Report - escortblondes.com/

Report Overview

Submitted URL
escortblondes.com/
IP
104.21.76.39
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-27 04:13:26
Access
public
Website Title
WhatsApp Group Invite
Final URL
wa.privategirlocation.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
escortblondes.com	unknown	unknown	No data	No data	474 B	10 kB	104.21.76.39
wa.privategirlocation.com	unknown	2023-05-27	2023-09-05	2023-11-05	3.8 kB	392 kB	104.21.40.46
hzr0dm28m17c.com	269459	2020-06-29	2020-08-28	2024-04-20	443 B	13 kB	172.240.108.76
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-25	451 B	432 B	18.159.11.169
baileybenedictionphony.com	unknown	2024-04-22	2024-04-23	2024-04-23	2.5 kB	3.3 kB	192.243.59.20
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-25	512 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-26	medium	escortblondes.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp
2024-04-25	medium	wa.privategirlocation.com/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	baileybenedictionphony.com	Sinkholed
2024-04-26	medium	baileybenedictionphony.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	wa.privategirlocation.com/npm/backoffer.js	618 B	2023-03-07	2024-05-02
Pretty URL wa.privategirlocation.com/npm/backoffer.js IP 104.21.40.46 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:37 Last Seen2024-05-02 10:16:26 Times Seen257 Hash 4e39716b4d4469996fc6e68265fa8830 c8b24994e71f4e58170e639124107fd25757f755 3cc4cdc7b3421264503656474f5b10db20bc711493bfe2df0680da0b7c81a72c Loading...

	wa.privategirlocation.com/	0 B	2023-03-07	2024-05-08
Pretty URL wa.privategirlocation.com/ IP 104.21.40.46 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 11:13:24 Times Seen37434638 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	392 B	2023-10-20	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-20 14:51:55 Last Seen2024-04-27 06:13:33 Times Seen9 Hash 7bb4cdbe9a30b3915025350ee878c82a 92e891f15dabf35d321da98b561cca69c0fe8bdb 787bb633dba8640f1e5456c264bc31a5747f14723445f4378cccefbcff523670 Loading...

	hzr0dm28m17c.com/345e1621a507b6fbaf713c8b5e94fb13/invoke.js	31 kB	2024-04-27	2024-04-27
Pretty URL hzr0dm28m17c.com/345e1621a507b6fbaf713c8b5e94fb13/invoke.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 06:13:33 Last Seen2024-04-27 06:13:33 Times Seen2 Hash 974f1b3f53e3e9cd40e67ed765a3b008 8a4814eef2aa1f9fc4ab4b70f50ead5eb7556016 898e1ff66c804465f11d35b81022b38a99ad036cef9e0c4e3ead47537f282c75 Loading...

	unknown	145 B	2023-10-20	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-20 14:51:55 Last Seen2024-04-27 06:13:33 Times Seen9 Hash 02ba3e9834b60d80904c24968b9ab641 c38b9de12421583a1434f02355011e1d0b15790e 74a85926e5468ca7758a8ec622ebccb47281ea4a6e763f97222a9d10ca467477 Loading...

		Size	First Seen	Last Seen
	#1 Write - 78b14f4e54dc3a4696efe024ba12a49a	318 B	2023-10-20	2024-04-27
Pretty Observations First Seen2023-10-20 14:51:55 Last Seen2024-04-27 06:13:33 Times Seen9 Hash 78b14f4e54dc3a4696efe024ba12a49a 43312f7ab0aa3b26084760560844c286483f5a86 8cf6a73edc2c9feff2820aeb000b02cce81e039722a5c3cfe0e44bdfc82d92ac Loading...

	#2 Write - 31459d70a588537efe347fdbb4125ecb	108 B	2023-10-20	2024-04-27
Pretty Observations First Seen2023-10-20 14:51:55 Last Seen2024-04-27 06:13:33 Times Seen9 Hash 31459d70a588537efe347fdbb4125ecb bc87a0662fc8b127be9ddd9e3aae5a4b146aa586 0e044b141ffb37973cb725686b56e12080d37dbe9d6eade7ee56568e88e19908 Loading...

