www.watchmygf.to Open in urlscan Pro
108.170.27.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sp.popcash.net/go/160608/382873
Effective URL:
https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa
Submission: On November 22 via manual (November 22nd 2018, 4:26:59 pm UTC) from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 9 HTTP transactions. The main IP is 108.170.27.42, located in Tempe, United States and belongs to SSASN2 - SECURED SERVERS LLC, US. The main domain is www.watchmygf.to.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 5th 2018. Valid for: 3 months.

This is the only time www.watchmygf.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	52.70.92.255 52.70.92.255	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 4	51.15.75.42 51.15.75.42	12876 (AS12876) (AS12876)
1 2	131.153.42.226 131.153.42.226	20454 (SSASN2) (SSASN2 - SECURED SERVERS LLC)
1 3	108.170.27.42 108.170.27.42	20454 (SSASN2) (SSASN2 - SECURED SERVERS LLC)
1 1	66.254.106.253 66.254.106.253	29789 (REFLECTED) (REFLECTED - Reflected Networks)
1	216.18.180.222 216.18.180.222	29789 (REFLECTED) (REFLECTED - Reflected Networks)
1	131.153.42.225 131.153.42.225	20454 (SSASN2) (SSASN2 - SECURED SERVERS LLC)
9	6

2 52.70.92.255 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-70-92-255.compute-1.amazonaws.com

sp.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.15.75.42 (France) 1 redirects

ASN12876 (AS12876, FR)
PTR: 42-75-15-51.rev.cloud.scaleway.com

r.advaloo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.advaloo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 131.153.42.226 (Tempe, United States) 1 redirects

ASN20454 (SSASN2 - SECURED SERVERS LLC, US)

prpops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.170.27.42 (Tempe, United States) 1 redirects

ASN20454 (SSASN2 - SECURED SERVERS LLC, US)

www.watchmygf.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.254.106.253 (Waltham, United States) 1 redirects

ASN29789 (REFLECTED - Reflected Networks, Inc., US)

wct.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.18.180.222 (Waltham, United States)

ASN29789 (REFLECTED - Reflected Networks, Inc., US)

watchmygf.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 131.153.42.225 (Tempe, United States)

ASN20454 (SSASN2 - SECURED SERVERS LLC, US)

d.smopy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	advaloo.com 1 redirects r.advaloo.com p.advaloo.com	2 KB
3	watchmygf.to 1 redirects www.watchmygf.to	10 KB
2	prpops.com 1 redirects prpops.com	8 KB
2	popcash.net 1 redirects sp.popcash.net	701 B
1	smopy.com d.smopy.com	3 KB
1	watchmygf.net watchmygf.net
1	wct.link 1 redirects wct.link	380 B
9	7

	Domain	Requested by
3	www.watchmygf.to	1 redirects prpops.com www.watchmygf.to
3	p.advaloo.com	1 redirects r.advaloo.com p.advaloo.com
2	prpops.com	1 redirects p.advaloo.com
2	sp.popcash.net	1 redirects
1	d.smopy.com	www.watchmygf.to
1	watchmygf.net	www.watchmygf.to
1	wct.link	1 redirects
1	r.advaloo.com	sp.popcash.net
9	8

This site contains no links.

Subject Issuer	Validity	Valid
www.watchmygf.to Let's Encrypt Authority X3	`2018-11-05` - `2019-02-03`	3 months	crt.sh
watchmygf.net COMODO RSA Domain Validation Secure Server CA	`2018-01-15` - `2019-01-23`	a year	crt.sh
*.smopy.com COMODO RSA Domain Validation Secure Server CA	`2017-12-27` - `2020-12-26`	3 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa
Frame ID: D64477E029C900DC0059F3B538A4746F
Requests: 8 HTTP requests in this frame

