www1.watchmygirlfriend.to

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 108.170.27.42, located in Phoenix, United States and belongs to SSASN2 - SECURED SERVERS LLC, US. The main domain is www1.watchmygirlfriend.to.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 22nd 2019. Valid for: 3 months.

This is the only time www1.watchmygirlfriend.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	80.82.70.217 80.82.70.217	202425 (INT-NETWORK) (INT-NETWORK)
2	2606:4700:30:... 2606:4700:30::6812:2cb2	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 2	23.235.244.224 23.235.244.224	20454 (SSASN2) (SSASN2 - SECURED SERVERS LLC)
2	108.170.27.42 108.170.27.42	20454 (SSASN2) (SSASN2 - SECURED SERVERS LLC)
5	4

1 80.82.70.217 (Anse aux Pins, Seychelles) 1 redirects

ASN202425 (INT-NETWORK, SC)
PTR: no-reverse-dns-configured.com

notbaduploads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:30::6812:2cb2 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

sometraf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.235.244.224 (Phoenix, United States) 1 redirects

ASN20454 (SSASN2 - SECURED SERVERS LLC, US)

prpops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.170.27.42 (Phoenix, United States)

ASN20454 (SSASN2 - SECURED SERVERS LLC, US)

www1.watchmygirlfriend.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	watchmygirlfriend.to www1.watchmygirlfriend.to	4 KB
2	prpops.com 1 redirects prpops.com	10 KB
2	sometraf.com sometraf.com	1 KB
1	notbaduploads.com 1 redirects notbaduploads.com	663 B
5	4

	Domain	Requested by
2	www1.watchmygirlfriend.to	prpops.com www1.watchmygirlfriend.to
2	prpops.com	1 redirects sometraf.com
2	sometraf.com	sometraf.com
1	notbaduploads.com	1 redirects
5	4

This site contains no links.

Subject Issuer	Validity	Valid
watchmygirlfriend.to Let's Encrypt Authority X3	`2019-08-22` - `2019-11-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www1.watchmygirlfriend.to/video.php
Frame ID: 9CE55B12BC9EE4955A3CE83C3BF7D998
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://notbaduploads.com/ HTTP 302
http://sometraf.com/12.html Page URL
http://sometraf.com/default.html Page URL
http://prpops.com/p/kju1/direct Page URL
http://prpops.com/p/kju1/direct?prc_c=1566658976&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9zb21... HTTP 302
https://www1.watchmygirlfriend.to/video.php Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

5
Requests

40 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

15 kB
Transfer

32 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://notbaduploads.com/ HTTP 302
http://sometraf.com/12.html Page URL
http://sometraf.com/default.html Page URL
http://prpops.com/p/kju1/direct Page URL
http://prpops.com/p/kju1/direct?prc_c=1566658976&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9zb21ldHJhZi5jb21cL2RlZmF1bHQuaHRtbCIsIkhUVFBfVVNFUl9BR0VOVCI6Ik1vemlsbGFcLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC83NC4wLjM3MjkuMTY5IFNhZmFyaVwvNTM3LjM2In0=&prc_h=88fb4ae6a7521b75819e78173c6f8273aaaebbfe29ad5d298e586deec685abcd&pr_tsid=c7633fa979351ed8252c8c74178cde5690e89e13e79603cbc5b86db3749c799b&pr_tsids=0cb1505d1b4dbe135bb1f8c214384c0219d1bfe33634cd8d61fdac0523c9fe0e&prc_obfjs=28b8625195d037b7d3e7862fb5d9099b4046adb56548149a0ad2f0bad8ea96b3&prc_isIframe1=false&prc_jw=1600&prc_jh=1200&prc_jow=1600&prc_joh=1200&prc_jsw=1600&prc_jsh=1200&prc_jwaw=1600&prc_jwah=1200&prc_jnp=Linux%20x86_64&prc_jnv=Google%20Inc.&prc_jcp=0&prc_jp=0&prc_jpc=0&prc_jfp=0&prc_isPhantomJS=50&prc_PhantomJSDetail=32&prc_isHeadlessChrome=100&prc_HeadlessChromeDetail=66 HTTP 302
https://www1.watchmygirlfriend.to/video.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://notbaduploads.com/ HTTP 302
http://sometraf.com/12.html

