Submitted URL: http://liteparadise.com/
Effective URL: http://prpops.com/p/kju1/direct
Submission: On July 19 via manual from CA

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 131.153.42.225, located in Tempe, United States and belongs to SSASN2 - SECURED SERVERS LLC, US. The main domain is prpops.com.
This is the only time prpops.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 80.82.70.217 202425 (INT-NETWORK)
2 2606:4700:30:... 13335 (CLOUDFLAR...)
1 131.153.42.225 20454 (SSASN2)
4 3
Apex Domain
Subdomains
Transfer
2 sometraf.com
sometraf.com
1 KB
1 prpops.com
prpops.com
9 KB
1 liteparadise.com
liteparadise.com
663 B
0 watchmygf.to Failed
www1.watchmygf.to Failed
4 4
Domain Requested by
2 sometraf.com sometraf.com
1 prpops.com sometraf.com
1 liteparadise.com 1 redirects
0 www1.watchmygf.to Failed prpops.com
4 4

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Frame: https://www1.watchmygf.to/video.php
Frame ID: 147DA31E2E846E2C259AF62D0460DFAC
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://liteparadise.com/ HTTP 302
    http://sometraf.com/12.html Page URL
  2. http://sometraf.com/default.html Page URL
  3. http://prpops.com/p/kju1/direct Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

4
Requests

0 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

11 kB
Transfer

22 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://liteparadise.com/ HTTP 302
    http://sometraf.com/12.html Page URL
  2. http://sometraf.com/default.html Page URL
  3. http://prpops.com/p/kju1/direct Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://liteparadise.com/ HTTP 302
  • http://sometraf.com/12.html
Request Chain 2
  • http://prpops.com/p/kju1/direct?prc_c=1563570505&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9zb21ldHJhZi5jb21cL2RlZmF1bHQuaHRtbCIsIkhUVFBfVVNFUl9BR0VOVCI6Ik1vemlsbGFcLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC83NC4wLjM3MjkuMTY5IFNhZmFyaVwvNTM3LjM2In0=&prc_h=dbe18728c8ab0634cdddcc8e4e91b6d9257d9e38d891796936db4bdd2f8acc4e&pr_tsid=a42aff47b804cf0fb746e758c59455031df890ebb084c2165e8312ec47a0d710&pr_tsids=f78be247e26392c465eb1abde3a912f4a3dca6c60c84872bbea39435d56a9cf3&prc_obfjs=a33ebc74ab85198ce098783493fcc6f6af541d5927dfec72a3eb403bd2ab3a60&prc_isIframe1=false&prc_jw=1600&prc_jh=1200&prc_jow=1600&prc_joh=1200&prc_jsw=1600&prc_jsh=1200&prc_jwaw=1600&prc_jwah=1200&prc_jnp=Linux%20x86_64&prc_jnv=Google%20Inc.&prc_jcp=0&prc_jp=0&prc_jpc=0&prc_jfp=0&prc_isPhantomJS=50&prc_PhantomJSDetail=32&prc_isHeadlessChrome=100&prc_HeadlessChromeDetail=66 HTTP 302
  • https://www1.watchmygf.to/video.php

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set 12.html
sometraf.com/
Redirect Chain
  • http://liteparadise.com/
  • http://sometraf.com/12.html
258 B
692 B
Document
General
Full URL
http://sometraf.com/12.html
Protocol
HTTP/1.1
Server
2606:4700:30::6812:2db2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08e43b33637aaacd0587d2d699b1954ab8bed0bdaebff3862619e7de538d8ba

Request headers

Host
sometraf.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 19 Jul 2019 21:07:53 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=dada269bc84b5b43dfc46517866f580871563570473; expires=Sat, 18-Jul-20 21:07:53 GMT; path=/; domain=.sometraf.com; HttpOnly jwyds=yP0cADEyAAIADgApMTJd__8pMTJdQAABAAAAKTEyXQA-; expires=Sat, 18-Jul-2020 21:07:53 GMT; path=/; domain=sometraf.com
Server
cloudflare
CF-RAY
4f8faae29ae5c2db-FRA
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 19 Jul 2019 21:07:53 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=60
Set-Cookie
user_var=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ from=noref; expires=Sat, 20-Jul-2019 21:07:53 GMT; Max-Age=86400; path=/ lfrom=noref; expires=Sat, 20-Jul-2019 21:07:53 GMT; Max-Age=86400; path=/ idcheck=1563570473; expires=Sat, 20-Jul-2019 21:07:53 GMT; Max-Age=86400; path=/ index_page=1; expires=Sat, 20-Jul-2019 21:07:53 GMT; Max-Age=86400; path=/
Location
http://sometraf.com/12.html
Cookie set default.html
sometraf.com/
255 B
577 B
Document
General
Full URL
http://sometraf.com/default.html
Requested by
Host: sometraf.com
URL: http://sometraf.com/12.html
Protocol
HTTP/1.1
Server
2606:4700:30::6812:2db2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
sometraf.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://sometraf.com/12.html
Accept-Encoding
gzip, deflate
Cookie
__cfduid=dada269bc84b5b43dfc46517866f580871563570473; jwyds=yP0cADEyAAIADgApMTJd__8pMTJdQAABAAAAKTEyXQA-
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://sometraf.com/12.html

Response headers

Date
Fri, 19 Jul 2019 21:07:53 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
jwyds=gLgyADEyAAIADgApMTJd__8pMTJdQAABAAAAKTEyXWRlZmF1bHQAAgAHACkxMl3__ykxMl0A; expires=Sat, 18-Jul-2020 21:07:53 GMT; path=/; domain=sometraf.com
Server
cloudflare
CF-RAY
4f8faae2dbc3c2db-FRA
Content-Encoding
gzip
Primary Request Cookie set direct
prpops.com/p/kju1/
22 KB
9 KB
Document
General
Full URL
http://prpops.com/p/kju1/direct
Requested by
Host: sometraf.com
URL: http://sometraf.com/default.html
Protocol
HTTP/1.1
Server
131.153.42.225 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US),
Reverse DNS
Software
nginx /
Resource Hash
068bc31fb3ad55f171b51a010aa31f2b6555bc8366be6ee12e70120248c51a6c

Request headers

Host
prpops.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://sometraf.com/default.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://sometraf.com/default.html

Response headers

Server
nginx
Date
Fri, 19 Jul 2019 21:08:25 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
woa1quur7O=1ff73fefb112e9296c1141a94cbdd0f29442824aa9d84fd04f7999402b2ce0c81c807522ca5dbf3b7889298ddf7709271e62357297aae4431cf4a9120b19466b; expires=Wed, 15-Jan-2020 21:08:25 GMT; Max-Age=15552000 biscuit_suus99w8=6f8a8f9cd9fcf5b2627febe2154a4dfeec45761b1f1215d4eaaced02d545afc8; expires=Fri, 19-Jul-2019 21:09:25 GMT; Max-Age=60
Cache-Control
no-cache, must-revalidate, no-transform
Expires
Tue, 31 Dec 2013 23:59:59 GMT
Access-Control-Allow-Origin
*
Content-Encoding
gzip
video.php
www1.watchmygf.to/
Redirect Chain
  • http://prpops.com/p/kju1/direct?prc_c=1563570505&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9zb21ldHJhZi5jb21cL2RlZmF1bHQuaHRtbCIsIkhUVFBfVVNFUl9BR0VOVCI6Ik1vemlsbGFcLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYW...
  • https://www1.watchmygf.to/video.php
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www1.watchmygf.to
URL
https://www1.watchmygf.to/video.php

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

2 Cookies

Domain/Path Name / Value
prpops.com/p/kju1 Name: biscuit_suus99w8
Value: 6f8a8f9cd9fcf5b2627febe2154a4dfeec45761b1f1215d4eaaced02d545afc8
prpops.com/p/kju1 Name: woa1quur7O
Value: 1ff73fefb112e9296c1141a94cbdd0f29442824aa9d84fd04f7999402b2ce0c81c807522ca5dbf3b7889298ddf7709271e62357297aae4431cf4a9120b19466b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

liteparadise.com
prpops.com
sometraf.com
www1.watchmygf.to
www1.watchmygf.to
131.153.42.225
2606:4700:30::6812:2db2
80.82.70.217
068bc31fb3ad55f171b51a010aa31f2b6555bc8366be6ee12e70120248c51a6c
b08e43b33637aaacd0587d2d699b1954ab8bed0bdaebff3862619e7de538d8ba