HTTP Transactions (14)

URL IP Response Size

wa.privategirlocation.com/img/logo-2.jpg

104.21.40.46

200 OK

77 kB

URL GET HTTP/3
wa.privategirlocation.com/img/logo-2.jpg
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 675x900, components 3
Size
77 kB (77421 bytes)
Hash
5252a6f2558062d891ba358607d41047
93e648f2dcfee2a8e4c6a0592d960f6767170068
ff9e2a898cad8c5d5fe310af13dfb2c82caba237d0a546e9dcc52997c7c55a56

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /img/logo-2.jpg HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: image/jpeg
content-length: 77421
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 00:07:34 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOBem8pTGPjg4sjMdJxoFdoxjRB3mWBRa7kbTdsTh0zh0miQ1fnkpu7qjhBjx1uabCRIJbbel8CcUQYEg02UUNOlnj%2BquMt8JPNZGgxRtBRVoqEwzCTqcgLRv0PB1vX59GWzKwi%2F8oAQ6CL9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87abfa53cc2ab4ed-OSL
alt-svc: h3=":443"; ma=86400

wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff

104.21.40.46

200 OK

102 kB

URL GET HTTP/3
wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 102536, version 1.0
Size
102 kB (102536 bytes)
Hash
1ed478a6b265d4b4f5c26bb063203588
1ca5e8c7d2fb8e9d60ad1a1feb2a46e98c248a3d
c874e14c63db86c4c5318c77cb557fce7036645edc7d690dcc1d23b389631b13

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:04 GMT
content-type: font/woff
content-length: 102536
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 04:11:33 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 91
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsjuzu6NkFbsoBgob4LtvDJ8KM4D4pyO%2BVsxihVJD83%2Br0r%2BvH492R6QPbPjgiNDJOdCEtbNAGMIe98JkZkQDiVKC%2FyEspTGSWnHaKrtI16YFrdDxXHNi3wCJ9tdNgM%2Fb0nJyiE4IM8L1UwX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87abfa547c78b4ed-OSL
alt-svc: h3=":443"; ma=86400

wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css

104.21.40.46

200 OK

19 kB

URL GET HTTP/3
wa.privategirlocation.com/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
ASCII text
Size
19 kB (19292 bytes)
Hash
f483f87a3c57f292bd5eb4c343003b01
5f2b1fa8de5b4d52ea2b04941aa508529e6994c9
f93ce1072054f40abfa1889d47d29d227a8af86231a073ccf678f7ab8841d6f3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Tue, 30 Apr 2024 10:04:33 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 324510
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0%2Fczp4RI8YbttnuKzU4MVIPlz9naFa5e3O7rxelAV5ve5hwL1jYF5a1xiKnYZA4NnLY%2BldZsPMHlJpXuLXWwZ20XR4H9X4oFBaV6S63JXjGAdteVZ5BkMfJCgNLQwR0hoQ1zGNnx7q3%2FYLQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53bc24b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hzr0dm28m17c.com/345e1621a507b6fbaf713c8b5e94fb13/invoke.js

172.240.108.76

200 OK

12 kB

URL GET HTTP/1.1
hzr0dm28m17c.com/345e1621a507b6fbaf713c8b5e94fb13/invoke.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjecthzr0dm28m17c.com
Fingerprint9F:89:99:65:B2:6A:E8:8C:A8:61:55:B2:AC:E5:74:D2:72:2E:0F:F4
ValidityWed, 10 Apr 2024 07:04:16 GMT - Tue, 09 Jul 2024 07:04:15 GMT

File type
JavaScript source, ASCII text, with very long lines (31278), with no line terminators
Size
12 kB (11814 bytes)
Hash
974f1b3f53e3e9cd40e67ed765a3b008
8a4814eef2aa1f9fc4ab4b70f50ead5eb7556016
898e1ff66c804465f11d35b81022b38a99ad036cef9e0c4e3ead47537f282c75

HTTP Headers

GET /345e1621a507b6fbaf713c8b5e94fb13/invoke.js HTTP/1.1
Host: hzr0dm28m17c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 04:13:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad96b3971662f1864285e80fe66fca13
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.159.11.169

