| wa.privategirlocation.com/img/logo-2.jpg | 104.21.40.46 | 200 OK | 77 kB |
URL GET HTTP/3wa.privategirlocation.com/img/logo-2.jpg IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 675x900, components 3 Hash5252a6f2558062d891ba358607d41047 93e648f2dcfee2a8e4c6a0592d960f6767170068 ff9e2a898cad8c5d5fe310af13dfb2c82caba237d0a546e9dcc52997c7c55a56
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /img/logo-2.jpg HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: image/jpeg
content-length: 77421
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 00:07:34 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOBem8pTGPjg4sjMdJxoFdoxjRB3mWBRa7kbTdsTh0zh0miQ1fnkpu7qjhBjx1uabCRIJbbel8CcUQYEg02UUNOlnj%2BquMt8JPNZGgxRtBRVoqEwzCTqcgLRv0PB1vX59GWzKwi%2F8oAQ6CL9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87abfa53cc2ab4ed-OSL
alt-svc: h3=":443"; ma=86400
|
|
| wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff | 104.21.40.46 | 200 OK | 102 kB |
URL GET HTTP/3wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 102536, version 1.0 Size102 kB (102536 bytes) Hash1ed478a6b265d4b4f5c26bb063203588 1ca5e8c7d2fb8e9d60ad1a1feb2a46e98c248a3d c874e14c63db86c4c5318c77cb557fce7036645edc7d690dcc1d23b389631b13
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:04 GMT
content-type: font/woff
content-length: 102536
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 04:11:33 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 91
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsjuzu6NkFbsoBgob4LtvDJ8KM4D4pyO%2BVsxihVJD83%2Br0r%2BvH492R6QPbPjgiNDJOdCEtbNAGMIe98JkZkQDiVKC%2FyEspTGSWnHaKrtI16YFrdDxXHNi3wCJ9tdNgM%2Fb0nJyiE4IM8L1UwX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87abfa547c78b4ed-OSL
alt-svc: h3=":443"; ma=86400
|
|
| wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css | 104.21.40.46 | 200 OK | 19 kB |
URL GET HTTP/3wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
Hashf483f87a3c57f292bd5eb4c343003b01 5f2b1fa8de5b4d52ea2b04941aa508529e6994c9 f93ce1072054f40abfa1889d47d29d227a8af86231a073ccf678f7ab8841d6f3
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Tue, 30 Apr 2024 10:04:33 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 324510
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0%2Fczp4RI8YbttnuKzU4MVIPlz9naFa5e3O7rxelAV5ve5hwL1jYF5a1xiKnYZA4NnLY%2BldZsPMHlJpXuLXWwZ20XR4H9X4oFBaV6S63JXjGAdteVZ5BkMfJCgNLQwR0hoQ1zGNnx7q3%2FYLQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53bc24b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| hzr0dm28m17c.com/345e1621a507b6fbaf713c8b5e94fb13/invoke.js | 172.240.108.76 | 200 OK | 12 kB |
URL GET HTTP/1.1hzr0dm28m17c.com/345e1621a507b6fbaf713c8b5e94fb13/invoke.js IP172.240.108.76:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjecthzr0dm28m17c.com Fingerprint9F:89:99:65:B2:6A:E8:8C:A8:61:55:B2:AC:E5:74:D2:72:2E:0F:F4 ValidityWed, 10 Apr 2024 07:04:16 GMT - Tue, 09 Jul 2024 07:04:15 GMT
File typeJavaScript source, ASCII text, with very long lines (31278), with no line terminators Hash974f1b3f53e3e9cd40e67ed765a3b008 8a4814eef2aa1f9fc4ab4b70f50ead5eb7556016 898e1ff66c804465f11d35b81022b38a99ad036cef9e0c4e3ead47537f282c75
GET /345e1621a507b6fbaf713c8b5e94fb13/invoke.js HTTP/1.1
Host: hzr0dm28m17c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 04:13:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad96b3971662f1864285e80fe66fca13