5 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set 12.html Show response sometraf.com/ Redirect Chain http://notbaduploads.com/ http://sometraf.com/12.html	258 B 697 B	67ms 41ms	Document text/html	2606:4700:30::6812:2cb2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://sometraf.com/12.html Protocol HTTP/1.1 Server 2606:4700:30::6812:2cb2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `b08e43b33637aaacd0587d2d699b1954ab8bed0bdaebff3862619e7de538d8ba` Request headers Host sometraf.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 24 Aug 2019 15:02:55 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d1eb45da22cc2dd114c78075d8002ec181566658975; expires=Sun, 23-Aug-20 15:02:55 GMT; path=/; domain=.sometraf.com; HttpOnly jwyds=rA4cADEyAAIADgCfUWFd__.fUWFdQAABAAAAn1FhXQA-; expires=Sun, 23-Aug-2020 15:02:55 GMT; path=/; domain=sometraf.com Server cloudflare CF-RAY 50b635c7c9fc59d6-VIE Content-Encoding gzip Redirect headers Server nginx Date Sat, 24 Aug 2019 15:02:55 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Keep-Alive timeout=60 Set-Cookie user_var=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ from=noref; expires=Sun, 25-Aug-2019 15:02:52 GMT; Max-Age=86400; path=/ lfrom=noref; expires=Sun, 25-Aug-2019 15:02:52 GMT; Max-Age=86400; path=/ idcheck=1566658972; expires=Sun, 25-Aug-2019 15:02:52 GMT; Max-Age=86400; path=/ index_page=1; expires=Sun, 25-Aug-2019 15:02:52 GMT; Max-Age=86400; path=/ Location http://sometraf.com/12.html
GET H/1.1	200 OK	Cookie set default.html sometraf.com/	255 B 582 B	39ms 39ms	Document text/html	2606:4700:30::6812:2cb2 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://sometraf.com/default.html Requested by Host: sometraf.com URL: http://sometraf.com/12.html Protocol HTTP/1.1 Server 2606:4700:30::6812:2cb2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers Host sometraf.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://sometraf.com/12.html Accept-Encoding gzip, deflate Cookie __cfduid=d1eb45da22cc2dd114c78075d8002ec181566658975; jwyds=rA4cADEyAAIADgCfUWFd__.fUWFdQAABAAAAn1FhXQA- Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://sometraf.com/12.html Response headers Date Sat, 24 Aug 2019 15:02:56 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie jwyds=K3QyADEyAAIADgCfUWFd__.fUWFdQAABAAAAn1FhXWRlZmF1bHQAAgAHAKBRYV3__6BRYV0A; expires=Sun, 23-Aug-2020 15:02:56 GMT; path=/; domain=sometraf.com Server cloudflare CF-RAY 50b635c80a1859d6-VIE Content-Encoding gzip
GET H/1.1	200 OK	Cookie set direct prpops.com/p/kju1/	22 KB 9 KB	333ms 169ms	Document text/html	23.235.244.224 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL http://prpops.com/p/kju1/direct Requested by Host: sometraf.com URL: http://sometraf.com/default.html Protocol HTTP/1.1 Server 23.235.244.224 Phoenix, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / Resource Hash Request headers Host prpops.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://sometraf.com/default.html Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://sometraf.com/default.html Response headers Server nginx Date Sat, 24 Aug 2019 15:02:56 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie woa1quur7O=ac2e018f0f47b5ad5c6c448e0b668781427dfeb8dfd9bde2a3dd9912a04069a67c574e787b9bf79ba3d68379afdf63dbba51556ac7c6b25cd473ef6bc19a124e; expires=Thu, 20-Feb-2020 15:02:56 GMT; Max-Age=15552000 biscuit_suus99w8=598c6ce7749f89fbf7aacfc27f408a649a63bd4dee1f334d13dab59e10759137; expires=Sat, 24-Aug-2019 15:03:56 GMT; Max-Age=60 Cache-Control no-cache, must-revalidate, no-transform Expires Tue, 31 Dec 2013 23:59:59 GMT Access-Control-Allow-Origin * Content-Encoding gzip