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.159.11.169:443
ASN
#16509 AMAZON-02

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
0d08b002fd8526070f22a73bd991a7dd
7be7e1c445abb29a22d35158891799752e2ea6fc
9b4c53d2bf8fec2e4a33084bf6b554e03ea785896b1367e0be3261b4be95b3fa

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wa.privategirlocation.com
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 04:13:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://wa.privategirlocation.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=60151ba0-f437-4738-b2e0-b81280a2df49:1:1; expires=Tue, 25 Apr 2034 04:13:04 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

baileybenedictionphony.com/watch.1041205968811.js?key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&tz=0&dev=e&res=14.2071&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
baileybenedictionphony.com/watch.1041205968811.js?key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&tz=0&dev=e&res=14.2071&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectbaileybenedictionphony.com
FingerprintE6:FB:DB:5C:C6:27:CC:19:84:03:ED:BB:0D:18:51:3D:71:14:F9:25
ValidityMon, 22 Apr 2024 12:37:31 GMT - Sun, 21 Jul 2024 12:37:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1041205968811.js?key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&tz=0&dev=e&res=14.2071&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 HTTP/1.1
Host: baileybenedictionphony.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wa.privategirlocation.com
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 27 Apr 2024 04:13:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wa.privategirlocation.com
Access-Control-Allow-Origin: https://wa.privategirlocation.com
Access-Control-Allow-Credentials: true
Location: https://baileybenedictionphony.com/watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1
Set-Cookie: u_pl=20909317; expires=Sun, 28 Apr 2024 04:13:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDkwOTMxNywiayI6IjM0NWUxNjIxYTUwN2I2ZmJhZjcxM2M4YjVlOTRmYjEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMDc5NzYzLCJwaWQiOjg5MzkyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJycXVpdjhqbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dhLnByaXZhdGVnaXJsb2NhdGlvbi5jb20vIiwiYXIiOltdfX0.D81-y4yDcrcYSDmhLtjgOvd1_e3unk77LJqEj2sGa0k; expires=Sat, 27 Apr 2024 04:14:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88dc3aed9c5a9134218d6e3265fc9fc0
Strict-Transport-Security: max-age=0; includeSubdomains

baileybenedictionphony.com/watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
baileybenedictionphony.com/watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectbaileybenedictionphony.com
FingerprintE6:FB:DB:5C:C6:27:CC:19:84:03:ED:BB:0D:18:51:3D:71:14:F9:25
ValidityMon, 22 Apr 2024 12:37:31 GMT - Sun, 21 Jul 2024 12:37:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1041205968811.js?dev=e&key=345e1621a507b6fbaf713c8b5e94fb13&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714191245&refer=https%3A%2F%2Fwa.privategirlocation.com%2F&res=14.2071&rmtc=t&shu=46646b76165b0730c26cc168e1de13eef738f25e226cd04929dfd60cc13cec02020ddd3fea4a917e2b3184746974abb42a3eab234830152ae6870440689eae18a39d20b3558596dff49b12e51e85de1f9ee5a8cc601e3ad1fefabc9202eadb&tz=0&uuid=60151ba0-f437-4738-b2e0-b81280a2df49%3A1%3A1 HTTP/1.1
Host: baileybenedictionphony.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wa.privategirlocation.com
Referer: https://wa.privategirlocation.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20909317; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDkwOTMxNywiayI6IjM0NWUxNjIxYTUwN2I2ZmJhZjcxM2M4YjVlOTRmYjEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMDc5NzYzLCJwaWQiOjg5MzkyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI3LCJwdCI6NCwicGsiOiJycXVpdjhqbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dhLnByaXZhdGVnaXJsb2NhdGlvbi5jb20vIiwiYXIiOltdfX0.D81-y4yDcrcYSDmhLtjgOvd1_e3unk77LJqEj2sGa0k
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 27 Apr 2024 04:13:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wa.privategirlocation.com
Access-Control-Allow-Origin: https://wa.privategirlocation.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=60151ba0-f437-4738-b2e0-b81280a2df49:1:1; expires=Sat, 04 May 2024 04:13:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9be070f4d598bcb8199f0dd14210caa2
Strict-Transport-Security: max-age=0; includeSubdomains