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| proftrafficcounter.com/stats | 18.159.11.169 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.159.11.169:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash0d08b002fd8526070f22a73bd991a7dd 7be7e1c445abb29a22d35158891799752e2ea6fc 9b4c53d2bf8fec2e4a33084bf6b554e03ea785896b1367e0be3261b4be95b3fa
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wa.privategirlocation.com
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 27 Apr 2024 04:13:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://wa.privategirlocation.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=60151ba0-f437-4738-b2e0-b81280a2df49:1:1; expires=Tue, 25 Apr 2034 04:13:04 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| baileybenedictionphony.com/watch.1041205968811.js?key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&tz=0&dev=e&res=14.2071&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 | 192.243.59.20 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1baileybenedictionphony.com/watch.1041205968811.js?key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&tz=0&dev=e&res=14.2071&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectbaileybenedictionphony.com FingerprintE6:FB:DB:5C:C6:27:CC:19:84:03:ED:BB:0D:18:51:3D:71:14:F9:25 ValidityMon, 22 Apr 2024 12:37:31 GMT - Sun, 21 Jul 2024 12:37:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1041205968811.js?key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&tz=0&dev=e&res=14.2071&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 HTTP/1.1
Host: baileybenedictionphony.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wa.privategirlocation.com
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 27 Apr 2024 04:13:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wa.privategirlocation.com
Access-Control-Allow-Origin: https://wa.privategirlocation.com
Access-Control-Allow-Credentials: true
Location: https://baileybenedictionphony.com/watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1
Set-Cookie: u_pl=20909317; expires=Sun, 28 Apr 2024 04:13:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDkwOTMxNywiayI6IjM0NWUxNjIxYTUwN2I2ZmJhZjcxM2M4YjVlOTRmYjEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMDc5NzYzLCJwaWQiOjg5MzkyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJycXVpdjhqbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dhLnByaXZhdGVnaXJsb2NhdGlvbi5jb20vIiwiYXIiOltdfX0.D81-y4yDcrcYSDmhLtjgOvd1_e3unk77LJqEj2sGa0k; expires=Sat, 27 Apr 2024 04:14:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88dc3aed9c5a9134218d6e3265fc9fc0
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| baileybenedictionphony.com/watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 | 192.243.59.20 | 200 OK | 0 B |
URL GET HTTP/1.1baileybenedictionphony.com/watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectbaileybenedictionphony.com FingerprintE6:FB:DB:5C:C6:27:CC:19:84:03:ED:BB:0D:18:51:3D:71:14:F9:25 ValidityMon, 22 Apr 2024 12:37:31 GMT - Sun, 21 Jul 2024 12:37:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 HTTP/1.1
Host: baileybenedictionphony.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wa.privategirlocation.com
Referer: https://wa.privategirlocation.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20909317; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDkwOTMxNywiayI6IjM0NWUxNjIxYTUwN2I2ZmJhZjcxM2M4YjVlOTRmYjEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMDc5NzYzLCJwaWQiOjg5MzkyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJycXVpdjhqbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dhLnByaXZhdGVnaXJsb2NhdGlvbi5jb20vIiwiYXIiOltdfX0.D81-y4yDcrcYSDmhLtjgOvd1_e3unk77LJqEj2sGa0k