Frame: https://watchmygf.net/tt/?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa
Frame ID: C4E4419CDC966A49D8EBEABB8BF5F2D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sp.popcash.net/go/160608/382873 Page URL
http://sp.popcash.net/sgo/ad?p=160608&w=382873&t=97e6f7bdace21c13&r=&vw=1600&vh=1200 HTTP 303
http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Page URL
http://p.advaloo.com/in2.php?kw=rtb&cid=7d6f41a5-c97c-43ae-pc-other-de&uid=4049f9e0-f302-4a53-afd... Page URL
http://p.advaloo.com/st.php?uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cid=7d6f41a5-c97c-43ae-pc-ot... HTTP 302
http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Page URL
http://prpops.com/p/ms9o/direct/t:de_chrome_67 Page URL
http://prpops.com/p/ms9o/direct/t:de_chrome_67?prc_c=1542904002&prc_r=eyJIVFRQX1JFRkVSRVIiOiJo... HTTP 302
http://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865f... HTTP 302
https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865f... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

44 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

6
IPs

2
Countries

22 kB
Transfer

57 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sp.popcash.net/go/160608/382873 Page URL
http://sp.popcash.net/sgo/ad?p=160608&w=382873&t=97e6f7bdace21c13&r=&vw=1600&vh=1200 HTTP 303
http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Page URL
http://p.advaloo.com/in2.php?kw=rtb&cid=7d6f41a5-c97c-43ae-pc-other-de&uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cc=de&b=chrome&bv=67.0 Page URL
http://p.advaloo.com/st.php?uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cid=7d6f41a5-c97c-43ae-pc-other-de&iw=1600&ih=1200&ow=1600&oh=1200&sw=1600&sh=1200&aw=1600&ah=1200&np=Linux%20x86_64&nv=Google%20Inc.&cp=0&ph=0&pl=0 HTTP 302
http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Page URL
http://prpops.com/p/ms9o/direct/t:de_chrome_67 Page URL
http://prpops.com/p/ms9o/direct/t:de_chrome_67?prc_c=1542904002&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9wLmFkdmFsb28uY29tXC80MDQ5ZjllMC1mMzAyLTRhNTMtYWZkMi1jMDMyZmY3MGFhY2QiLCJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTNfNSkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvNjcuMC4zMzk2Ljg3IFNhZmFyaVwvNTM3LjM2In0=&prc_h=9105414463de673346ec7460bc281083796514116b6b6a0a1d6d93115e1e955b&pr_tsid=626564ac794990b88341eaedbd5119f910ea8c24cdc29d2303e548e239ed8ea7&pr_tsids=4d9cfa203aede4ec3c23b5fbb25bc1a9a01743b94c8d96fed6c9fe641ab7f841&prc_obfjs=5df6202bb02b2f11be2bd85f8c3e56b1c5c34ebf351677d4af6af46375ade749&prc_isIframe1=false&prc_jw=1600&prc_jh=1200&prc_jow=1600&prc_joh=1200&prc_jsw=1600&prc_jsh=1200&prc_jwaw=1600&prc_jwah=1200&prc_jnp=Linux%20x86_64&prc_jnv=Google%20Inc.&prc_jcp=0&prc_jp=0&prc_jpc=0&prc_jfp=0 HTTP 302
http://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa HTTP 302
https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://sp.popcash.net/sgo/ad?p=160608&w=382873&t=97e6f7bdace21c13&r=&vw=1600&vh=1200 HTTP 303
http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd

Request Chain 3

http://p.advaloo.com/st.php?uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cid=7d6f41a5-c97c-43ae-pc-other-de&iw=1600&ih=1200&ow=1600&oh=1200&sw=1600&sh=1200&aw=1600&ah=1200&np=Linux%20x86_64&nv=Google%20Inc.&cp=0&ph=0&pl=0 HTTP 302
http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd

Request Chain 6

https://wct.link/click?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa HTTP 301
https://watchmygf.net/tt/?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	382873 sp.popcash.net/go/160608/	427 B 461 B	216ms 96ms	Document text/html	52.70.92.255 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://sp.popcash.net/go/160608/382873 Protocol HTTP/1.1 Server 52.70.92.255 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-70-92-255.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Host sp.popcash.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Encoding gzip Content-Type text/html Date Thu, 22 Nov 2018 16:26:41 GMT Server nginx Vary Accept-Encoding Content-Length 273 Connection keep-alive
GET H/1.1	200 OK	4049f9e0-f302-4a53-afd2-c032ff70aacd r.advaloo.com/ Redirect Chain http://sp.popcash.net/sgo/ad?p=160608&w=382873&t=97e6f7bdace21c13&r=&vw=1600&vh=1200 http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd	455 B 447 B	391ms 355ms	Document text/html	51.15.75.42 AS12876
General Check archive.org Show headers Download Go to Full URL http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Requested by Host: sp.popcash.net URL: http://sp.popcash.net/go/160608/382873 Protocol HTTP/1.1 Server 51.15.75.42 , France, ASN12876 (AS12876, FR), Reverse DNS 42-75-15-51.rev.cloud.scaleway.com Software nginx/1.13.10 / Resource Hash Request headers Host r.advaloo.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://sp.popcash.net/go/160608/382873 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://sp.popcash.net/go/160608/382873 Response headers Server nginx/1.13.10 Date Thu, 22 Nov 2018 16:26:42 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Content-Encoding gzip Redirect headers Content-Type text/html; charset=utf-8 Date Thu, 22 Nov 2018 16:26:42 GMT Location http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd#pc182201 Server nginx Content-Length 93 Connection keep-alive
GET H/1.1	200 OK	in2.php Show response p.advaloo.com/	1 KB 673 B	53ms 14ms	Document text/html	51.15.75.42 AS12876
General Check archive.org Show headers Download Go to Full URL http://p.advaloo.com/in2.php?kw=rtb&cid=7d6f41a5-c97c-43ae-pc-other-de&uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cc=de&b=chrome&bv=67.0 Requested by Host: r.advaloo.com URL: http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Protocol HTTP/1.1 Server 51.15.75.42 , France, ASN12876 (AS12876, FR), Reverse DNS 42-75-15-51.rev.cloud.scaleway.com Software nginx/1.13.10 / Resource Hash `ff2fc3dadeed0875ad1ab3d70572133cdf53b491211880c36e7dbf4fcbce45aa` Request headers Host p.advaloo.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://r.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Response headers Server nginx/1.13.10 Date Thu, 22 Nov 2018 16:26:42 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	4049f9e0-f302-4a53-afd2-c032ff70aacd p.advaloo.com/ Redirect Chain http://p.advaloo.com/st.php?uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cid=7d6f41a5-c97c-43ae-pc-other-de&iw=1600&ih=1200&ow=1600&oh=1200&sw=1600&sh=1200&aw=1600&ah=1200&np=Linux%20x86_64&nv=Google%2... http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd	323 B 389 B	20ms 20ms	Document text/html	51.15.75.42 AS12876
General Check archive.org Show headers Download Go to Full URL http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Requested by Host: p.advaloo.com URL: http://p.advaloo.com/in2.php?kw=rtb&cid=7d6f41a5-c97c-43ae-pc-other-de&uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cc=de&b=chrome&bv=67.0 Protocol HTTP/1.1 Server 51.15.75.42 , France, ASN12876 (AS12876, FR), Reverse DNS 42-75-15-51.rev.cloud.scaleway.com Software nginx/1.13.10 / Resource Hash Request headers Host p.advaloo.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://p.advaloo.com/in2.php?kw=rtb&cid=7d6f41a5-c97c-43ae-pc-other-de&uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cc=de&b=chrome&bv=67.0 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://p.advaloo.com/in2.php?kw=rtb&cid=7d6f41a5-c97c-43ae-pc-other-de&uid=4049f9e0-f302-4a53-afd2-c032ff70aacd&cc=de&b=chrome&bv=67.0 Response headers Server nginx/1.13.10 Date Thu, 22 Nov 2018 16:26:42 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Content-Encoding gzip Redirect headers Server nginx/1.13.10 Date Thu, 22 Nov 2018 16:26:42 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Location /4049f9e0-f302-4a53-afd2-c032ff70aacd
GET H/1.1	200 OK	Cookie set t:de_chrome_67 Show response prpops.com/p/ms9o/direct/	15 KB 7 KB	318ms 151ms	Document text/html	131.153.42.226 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL http://prpops.com/p/ms9o/direct/t:de_chrome_67 Requested by Host: p.advaloo.com URL: http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Protocol HTTP/1.1 Server 131.153.42.226 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / Resource Hash `2cf5383be8347dab6d419b50a622494c73812d684376eecb3dd8574e52b083e9` Request headers Host prpops.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://p.advaloo.com/4049f9e0-f302-4a53-afd2-c032ff70aacd Response headers Server nginx Date Thu, 22 Nov 2018 16:26:42 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie woa1quur7O=d5853029d59972320eed3bd96c705d0787969bfaca9c815abad4e7550fff6a241fa4f8f3af4c16faee9850828bf768fe09f61765d74f220dcad119f2163abdc1; expires=Tue, 21-May-2019 16:26:42 GMT; Max-Age=15552000 biscuit_suus99w8=d25abbad755a2e157c18d7e151d7bff2d7a88f5e8f0c08e3e44aa3063fabff0a; expires=Thu, 22-Nov-2018 16:27:42 GMT; Max-Age=60 Cache-Control no-cache, must-revalidate, no-transform Expires Tue, 31 Dec 2013 23:59:59 GMT Access-Control-Allow-Origin * Content-Encoding gzip
GET H/1.1	200 OK	Primary Request / Show response www.watchmygf.to/ Redirect Chain http://prpops.com/p/ms9o/direct/t:de_chrome_67?prc_c=1542904002&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9wLmFkdmFsb28uY29tXC80MDQ5ZjllMC1mMzAyLTRhNTMtYWZkMi1jMDMyZmY3MGFhY2QiLCJIVFRQX1VTRVJfQUdFTlQ... http://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa	582 B 620 B	461ms 150ms	Document text/html	108.170.27.42 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Requested by Host: prpops.com URL: http://prpops.com/p/ms9o/direct/t:de_chrome_67 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 108.170.27.42 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / PHP/5.4.16 Resource Hash `b2156996f9dddbcdab57178ed670ffb82727ed503fd39a50a2f7580375b20b71` Request headers Host www.watchmygf.to Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://prpops.com/p/ms9o/direct/t:de_chrome_67 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://prpops.com/p/ms9o/direct/t:de_chrome_67 Response headers Server nginx Date Thu, 22 Nov 2018 09:26:37 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.4.16 Content-Encoding gzip Redirect headers Server nginx Date Thu, 22 Nov 2018 09:26:36 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.4.16 Location https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa
GET H/1.1	200 OK	tzlvbzaswm.php Show response www.watchmygf.to/	30 KB 9 KB	149ms 148ms	Script application/javascript	108.170.27.42 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL https://www.watchmygf.to/tzlvbzaswm.php Requested by Host: www.watchmygf.to URL: https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 108.170.27.42 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / PHP/5.4.16 Resource Hash `1c07ee42955c9e83321b05c81df9a9d8770911d2758a02d21edf6696b835cd88` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.watchmygf.to User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Connection keep-alive Cache-Control no-cache Referer https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 22 Nov 2018 09:26:37 GMT Content-Encoding gzip Server nginx Connection keep-alive X-Powered-By PHP/5.4.16 Transfer-Encoding chunked Content-Type application/javascript
GET H/1.1	200 OK	Cookie set / watchmygf.net/tt/ Frame C4E4 Redirect Chain https://wct.link/click?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa https://watchmygf.net/tt/?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa	0 0	470ms 114ms	Document text/html	216.18.180.222 Reflected Networks
General Check archive.org Show headers Download Go to Full URL https://watchmygf.net/tt/?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Requested by Host: www.watchmygf.to URL: https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 216.18.180.222 Waltham, United States, ASN29789 (REFLECTED - Reflected Networks, Inc., US), Reverse DNS Software Apache / PHP/5.2.17 Resource Hash Request headers Host watchmygf.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Response headers Date Thu, 22 Nov 2018 16:26:46 GMT Server Apache X-Powered-By PHP/5.2.17 Vary Accept-Encoding Content-Encoding gzip Content-Length 4371 Connection close Content-Type text/html Set-Cookie RNLBSERVERID=ded723; path=/ Cache-control private Redirect headers Server nginx Date Thu, 22 Nov 2018 16:26:45 GMT Content-Type text/html Content-Length 178 Connection keep-alive Location https://watchmygf.net/tt/?c=eyJhIjoxMSwibyI6NjEsInAiOjN9&tracker=ad_dp_bh_ww&ptrack=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa X-Frame-Options DENY Set-Cookie RNLBSERVERID=ded462; path=/
GET H/1.1	200 OK	/ Show response d.smopy.com/d/	10 KB 3 KB	665ms 197ms	XHR application/json	131.153.42.225 SECURED SERVERS LLC
General Check archive.org Show headers Download Go to Full URL https://d.smopy.com/d/?resource=bundler&widgets=1458770:1&isct=1542878662&prr=https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=b86831065a02484864182cf88634a9eff53495de344dc556239330719f9863d2&iscs=NzBiNGY0MGJlODhhYTQzYmFmNDk0N2Y4ODRhZWFlY2I0ODNlMzViNGU4MGUzMDc3NDRmZTRiYzhmZGNlYmViYXwwfDV8MTMxLjE1My40Mi4yNTB8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4yOyBXaW42NDsgeDY0OyBydjo1MS4wLjMpIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvNTEuMC4zfDMwMzI3OHwxNTQyODc4NjYyfGliYUhSMGNITTZMeTkzZDNjdWQyRjBZMmh0ZVdkbUxuUnZMejkwY21GamEyVnlQV0ZrWDJSd1gySm9YM2QzSm1Oc2FXTnJYMmxrUFdJNE5qZ3pNVEEyTldFd01qUTRORGcyTkRFNE1tTm1PRGcyTXpSaE9XVm1aalV6TkRrMVpHVXpORFJrWXpVMU5qSXpPVE16TURjeE9XWTVPRFl6WkRJPQ==&reqc=1 Requested by Host: www.watchmygf.to URL: https://www.watchmygf.to/tzlvbzaswm.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 131.153.42.225 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US), Reverse DNS Software nginx / Express Resource Hash `9668b64734ae3c08b20fe848f50a1306a16a493927390b6af99e78cceb446ab6` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://www.watchmygf.to/?tracker=ad_dp_bh_ww&click_id=77ce91a63587f84749de6f0344cf57962e81b6e969865fe3c118c210ed62ebaa Origin https://www.watchmygf.to Response headers Date Thu, 22 Nov 2018 16:26:46 GMT Content-Encoding gzip ETag W/"274d-4B+NYmbllof3Uww1PJAfIHIZ6R8" Server nginx X-Powered-By Express Transfer-Encoding chunked Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Connection keep-alive

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.watchmygf.net/	1970-01-19 14:06:16	Name: _ga Value: GA1.2.1624802903.1542904007
.watchmygf.net/	1970-01-18 20:35:04	Name: _gat Value: 1
.watchmygf.net/	1970-01-18 20:36:30	Name: _gid Value: GA1.2.1679215847.1542904007
watchmygf.net/	1969-12-31 23:59:59	Name: RNLBSERVERID Value: ded723

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d.smopy.com
p.advaloo.com
prpops.com
r.advaloo.com
sp.popcash.net
watchmygf.net
wct.link
www.watchmygf.to
108.170.27.42
131.153.42.225
131.153.42.226
216.18.180.222
51.15.75.42
52.70.92.255
66.254.106.253
1c07ee42955c9e83321b05c81df9a9d8770911d2758a02d21edf6696b835cd88
2cf5383be8347dab6d419b50a622494c73812d684376eecb3dd8574e52b083e9
9668b64734ae3c08b20fe848f50a1306a16a493927390b6af99e78cceb446ab6
b2156996f9dddbcdab57178ed670ffb82727ed503fd39a50a2f7580375b20b71
ff2fc3dadeed0875ad1ab3d70572133cdf53b491211880c36e7dbf4fcbce45aa

www.watchmygf.to Open in urlscan Pro 108.170.27.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

44 %HTTPS

0 %IPv6

7 Domains

8 Subdomains

6 IPs

2 Countries

22 kBTransfer

57 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

4 Cookies

Indicators

www.watchmygf.to Open in urlscan Pro
108.170.27.42 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

44 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

6
IPs

2
Countries

22 kB
Transfer

57 kB
Size

4
Cookies

9 HTTP transactions
0 data transactions