wa.privategirlocation.com/npm/backoffer.js

104.21.40.46

200 OK

11 kB

URL GET HTTP/3
wa.privategirlocation.com/npm/backoffer.js
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
11 kB (10746 bytes)
Hash
4e39716b4d4469996fc6e68265fa8830
c8b24994e71f4e58170e639124107fd25757f755
3cc4cdc7b3421264503656474f5b10db20bc711493bfe2df0680da0b7c81a72c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/backoffer.js HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/javascript
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: HIT
age: 91
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXn1hEZAyAKsJp%2BJ31nQdURJH%2F5sii3rCAfjzi2uVoKBL2hN0W0YjN%2BF5HwhcDOmqc6iu9mX52oSXcrbSMVDyulzl8sqIqXELWpjsaRKerTqlq07w0L9aXrSJgDbe0J2yUaMgTrpy8RCI383"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53bc27b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
aa33725c2d0a3d1c2f9c878d64914807
6e83d13ec860384a977738b04ff0891a01ab519a
fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 04:13:21 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=xOOEhSgVsVb3aGc_L1nONQnify4oSv5Zedk_JPomW4HLfTc5QVR88IgcrtS3Kj9SOACQL4xWR06CSiA4f5WSLufKJ5Xy2XCPsg0Gfa1ntFw2YMi6HSp0yVaXOFmRtHAJ
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

escortblondes.com/

104.21.76.39

301 Moved Permanently

8.4 kB

URL User Request GET HTTP/2
escortblondes.com/
IP
104.21.76.39:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectescortblondes.com
Fingerprint52:E1:E9:1D:5C:7E:68:55:1D:74:54:53:9F:BF:29:A4:C6:D2:1A:AB
ValidityMon, 18 Mar 2024 04:14:13 GMT - Sun, 16 Jun 2024 04:14:12 GMT

File type

Size
8.4 kB (8373 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: escortblondes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/html; charset=UTF-8
location: https://wa.privategirlocation.com
x-powered-by: PHP/8.1.28
cache-control: must-revalidate, no-cache, no-store, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImQ2c014ZCs0eHZteHdDWkNwZlpqRVE9PSIsInZhbHVlIjoiRlg1NUFudldmZVYvd0krQkl4bTNWWmNrQ2JxTmEwWmk4WFNBS0RxRm5zWHQrQnpMLzFLNjBJLzVHM2dGUlVBOFhZUUdyaXNIWitTa3lVMFRqRm0yaWtJRTlmUWhZbzdwTUVTek05U3Fva2YvOVF1eExJMCsvcjNlNWw4SzdzdlUiLCJtYWMiOiIzN2I4NWM5YjMwYjY5M2Y3Mzk4MzQ2Yjc5NTUwNjBkNWM5NmRlNzZmMTIzNDRmZjRlYjdkM2RkNTgzODljZjA2IiwidGFnIjoiIn0%3D; expires=Sat, 27-Apr-2024 06:13:03 GMT; Max-Age=7200; path=/; secure
phpshort_session=eyJpdiI6IkhGdHpaYjNGM0R2YlJXSmJMRVlyZFE9PSIsInZhbHVlIjoiTkYwckl5UmxZRjVNL3dPTU41UjVobDJXdlV1aUpueUd6UGZsU0VMZ2E3OFhUQzlCKzhkMFcyUlNaNnV1ZW9JZDdRWEl3M1JhU1U0Vk10cmdnZVE0YkJZamZFelVINEZWem8xK2lTU25waS9GdmxlcDBDTlQzRjB4Y2RpRWhVTzYiLCJtYWMiOiI1YzYwNTE3YjY1MzAzNWQ1MGE4YWZiYTQwOThkZThiMzg4ODI2ZGQ4ZDNhMDc1NTc3M2ExZmMyZjMzNmVmY2Y0IiwidGFnIjoiIn0%3D; expires=Sat, 27-Apr-2024 06:13:03 GMT; Max-Age=7200; path=/; httponly; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bVLzOAtAvItLe%2BYUS%2FrUpdLoTQmP7zqjSDzrKPfLM%2F%2Biz9S3LymyzAuCQcFWEkH%2BmTt6JexAA5d8Dvx6RBSSnJb%2BzACuqsLvxIxw7n4xy3egiJjMUyeAyLN9dbMRgNqvSRG%2FqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa4a29a6b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wa.privategirlocation.com/npm/bootstrap-5.1.3/dist/css/bootstrap.min.css

