yourbestmen.life Open in urlscan Pro
31.184.202.105 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=14486&aff_sub3=wv6m7ikbbuuim2qc2ntsfq9s&source=102b4da5128d5db1db...
Effective URL:
https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Submission Tags: @phishunt_io
Submission: On December 22 via api (December 22nd 2021, 10:38:48 am UTC) from DE — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 16 HTTP transactions. The main IP is 31.184.202.105, located in Haarlem, Netherlands and belongs to FASTCONTENT, DE. The main domain is yourbestmen.life.
TLS certificate: Issued by R3 on December 22nd 2021. Valid for: 3 months.

This is the only time yourbestmen.life was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	143.204.98.8 143.204.98.8	16509 (AMAZON-02) (AMAZON-02)
1	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1 13	31.184.202.105 31.184.202.105	209813 (FASTCONTENT) (FASTCONTENT)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
16	5

1 143.204.98.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-8.fra50.r.cloudfront.net

s.slext.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

ckstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 31.184.202.105 (Haarlem, Netherlands) 1 redirects

ASN209813 (FASTCONTENT, DE)

yourbestmen.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	yourbestmen.life 1 redirects yourbestmen.life	195 KB
1	gstatic.com fonts.gstatic.com	24 KB
1	googleapis.com fonts.googleapis.com	857 B
1	ckstatic.com ckstatic.com	7 KB
1	slext.link s.slext.link	2 KB
16	5

	Domain	Requested by
13	yourbestmen.life	1 redirects s.slext.link yourbestmen.life
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	yourbestmen.life
1	ckstatic.com	s.slext.link
1	s.slext.link
16	5

This site contains no links.

Subject Issuer	Validity	Valid
*.ajrkm.link Amazon	`2021-07-01` - `2022-07-30`	a year	crt.sh
ckstatic.com R3	`2021-10-12` - `2022-01-10`	3 months	crt.sh
yourbestmen.life R3	`2021-12-22` - `2022-03-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Frame ID: 77F01F42AC491D4BBBD36C62F16AEDAC
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Finde ein örtliches Sexdate in Frankfurt am Main

Page URL History Show full URLs

https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=14486&aff_sub3=wv6m7ikbbuuim2qc2ntsfq9s&sourc... Page URL
http://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0 HTTP 301
https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

16
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

228 kB
Transfer

491 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=14486&aff_sub3=wv6m7ikbbuuim2qc2ntsfq9s&source=102b4da5128d5db1db470979a33ecd&bo=2772,2771,2770,2769,2768 Page URL
http://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0 HTTP 301
https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 0 Show response
s.slext.link/48332/6104/ 2 KB
2 KB 460ms
409ms Document
text/html 143.204.98.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=14486&aff_sub3=wv6m7ikbbuuim2qc2ntsfq9s&source=102b4da5128d5db1db470979a33ecd&bo=2772,2771,2770,2769,2768

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-8.fra50.r.cloudfront.net

Software

nginx/1.19.0 /

Resource Hash

849900a64e526bb21510a736d77aeee11470f4ccbde97e7675f15db0ffb44642

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
server: nginx/1.19.0
date: Wed, 22 Dec 2021 10:38:43 GMT
vary: Accept-Encoding
tracking_id: 102214f46618914e0c1786775673d4
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 055d899361491602a9ef1eb0cdc5e337.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: c6U6XNFN63W2eQifP4UqczEcXCYRr0g1AoRPw1iW5S3PAZbXJbwjNQ==

GET
H/1.1 200
OK history.js Show response
ckstatic.com/js/historyjs/ 23 KB
7 KB 131ms
26ms Script
text/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ckstatic.com/js/historyjs/history.js
Requested by: Host: s.slext.link
URL: https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=14486&aff_sub3=wv6m7ikbbuuim2qc2ntsfq9s&source=102b4da5128d5db1db470979a33ecd&bo=2772,2771,2770,2769,2768
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.slext.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Dec 2020 12:45:10 GMT
ETag: "1607431510"
X-HW: 1640169523.dop211.ml1.t,1640169523.cds220.ml1.shn,1640169523.dop211.ml1.t,1640169523.cds004.ml1.c
Content-Type: text/javascript
Cache-Control: public, max-age=733
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6880

GET
H/1.1

200
OK

Primary Request / Show response
yourbestmen.life/
Redirect Chain

http://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0

6 KB
6 KB

81ms
25ms

Document
text/html

31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Requested by: Host: s.slext.link
URL: https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=14486&aff_sub3=wv6m7ikbbuuim2qc2ntsfq9s&source=102b4da5128d5db1db470979a33ecd&bo=2772,2771,2770,2769,2768
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 4d514fde1c5c1c12a1eef2aa4c1c1b85dceb01fd15a5ba39c18d0a5c4103555b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Type: text/html
Content-Length: 6068
Connection: keep-alive
cache-control: private
Cache-Control: no-transform

Redirect headers

Server: nginx
Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0

GET
H/1.1 200
OK animate.min.css
yourbestmen.life/media/gay-dating/casualyellow/ 52 KB
4 KB 23ms
23ms Stylesheet
text/css 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/animate.min.css
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:18 GMT
Server: nginx
ETag: W/"60a5fc5a-ce35"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK style.css
yourbestmen.life/media/gay-dating/casualyellow/ 16 KB
3 KB 75ms
21ms Stylesheet
text/css 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 9e564c40e93cda0a49bc0f9f46538d95fe7343c56f3c5ed63fa0c35911163dd3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:18 GMT
Server: nginx
ETag: W/"60a5fc5a-415b"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK js.cookie12.js Show response
yourbestmen.life/cookie/ 4 KB
2 KB 74ms
20ms Script
application/javascript 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/cookie/js.cookie12.js
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: aa5d1b6067126f0258e1eb7d49c12332eada6e0faa6d12780c5c7cceb7c2917b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 05:56:33 GMT
Server: nginx
ETag: W/"60a5fa11-1024"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK utils-gd.js Show response
yourbestmen.life/util/ 5 KB
2 KB 74ms
20ms Script
application/javascript 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/util/utils-gd.js
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 022eba65c89ae881ddd7ec551559b17ba1015651651c8a694f0e8daa00443c69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Mon, 21 Jun 2021 15:49:14 GMT
Server: nginx
ETag: W/"60d0b4fa-14a8"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK script.min.js Show response
yourbestmen.life/media/gay-dating/casualyellow/ 253 KB
70 KB 95ms
40ms Script
application/javascript 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/script.min.js
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 319de1e3cf3481d86391f61bb2d19df584f42ce75803d98f42e381b1f731d5d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Mon, 21 Jun 2021 16:25:57 GMT
Server: nginx
ETag: W/"60d0bd95-3f5ae"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK bbg.js Show response
yourbestmen.life/media/ 1 KB
788 B 75ms
20ms Script
application/javascript 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/media/bbg.js
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 937b56fed15e05e9c90f278f2bef06f3969f3333a0b0d8be998ab22a13f9d673

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 05:56:44 GMT
Server: nginx
ETag: W/"60a5fa1c-46c"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-transform
Connection: close

GET
H2 200 css
fonts.googleapis.com/ 664 B
857 B 37ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&subset=latin-ext

Requested by

Host: yourbestmen.life
URL: https://yourbestmen.life/media/gay-dating/casualyellow/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 10:32:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 22 Dec 2021 10:38:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Dec 2021 10:38:43 GMT

GET
H/1.1 200
OK no.png
yourbestmen.life/media/gay-dating/casualyellow/ 3 KB
3 KB 76ms
21ms Image
image/png 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/no.png
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:18 GMT
Server: nginx
ETag: W/"60a5fc5a-c3e"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK yes.png
yourbestmen.life/media/gay-dating/casualyellow/ 3 KB
4 KB 80ms
25ms Image
image/png 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/yes.png
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:18 GMT
Server: nginx
ETag: W/"60a5fc5a-d98"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK 1.jpg
yourbestmen.life/media/gay-dating/casualyellow/ 94 KB
94 KB 80ms
25ms Image
image/jpeg 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/1.jpg
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 847114c72993c1a2198bc005e59e44b9888f28550849997cb900ea8d743fb047

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:17 GMT
Server: nginx
ETag: W/"60a5fc59-17827"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: no-transform
Connection: close

GET
H/1.1 200
OK pattern.png
yourbestmen.life/media/gay-dating/casualyellow/ 3 KB
3 KB 76ms
22ms Image
image/png 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/pattern.png
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/media/gay-dating/casualyellow/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:43 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:18 GMT
Server: nginx
ETag: W/"60a5fc5a-af1"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: no-transform
Connection: close

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
24 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://yourbestmen.life
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 21:26:28 GMT
x-content-type-options: nosniff
age: 133935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 20 Dec 2022 21:26:28 GMT

GET
H/1.1 200
OK alert.mp3 Show response
yourbestmen.life/media/gay-dating/casualyellow/ 2 KB
2 KB 75ms
21ms XHR
audio/mpeg 31.184.202.105
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://yourbestmen.life/media/gay-dating/casualyellow/alert.mp3
Requested by: Host: yourbestmen.life
URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 31.184.202.105 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 67a6dc7e24f4a3c142724bb37a358037538befb731478c33d58f236ba836ed78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 10:38:44 GMT
Content-Encoding: br
Last-Modified: Thu, 20 May 2021 06:06:17 GMT
Server: nginx
ETag: W/"60a5fc59-97c"
Vary: Accept-Encoding
Content-Type: audio/mpeg
Cache-Control: no-transform
Connection: close

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
s.slext.link/	1970-01-20 17:07:21	Name: enc_aff_session_6104 Value: ENC0388548143a97b7693bb3273d55a95507156c033561b3ffcbdf7b91fd501f5685c856aef03be82fb3e2d6b4a9c67023b2c1959d34f09a83dc79cc78afa1fa9b5bb292adf44a3b8ca86775120b998235a61d7336d08b45c46bff9fb8f03d90fc4681f059dd008d776e261feb17846dc5a29d621971e4dfb0f5b38bd0972410431135067ced7c646a7c099399212e09fbc2cdb1f49438fba27fd4ab5f62fbee657902631cfc9
s.slext.link/	1970-01-21 01:01:45	Name: ho_mob Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ni4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuOTMgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D
yourbestmen.life/	1969-12-31 23:59:59	Name: sid Value: t3~c1s5mscw1ociwodhpqgjgoh3

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0(Line 154) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://yourbestmen.life/?u=775wwwr&o=e66p9zh&t=48332_14486&cid=102214f46618914e0c1786775673d4&p=0&b=0(Line 168) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ckstatic.com
fonts.googleapis.com
fonts.gstatic.com
s.slext.link
yourbestmen.life
143.204.98.8
205.185.216.10
2a00:1450:4001:802::200a
2a00:1450:4001:830::2003
31.184.202.105
022eba65c89ae881ddd7ec551559b17ba1015651651c8a694f0e8daa00443c69
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045
319de1e3cf3481d86391f61bb2d19df584f42ce75803d98f42e381b1f731d5d8
4d514fde1c5c1c12a1eef2aa4c1c1b85dceb01fd15a5ba39c18d0a5c4103555b
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
67a6dc7e24f4a3c142724bb37a358037538befb731478c33d58f236ba836ed78
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
847114c72993c1a2198bc005e59e44b9888f28550849997cb900ea8d743fb047
849900a64e526bb21510a736d77aeee11470f4ccbde97e7675f15db0ffb44642
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
937b56fed15e05e9c90f278f2bef06f3969f3333a0b0d8be998ab22a13f9d673
9e564c40e93cda0a49bc0f9f46538d95fe7343c56f3c5ed63fa0c35911163dd3
aa5d1b6067126f0258e1eb7d49c12332eada6e0faa6d12780c5c7cceb7c2917b
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

yourbestmen.life Open in urlscan Pro 31.184.202.105 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

228 kBTransfer

491 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

3 Cookies

2 Console Messages

Security Headers

Indicators

yourbestmen.life Open in urlscan Pro
31.184.202.105 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

228 kB
Transfer

491 kB
Size

3
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!