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 27 Apr 2024 04:13:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wa.privategirlocation.com
Access-Control-Allow-Origin: https://wa.privategirlocation.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=60151ba0-f437-4738-b2e0-b81280a2df49:1:1; expires=Sat, 04 May 2024 04:13:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9be070f4d598bcb8199f0dd14210caa2
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| wa.privategirlocation.com/npm/backoffer.js | 104.21.40.46 | 200 OK | 11 kB |
URL GET HTTP/3wa.privategirlocation.com/npm/backoffer.js IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
File typeJavaScript source, ASCII text, with CRLF line terminators Hash4e39716b4d4469996fc6e68265fa8830 c8b24994e71f4e58170e639124107fd25757f755 3cc4cdc7b3421264503656474f5b10db20bc711493bfe2df0680da0b7c81a72c
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /npm/backoffer.js HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/javascript
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: HIT
age: 91
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXn1hEZAyAKsJp%2BJ31nQdURJH%2F5sii3rCAfjzi2uVoKBL2hN0W0YjN%2BF5HwhcDOmqc6iu9mX52oSXcrbSMVDyulzl8sqIqXELWpjsaRKerTqlq07w0L9aXrSJgDbe0J2yUaMgTrpy8RCI383"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53bc27b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 5.8 kB |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typegzip compressed data, max speed, from Unix Hashaa33725c2d0a3d1c2f9c878d64914807 6e83d13ec860384a977738b04ff0891a01ab519a fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 04:13:21 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=xOOEhSgVsVb3aGc_L1nONQnify4oSv5Zedk_JPomW4HLfTc5QVR88IgcrtS3Kj9SOACQL4xWR06CSiA4f5WSLufKJ5Xy2XCPsg0Gfa1ntFw2YMi6HSp0yVaXOFmRtHAJ
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| | 104.21.76.39 | 301 Moved Permanently | 8.4 kB |
URL User Request GET HTTP/2IP104.21.76.39:443
CertificateIssuerGoogle Trust Services LLC Subjectescortblondes.com Fingerprint52:E1:E9:1D:5C:7E:68:55:1D:74:54:53:9F:BF:29:A4:C6:D2:1A:AB ValidityMon, 18 Mar 2024 04:14:13 GMT - Sun, 16 Jun 2024 04:14:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET / HTTP/1.1
Host: escortblondes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/html; charset=UTF-8
location: https://wa.privategirlocation.com
x-powered-by: PHP/8.1.28
cache-control: must-revalidate, no-cache, no-store, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImQ2c014ZCs0eHZteHdDWkNwZlpqRVE9PSIsInZhbHVlIjoiRlg1NUFudldmZVYvd0krQkl4bTNWWmNrQ2JxTmEwWmk4WFNBS0RxRm5zWHQrQnpMLzFLNjBJLzVHM2dGUlVBOFhZUUdyaXNIWitTa3lVMFRqRm0yaWtJRTlmUWhZbzdwTUVTek05U3Fva2YvOVF1eExJMCsvcjNlNWw4SzdzdlUiLCJtYWMiOiIzN2I4NWM5YjMwYjY5M2Y3Mzk4MzQ2Yjc5NTUwNjBkNWM5NmRlNzZmMTIzNDRmZjRlYjdkM2RkNTgzODljZjA2IiwidGFnIjoiIn0%3D; expires=Sat, 27-Apr-2024 06:13:03 GMT; Max-Age=7200; path=/; secure
phpshort_session=eyJpdiI6IkhGdHpaYjNGM0R2YlJXSmJMRVlyZFE9PSIsInZhbHVlIjoiTkYwckl5UmxZRjVNL3dPTU41UjVobDJXdlV1aUpueUd6UGZsU0VMZ2E3OFhUQzlCKzhkMFcyUlNaNnV1ZW9JZDdRWEl3M1JhU1U0Vk10cmdnZVE0YkJZamZFelVINEZWem8xK2lTU25waS9GdmxlcDBDTlQzRjB4Y2RpRWhVTzYiLCJtYWMiOiI1YzYwNTE3YjY1MzAzNWQ1MGE4YWZiYTQwOThkZThiMzg4ODI2ZGQ4ZDNhMDc1NTc3M2ExZmMyZjMzNmVmY2Y0IiwidGFnIjoiIn0%3D; expires=Sat, 27-Apr-2024 06:13:03 GMT; Max-Age=7200; path=/; httponly; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bVLzOAtAvItLe%2BYUS%2FrUpdLoTQmP7zqjSDzrKPfLM%2F%2Biz9S3LymyzAuCQcFWEkH%2BmTt6JexAA5d8Dvx6RBSSnJb%2BzACuqsLvxIxw7n4xy3egiJjMUyeAyLN9dbMRgNqvSRG%2FqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa4a29a6b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wa.privategirlocation.com/npm/bootstrap-5.1.3/dist/css/bootstrap.min.css | 104.21.40.46 | 200 OK | 164 kB |
URL GET HTTP/3wa.privategirlocation.com/npm/bootstrap-5.1.3/dist/css/bootstrap.min.css IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
Size164 kB (163887 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /npm/bootstrap-5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Tue, 30 Apr 2024 10:04:33 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 324510
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GHF0FCmanvV0BCdwX%2FZYkEog8csh4Kp3CIZFtxuv%2FBvvs62MPOPlmP9ZQAFNgl85pZJW7BVFMV6UtdRvMbqYPQH64MYDkgjmGlDdXmecNv9iX%2FyxLoigZOmHM5HtxcqqrC7Rrq6gNkFILbb3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53bc26b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wa.privategirlocation.com/img/wa-logo.svg | 104.21.40.46 | 200 OK | 2.6 kB |
URL GET HTTP/3wa.privategirlocation.com/img/wa-logo.svg IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
File typeSVG Scalable Vector Graphics image Hashaf4465a12513351224543990c7d6bd22 2a824b9ae72775384714868ac1f2dc68fc773c5c dfe902bf2459c47cd760687ea56a3fcf81e0cc0f1c2f677d763a4eeb485c87a6
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /img/wa-logo.svg HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 00:07:34 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8btXQSEOTVqGvZR7P3LGcsV0zaW8TMdUiMdzHthCNQtyNfcKAXNTJZB4%2BvKF9PEgimt%2B6eFvF0WaZ5Jj2IP6Alxlu%2BxAFPGfErUNdCWYhArgATzYCuWytrClfABXFbNygZLSjuFR8vV6PdsO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53cc29b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wa.privategirlocation.com/ | 104.21.40.46 | 200 OK | 8.4 kB |
URL User Request GET HTTP/2wa.privategirlocation.com/ IP104.21.40.46:443
CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (8700), with no line terminators Hash759b4420d2620bab98389f8d0fbe8d9c 2aa7b13b71d04151e315864f18d24d62238ebd1b e2222031c162ac32ceacd75921917718b55195108b0e5fdfe6f3a03e45147282
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET / HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/html
last-modified: Wed, 18 Oct 2023 23:48:39 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pgH1FB6XZqXLn8ma0EVeUEq7xk0NrCyVU5NT31H4Ffha5hRDSmMJL3yHmYrF%2FY%2FpqCNgEL0n1WlbQ7LRRpZWKPsN8vtR20qtD5zTrOAldPdinoEDAxXo0JARzxJzF4hMXN98DwtfSJmsdQCR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa4fadc0b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wa.privategirlocation.com/favicon.ico | 104.21.40.46 | 404 Not Found | 1.3 kB |
URL GET HTTP/3wa.privategirlocation.com/favicon.ico IP104.21.40.46:443
Requested byhttps://wa.privategirlocation.com/ CertificateIssuerLet's Encrypt Subjectprivategirlocation.com Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | WhatsApp |
GET /favicon.ico HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sat, 27 Apr 2024 04:13:04 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvSpIhi2LlxYH%2FB75KC%2FVtMiIiH%2Baz2u027I72u4%2B5dZwK5af9wfbmFpL3BB6YdqjwSWltNwoj%2F5SCxSaih6jAwERvMldTWSmnBUG3cy1%2FIFaXBC2vvRISESLCkV%2F5nggpgTT1hXuBbKX0MY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87abfa57ee02b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|