1ZHr8xN%2FD%2BbN0YQzqA9erm%2B5dhiIbOgv08KI8cwSCVKT0GwEoOlNXP8Sl6pU%2F3zIiM72%2BDUhY1ku"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad83b68b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/es/multi/ms/2-563719/

188.114.97.1

200 OK

9.0 kB

URL User Request GET HTTP/2
babesnearyou.com/es/multi/ms/2-563719/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9512), with no line terminators
Size
9.0 kB (9013 bytes)
Hash
e2cd48a7b13b47901fead4163f727316
003ffeaff057409aec1e7973fc584b200409ad37
0b8c3e962e24fbf1d3d05d1f75bfeffcddcebb2c7ceaa222b4feed92849b5a45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/ HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:30:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9lUCipE3%2BZ%2B9NnCJnK5Ur31tz2kDuHcGFg4nMy6Z3tMJC%2FgH3fsMTCz80RB3XP9wj9DiqrNVHCJedP2VVgv%2BKLRun%2FXb3skMbjt8XER1H23PbQy1vL8v8W311n%2BUiTG%2Bkby"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad45a77b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/subs_window.js?ver=1708012075

143.204.55.8

200 OK

20 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.js?ver=1708012075
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type

Size
20 kB (19706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mng/subs_window.js?ver=1708012075 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 24 Apr 2024 02:59:06 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UfmtXq26JZCei3X4eeAq7XZcXdN2Oqp74V6pzoa6w20f3eycTS_MfQ==
age: 19965
X-Firefox-Spdy: h2

zeniocloud.com/JAIA.js?sub1=babesnearyou.com

188.114.97.1

200 OK

0 B

URL GET HTTP/2
zeniocloud.com/JAIA.js?sub1=babesnearyou.com
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerGoogle Trust Services LLC
Subjectzeniocloud.com
FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37
ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /JAIA.js?sub1=babesnearyou.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:30:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: STALE
age: 47636
last-modified: Tue, 23 Apr 2024 19:16:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CL4r6kzDR7CLloKD3eaXCF5d0oyt4YOsF6zVqZvaQ877xJZ3yA8WE4VxFKuLI8Wp0%2BBSBi9BguyIE%2BhPhcc2ykTycaSNxMVP9k%2BJQsDi%2BUlOmnyXhACCihNwIIzWKhXgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8794bad6abfe0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/subs_window.css?ver=1708012075

143.204.55.8

200 OK

7.1 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.css?ver=1708012075
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (7434), with no line terminators
Size
7.1 kB (7130 bytes)
Hash
7edfc18d48d2641549d953ad7b35769d
b57f256b8a85278ce3459c2aac1b517b40889f94
460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968

HTTP Headers

GET /mng/subs_window.css?ver=1708012075 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 24 Apr 2024 05:50:15 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZuQfb02o--0JuwF7Su-LThfcFmAEHBbMCsqyZx78WOOcQKu9_7Yb0A==
age: 21019
X-Firefox-Spdy: h2

babesnearyou.com/es/multi/ms/2-563719/css/flag-icon.css

188.114.97.1

404 Not Found

315 B

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/css/flag-icon.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/css/flag-icon.css HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 24 Apr 2024 08:30:10 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YE6wClDzDA6FIDsXpdWklUyB33VpVro3thrtMPbedbuSdXZaOZhvEmfmmTpCEjI%2Fj4Ol%2FDCF2GumV%2BqFL2C2LinzWgVDQ1vYp%2BhjfYzJ7OQ2dVDGTLrRTQ2ua9J2eifUJ%2Fix"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad5f998b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/es/multi/ms/2-563719/js/jquery.min.js

188.114.97.1

200 OK

96 kB

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/js/jquery.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (32038)
Size
96 kB (95992 bytes)
Hash
f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/js/jquery.min.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 08:30:10 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Mon, 15 Apr 2024 13:10:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DcILoeSlMIZwBv3E%2BcXJVzDuVCbzqUCMyQjKdagwETyVThyIbFJLmNLDBpJYyE%2BNqpmjX6VWqdVi3ne887L1R2jEss7O2dvoOBGx0tmbGiiOo8ByqOMKXnRQswpsoGZbKjzB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad609b4b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

babesnearyou.com/es/multi/ms/2-563719/js/main.js

188.114.97.1

200 OK

2.6 kB

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/js/main.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (2815), with no line terminators
Size
2.6 kB (2551 bytes)
Hash
f9d9ef8b559376697ec5746a332b68d6
0b2c9f539983196028aa96c61d2104d241a969cb
cd6b20ce2179d73cb284f77b08a1a53d59103cae720619deab07398df64a6c1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/js/main.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 08:30:10 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Mon, 15 Apr 2024 13:10:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehlZI5kvw4jcLHOvmQBstc4NDaSy5APAbNCxCskZkDCcVZXfzu0gljfC0t6vrel1TLmw8%2FgNYt6itEti6nBOuB34vGypqCa7LEmDHbmPv3zZKHxioIJjjkIY7jqUZQTB5mSC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad609b9b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/channels/init.min.js?ver=1708012075

143.204.55.8

200 OK

28 kB

URL GET HTTP/2
static.production.push-sender.com/mng/channels/init.min.js?ver=1708012075
IP
143.204.55.8:443
ASN
#16509 AMAZON-02

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
28 kB (27548 bytes)
Hash
8853549c3d94b135cff7696e087dc08f
92ff4b057e92c46752e87b593677e960f80afb09
09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0

HTTP Headers

GET /mng/channels/init.min.js?ver=1708012075 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 24 Apr 2024 06:05:03 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iGJ32_A37AxA1Nr-2TrcOKWKWWX2HYhdD8Rx4I0_JX34yEbr8qpHBA==
age: 9321
X-Firefox-Spdy: h2

babesnearyou.com/es/multi/ms/2-563719/js/backoffer.js

188.114.97.1

200 OK

430 B

URL GET HTTP/3
babesnearyou.com/es/multi/ms/2-563719/js/backoffer.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://babesnearyou.com/es/multi/ms/2-563719/
Certificate
IssuerLet's Encrypt
Subjectbabesnearyou.com
Fingerprint49:6B:C5:D5:40:BC:DF:6C:BD:33:FE:63:8B:2B:77:5B:FE:B9:0E:86
ValiditySat, 13 Apr 2024 21:34:31 GMT - Fri, 12 Jul 2024 21:34:30 GMT

File type
JavaScript source, ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /es/multi/ms/2-563719/js/backoffer.js HTTP/1.1
Host: babesnearyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://babesnearyou.com/es/multi/ms/2-563719/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 08:30:10 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Mon, 15 Apr 2024 13:10:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQbd7W5s2sWgINui1ordDTo3MLyRJtdwfozuavrMabSfW6%2Fl15PFqLqpmi21%2BvxihJYis91f3GlqFiR%2B1DJrhlIQV2TDtMXxRntw5F%2B8078uEGKJUmQzZOCfA9A3ux8gV1U9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8794bad609bab4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML