www1.watchmygirlfriend.to

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 6 HTTP transactions. The main IP is 108.170.27.42, located in Phoenix, United States and belongs to SSASN2, US. The main domain is www1.watchmygirlfriend.to.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 29th 2020. Valid for: 3 months.

This is the only time www1.watchmygirlfriend.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3033::681c:154f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3036::6812:21ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	131.153.42.225 131.153.42.225	20454 (SSASN2) (SSASN2)
2	108.170.27.42 108.170.27.42	20454 (SSASN2) (SSASN2)
2	131.153.42.211 131.153.42.211	20454 (SSASN2) (SSASN2)
6	5

1 2606:4700:3033::681c:154f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fapthat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6812:21ec (United States)

ASN13335 (CLOUDFLARENET, US)

iflporn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 131.153.42.225 (Phoenix, United States) 1 redirects

ASN20454 (SSASN2, US)

prpops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.170.27.42 (Phoenix, United States)

ASN20454 (SSASN2, US)

www1.watchmygirlfriend.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 131.153.42.211 (Phoenix, United States)

ASN20454 (SSASN2, US)

d.trafiq.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	trafiq.win d.trafiq.win	5 KB
2	watchmygirlfriend.to www1.watchmygirlfriend.to	15 KB
2	prpops.com 1 redirects prpops.com	10 KB
1	iflporn.com iflporn.com	710 B
1	fapthat.com 1 redirects fapthat.com	415 B
6	5

	Domain	Requested by
2	d.trafiq.win	www1.watchmygirlfriend.to
2	www1.watchmygirlfriend.to	prpops.com www1.watchmygirlfriend.to
2	prpops.com	1 redirects iflporn.com
1	iflporn.com
1	fapthat.com	1 redirects
6	5

This site contains no links.

Subject Issuer	Validity	Valid
prmobiles.com Let's Encrypt Authority X3	`2020-07-01` - `2020-09-29`	3 months	crt.sh
watchmygirlfriend.to Let's Encrypt Authority X3	`2020-06-29` - `2020-09-27`	3 months	crt.sh
trafiq.win Let's Encrypt Authority X3	`2020-06-19` - `2020-09-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www1.watchmygirlfriend.to/video.php
Frame ID: 7D92E6E4409F56A15CB5CECE56F4D72A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://fapthat.com/tspop/?WEBSITEID=3416311 HTTP 302
http://iflporn.com/rush Page URL
https://prpops.com/p/gzas/direct/t:iflporn Page URL
https://prpops.com/p/gzas/direct/t:iflporn?prc_c=1597679097&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwO... HTTP 302
https://www1.watchmygirlfriend.to/video.php Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

6
Requests

83 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

30 kB
Transfer

81 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fapthat.com/tspop/?WEBSITEID=3416311 HTTP 302
http://iflporn.com/rush Page URL
https://prpops.com/p/gzas/direct/t:iflporn Page URL
https://prpops.com/p/gzas/direct/t:iflporn?prc_c=1597679097&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9pZmxwb3JuLmNvbVwvIiwiSFRUUF9VU0VSX0FHRU5UIjoiTW96aWxsYVwvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE0XzUpIEFwcGxlV2ViS2l0XC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWVcLzgzLjAuNDEwMy42MSBTYWZhcmlcLzUzNy4zNiJ9&prc_h=fec0172d4cb62f8e12dbba1b9ecd19ecd930b4bde4f6fc55377f4a165d61defb&pr_tsid=9330285bafc76ac92c64e0a7c50147e6ed147c318cc4e1374d55664fef999cf0&pr_tsids=0a81a12158e4a86701f9a049edb478eab942604885fcbc8a16fb0183381d220a&prc_obfjs=8ecb55d945d2b203af95d2aa8b29b4f030f34e7174266b015e78028d1d651afe&prc_isIframe1=false&prc_jw=1600&prc_jh=1200&prc_jow=1600&prc_joh=1200&prc_jsw=1600&prc_jsh=1200&prc_jwaw=1600&prc_jwah=1200&prc_jnp=Linux%20x86_64&prc_jnv=Google%20Inc.&prc_jcp=0&prc_jp=0&prc_jpc=0&prc_jfp=0&prc_bhl=3&prc_erf=0&prc_isPhantomJS=50&prc_PhantomJSDetail=32&prc_isHeadlessChrome=100&prc_HeadlessChromeDetail=66&prc_pnc=50&prc_pnd=4 HTTP 302
https://www1.watchmygirlfriend.to/video.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://fapthat.com/tspop/?WEBSITEID=3416311 HTTP 302
http://iflporn.com/rush

6 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set rush Show response iflporn.com/ Redirect Chain http://fapthat.com/tspop/?WEBSITEID=3416311 http://iflporn.com/rush	394 B 710 B	34ms 27ms	Document text/html	2606:4700:3036::6812:21ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://iflporn.com/rush Protocol HTTP/1.1 Server 2606:4700:3036::6812:21ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6a9ab348da7c571b83fa0ba320e31bb4c0121b9f17ff1b6f96aa455152003e4a` Request headers Host iflporn.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 17 Aug 2020 15:44:57 GMT Content-Type text/html;charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d732f350f650bcf9b17bb7acf700a02f71597679097; expires=Wed, 16-Sep-20 15:44:57 GMT; path=/; domain=.iflporn.com; HttpOnly; SameSite=Lax cf-request-id 049eb16d1400001f1d2b99a200000001 Vary Accept-Encoding Server cloudflare CF-RAY 5c4484f4e98f1f1d-FRA Content-Encoding gzip Redirect headers Date Mon, 17 Aug 2020 15:44:57 GMT Content-Length 0 Connection keep-alive Set-Cookie __cfduid=d433cb9f824e81cfd219d621e0ec7ebe51597679096; expires=Wed, 16-Sep-20 15:44:56 GMT; path=/; domain=.fapthat.com; HttpOnly; SameSite=Lax Location http://iflporn.com/rush cf-request-id 049eb16c9a0000c2efc4991200000001 Vary Accept-Encoding Server cloudflare CF-RAY 5c4484f428f2c2ef-FRA
GET H/1.1	200 OK	Cookie set t:iflporn Show response prpops.com/p/gzas/direct/	23 KB 10 KB	680ms 173ms	Document text/html	131.153.42.225 SSASN2
General Check archive.org Show headers Download Go to Full URL https://prpops.com/p/gzas/direct/t:iflporn Requested by Host: iflporn.com URL: http://iflporn.com/rush Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 131.153.42.225 Phoenix, United States, ASN20454 (SSASN2, US), Reverse DNS Software nginx / Resource Hash `54e4ba094e9b4b3d97fddca27a15183e63974aacd0f2c2df92019a9a96deb3b6` Request headers Host prpops.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer http://iflporn.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://iflporn.com/ Response headers Server nginx Date Mon, 17 Aug 2020 15:44:57 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie woa1quur7O=30cd2cf71fff8cc00ea7afbd368962ab12d857df7d6aaa9cf019e1b0b49df65312af594bd2b6237b4fc9e2abe22a023a2a7587f9ca3365df52d82a58363b4b49; expires=Sat, 13-Feb-2021 15:44:57 GMT; Max-Age=15552000 biscuit_suus99w8=b5188c562541a150439a27c58c14a91f562b7ad6b1107022cc6376ccb2a3af0f; expires=Mon, 17-Aug-2020 15:45:57 GMT; Max-Age=60 Cache-Control no-cache, must-revalidate, no-transform Expires Tue, 31 Dec 2013 23:59:59 GMT Access-Control-Allow-Origin * Content-Encoding gzip
GET H/1.1	200 OK	Primary Request video.php Show response www1.watchmygirlfriend.to/ Redirect Chain https://prpops.com/p/gzas/direct/t:iflporn?prc_c=1597679097&prc_r=eyJIVFRQX1JFRkVSRVIiOiJodHRwOlwvXC9pZmxwb3JuLmNvbVwvIiwiSFRUUF9VU0VSX0FHRU5UIjoiTW96aWxsYVwvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyB... https://www1.watchmygirlfriend.to/video.php	8 KB 4 KB	503ms 170ms	Document text/html	108.170.27.42 SSASN2
General Check archive.org Show headers Download Go to Full URL https://www1.watchmygirlfriend.to/video.php Requested by Host: prpops.com URL: https://prpops.com/p/gzas/direct/t:iflporn Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 108.170.27.42 Phoenix, United States, ASN20454 (SSASN2, US), Reverse DNS Software nginx / PHP/5.4.16 Resource Hash `6eec8ff0e99d4bce0bba044f1a6c1ee17b6ee7122eb0510383ba16ef45cf280c` Request headers Host www1.watchmygirlfriend.to Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://prpops.com/p/gzas/direct/t:iflporn Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://prpops.com/p/gzas/direct/t:iflporn Response headers Server nginx Date Mon, 17 Aug 2020 15:44:58 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.4.16 Content-Encoding gzip Redirect headers Server nginx Date Mon, 17 Aug 2020 15:44:58 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie woa1quur7O=30cd2cf71fff8cc00ea7afbd368962ab12d857df7d6aaa9cf019e1b0b49df65312af594bd2b6237b4fc9e2abe22a023a2a7587f9ca3365df52d82a58363b4b49; expires=Sat, 13-Feb-2021 15:44:58 GMT; Max-Age=15552000 prVi=GTFJra2WuKVO0S0zkXvf7aWCj90kINhr; expires=Tue, 17-Aug-2021 15:44:58 GMT; Max-Age=31536000; path=/; domain=.plugrush.com Cache-Control no-cache, must-revalidate, no-transform Expires Tue, 31 Dec 2013 23:59:59 GMT Location https://www1.watchmygirlfriend.to/video.php Access-Control-Allow-Origin *
GET H/1.1	200 OK	ffngubvweuip.php Show response www1.watchmygirlfriend.to/	35 KB 11 KB	172ms 172ms	Script application/javascript	108.170.27.42 SSASN2
General Check archive.org Show headers Download Go to Full URL https://www1.watchmygirlfriend.to/ffngubvweuip.php Requested by Host: www1.watchmygirlfriend.to URL: https://www1.watchmygirlfriend.to/video.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 108.170.27.42 Phoenix, United States, ASN20454 (SSASN2, US), Reverse DNS Software nginx / PHP/5.4.16 Resource Hash `67c2cf29d6254b17c04bff5db4235a5b33da1c65e348872b41cfb771491be368` Request headers Referer https://www1.watchmygirlfriend.to/video.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 17 Aug 2020 15:44:58 GMT Content-Encoding gzip Server nginx Connection keep-alive X-Powered-By PHP/5.4.16 Transfer-Encoding chunked Content-Type application/javascript
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `226fec78d633cbd16180916ee3033c9c161dee03b64e30e8ef1a156686d3c7d0` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	/ Show response d.trafiq.win/d/	13 KB 4 KB	700ms 183ms	XHR application/json	131.153.42.211 SSASN2
General Check archive.org Show headers Download Go to Full URL https://d.trafiq.win/d/?resource=bundler&nada=1&widgets=1655985:1&isct=1597679081&rfrr=https://www1.watchmygirlfriend.to/video.php&iscs=YmU1YWVlOTZmYWRkYTA5MDJlMDY3Y2RiNzQwMTY4ZDViZmFkODBmZGVlOTVkNzM4YzNmOGIyYjI1MWE2YWVlMHwwfDV8MTA4LjE3MC4yNy40MnxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODQuMC40MTQ3LjEyNSBTYWZhcmkvNTM3LjM2fDMyOTcyNHwxNTk3Njc5MDgxfGliYUhSMGNITTZMeTkzZDNjeExuZGhkR05vYlhsbmFYSnNabkpwWlc1a0xuUnZMM1pwWkdWdkxuQm9jQT09&reqc=1&ver=584a49a5e8a1bbae.1597679081159 Requested by Host: www1.watchmygirlfriend.to URL: https://www1.watchmygirlfriend.to/ffngubvweuip.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 131.153.42.211 Phoenix, United States, ASN20454 (SSASN2, US), Reverse DNS Software nginx / Express Resource Hash `b0e20ef36ee7011b68db15084e267a055688a00f591e7b0c0671ed7c7fb34ca7` Request headers Referer https://www1.watchmygirlfriend.to/video.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 17 Aug 2020 15:44:59 GMT Content-Encoding gzip ETag W/"344b-iuFt65CwUCnNZwTNgzst+8DNgoU" Server nginx X-Powered-By Express Transfer-Encoding chunked Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin https://www1.watchmygirlfriend.to Access-Control-Allow-Credentials true Connection keep-alive
GET H/1.1	200 OK	t.php d.trafiq.win/	0 412 B	171ms 171ms	Image text/html	131.153.42.211 SSASN2
General Check archive.org Show headers Download Go to Show image Full URL https://d.trafiq.win/t.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 131.153.42.211 Phoenix, United States, ASN20454 (SSASN2, US), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://www1.watchmygirlfriend.to/video.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Mon, 17 Aug 2020 15:45:00 GMT Content-Encoding gzip Server nginx Connection keep-alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d.trafiq.win
fapthat.com
iflporn.com
prpops.com
www1.watchmygirlfriend.to
108.170.27.42
131.153.42.211
131.153.42.225
2606:4700:3033::681c:154f
2606:4700:3036::6812:21ec
226fec78d633cbd16180916ee3033c9c161dee03b64e30e8ef1a156686d3c7d0
54e4ba094e9b4b3d97fddca27a15183e63974aacd0f2c2df92019a9a96deb3b6
67c2cf29d6254b17c04bff5db4235a5b33da1c65e348872b41cfb771491be368
6a9ab348da7c571b83fa0ba320e31bb4c0121b9f17ff1b6f96aa455152003e4a
6eec8ff0e99d4bce0bba044f1a6c1ee17b6ee7122eb0510383ba16ef45cf280c
b0e20ef36ee7011b68db15084e267a055688a00f591e7b0c0671ed7c7fb34ca7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

www1.watchmygirlfriend.to Open in urlscan Pro 108.170.27.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

5 IPs

1 Countries

30 kBTransfer

81 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

0 Cookies

Indicators

www1.watchmygirlfriend.to Open in urlscan Pro
108.170.27.42 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

30 kB
Transfer

81 kB
Size

0
Cookies

6 HTTP transactions
1 data transactions