GET H/1.1	200 OK	Primary Request video.php Show response www1.watchmygirlfriend.to/ Redirect Chain http://prpops.com/p/kju1/direct?prc_c=1566658976&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9zb21ldHJhZi5jb21cL2RlZmF1bHQuaHRtbCIsIkhUVFBfVVNFUl9BR0VOVCI6Ik1vemlsbGFcLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYW... https://www1.watchmygirlfriend.to/video.php	8 KB 4 KB	496ms 172ms	Document text/html	108.170.27.42 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL https://www1.watchmygirlfriend.to/video.php Requested by Host: prpops.com URL: http://prpops.com/p/kju1/direct Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 108.170.27.42 Phoenix, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / PHP/5.4.16 Resource Hash `f81a33a36ed181acfbd94f6da1ab157d65df7777040066b8065ea2e3a8e7a447` Request headers Host www1.watchmygirlfriend.to Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site cross-site Referer http://prpops.com/p/kju1/direct Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://prpops.com/p/kju1/direct Response headers Server nginx Date Sat, 24 Aug 2019 15:02:57 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.4.16 Content-Encoding gzip Redirect headers Server nginx Date Sat, 24 Aug 2019 15:02:56 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie woa1quur7O=ac2e018f0f47b5ad5c6c448e0b668781427dfeb8dfd9bde2a3dd9912a04069a67c574e787b9bf79ba3d68379afdf63dbba51556ac7c6b25cd473ef6bc19a124e; expires=Thu, 20-Feb-2020 15:02:56 GMT; Max-Age=15552000 prVi=0n9MkkwSIR5VY61IhEKAgY82f689HXoc; expires=Sun, 23-Aug-2020 15:02:56 GMT; Max-Age=31536000; path=/; domain=.plugrush.com Cache-Control no-cache, must-revalidate, no-transform Expires Tue, 31 Dec 2013 23:59:59 GMT Location https://www1.watchmygirlfriend.to/video.php Access-Control-Allow-Origin *
GET H/1.1	200 OK	ffngubvweuip.php Show response www1.watchmygirlfriend.to/	11 B 253 B	196ms 195ms	Script application/javascript	108.170.27.42 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL https://www1.watchmygirlfriend.to/ffngubvweuip.php Requested by Host: www1.watchmygirlfriend.to URL: https://www1.watchmygirlfriend.to/video.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 108.170.27.42 Phoenix, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / PHP/5.4.16 Resource Hash `917ef22f94f460141928531e1945453e29d89dcd58e3383c2b3ba0e2e19eb0d7` Request headers Sec-Fetch-Mode no-cors Referer https://www1.watchmygirlfriend.to/video.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 24 Aug 2019 15:02:57 GMT Content-Encoding gzip Server nginx Connection keep-alive X-Powered-By PHP/5.4.16 Transfer-Encoding chunked Content-Type application/javascript
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `226fec78d633cbd16180916ee3033c9c161dee03b64e30e8ef1a156686d3c7d0` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

notbaduploads.com
prpops.com
sometraf.com
www1.watchmygirlfriend.to
108.170.27.42
23.235.244.224
2606:4700:30::6812:2cb2
80.82.70.217
226fec78d633cbd16180916ee3033c9c161dee03b64e30e8ef1a156686d3c7d0
917ef22f94f460141928531e1945453e29d89dcd58e3383c2b3ba0e2e19eb0d7
b08e43b33637aaacd0587d2d699b1954ab8bed0bdaebff3862619e7de538d8ba
f81a33a36ed181acfbd94f6da1ab157d65df7777040066b8065ea2e3a8e7a447

www1.watchmygirlfriend.to Open in urlscan Pro 108.170.27.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

40 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

15 kBTransfer

32 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

0 Cookies

Indicators

www1.watchmygirlfriend.to Open in urlscan Pro
108.170.27.42 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

40 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

15 kB
Transfer

32 kB
Size

0
Cookies

5 HTTP transactions
1 data transactions