104.21.40.46

200 OK

164 kB

URL GET HTTP/3
wa.privategirlocation.com/npm/bootstrap-5.1.3/dist/css/bootstrap.min.css
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type

Size
164 kB (163887 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/bootstrap-5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Tue, 30 Apr 2024 10:04:33 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 324510
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GHF0FCmanvV0BCdwX%2FZYkEog8csh4Kp3CIZFtxuv%2FBvvs62MPOPlmP9ZQAFNgl85pZJW7BVFMV6UtdRvMbqYPQH64MYDkgjmGlDdXmecNv9iX%2FyxLoigZOmHM5HtxcqqrC7Rrq6gNkFILbb3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53bc26b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wa.privategirlocation.com/img/wa-logo.svg

104.21.40.46

200 OK

2.6 kB

URL GET HTTP/3
wa.privategirlocation.com/img/wa-logo.svg
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2648 bytes)
Hash
af4465a12513351224543990c7d6bd22
2a824b9ae72775384714868ac1f2dc68fc773c5c
dfe902bf2459c47cd760687ea56a3fcf81e0cc0f1c2f677d763a4eeb485c87a6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /img/wa-logo.svg HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 00:07:34 GMT
last-modified: Thu, 28 Sep 2023 07:09:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8btXQSEOTVqGvZR7P3LGcsV0zaW8TMdUiMdzHthCNQtyNfcKAXNTJZB4%2BvKF9PEgimt%2B6eFvF0WaZ5Jj2IP6Alxlu%2BxAFPGfErUNdCWYhArgATzYCuWytrClfABXFbNygZLSjuFR8vV6PdsO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa53cc29b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wa.privategirlocation.com/

104.21.40.46

200 OK

8.4 kB

URL User Request GET HTTP/2
wa.privategirlocation.com/
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8700), with no line terminators
Size
8.4 kB (8373 bytes)
Hash
759b4420d2620bab98389f8d0fbe8d9c
2aa7b13b71d04151e315864f18d24d62238ebd1b
e2222031c162ac32ceacd75921917718b55195108b0e5fdfe6f3a03e45147282

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 04:13:03 GMT
content-type: text/html
last-modified: Wed, 18 Oct 2023 23:48:39 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pgH1FB6XZqXLn8ma0EVeUEq7xk0NrCyVU5NT31H4Ffha5hRDSmMJL3yHmYrF%2FY%2FpqCNgEL0n1WlbQ7LRRpZWKPsN8vtR20qtD5zTrOAldPdinoEDAxXo0JARzxJzF4hMXN98DwtfSJmsdQCR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87abfa4fadc0b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wa.privategirlocation.com/favicon.ico

104.21.40.46

404 Not Found

1.3 kB

URL GET HTTP/3
wa.privategirlocation.com/favicon.ico
IP
104.21.40.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wa.privategirlocation.com/
Certificate
IssuerLet's Encrypt
Subjectprivategirlocation.com
Fingerprint72:33:1C:94:89:E9:CE:A2:68:80:AA:3B:E2:EB:60:36:05:B4:D8:EB
ValiditySun, 17 Mar 2024 22:25:37 GMT - Sat, 15 Jun 2024 22:25:36 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wa.privategirlocation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wa.privategirlocation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 27 Apr 2024 04:13:04 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvSpIhi2LlxYH%2FB75KC%2FVtMiIiH%2Baz2u027I72u4%2B5dZwK5af9wfbmFpL3BB6YdqjwSWltNwoj%2F5SCxSaih6jAwERvMldTWSmnBUG3cy1%2FIFaXBC2vvRISESLCkV%2F5nggpgTT1hXuBbKX0MY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87abfa57ee02b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (14)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers