URL: https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
Submission: On January 04 via automatic, source phishtank

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2606:4700:30::681f:4c51, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is link.do.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on December 27th 2018. Valid for: 6 months.
This is the only time link.do was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:30:... 13335 (CLOUDFLAR...)
1 52.19.25.245 16509 (AMAZON-02)
5 3
Apex Domain
Subdomains
Transfer
3 link.do
link.do
48 KB
1 omgpl.com
track.omgpl.com
0 guavaberryjuices.com Failed
guavaberryjuices.com Failed
5 3
Domain Requested by
3 link.do link.do
1 track.omgpl.com link.do
0 guavaberryjuices.com Failed link.do
5 3

This site contains no links.

Subject Issuer Validity Valid
sni89362.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2018-12-27 -
2019-07-05
6 months crt.sh
*.omguk.com
Amazon
2018-10-16 -
2019-11-16
a year crt.sh

This page contains 2 frames:

Frame: https://guavaberryjuices.com/redir.php
Frame ID: 7222B34CB5FAD16746388713840663A9
Requests: 4 HTTP requests in this frame

Frame: https://track.omgpl.com/?AID=1276226&PID=31159&CRID=174320&WID=83351&UID=ld&UID2=ld
Frame ID: 2269A4CF9535FACB59D079EB60E2440C
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Page Statistics

5
Requests

80 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

48 kB
Transfer

111 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request redirect.php
link.do/
986 B
701 B
Document
General
Full URL
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681f:4c51 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.4.45-0+deb7u9
Resource Hash
b57c25e8064417efe9fd1564e986ac8bf515eb767588a3cd5b9900b92ce600d3

Request headers

:method
GET
:authority
link.do
:scheme
https
:path
/redirect.php?to=https://guavaberryjuices.com/redir.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Fri, 04 Jan 2019 04:26:20 GMT
content-type
text/html
set-cookie
__cfduid=d27a3192e2ad45ceff7e8d1b785bd493d1546575980; expires=Sat, 04-Jan-20 04:26:20 GMT; path=/; domain=.link.do; HttpOnly; Secure
x-powered-by
PHP/5.4.45-0+deb7u9
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
493af2442e7ac300-FRA
content-encoding
br
load.gif
link.do/
15 KB
15 KB
Image
General
Full URL
https://link.do/load.gif
Requested by
Host: link.do
URL: https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681f:4c51 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
37ecf95d982a1856b207c91316685db43d0655463f1914c192c768e6a7b1217f

Request headers

:path
/load.gif
pragma
no-cache
cookie
__cfduid=d27a3192e2ad45ceff7e8d1b785bd493d1546575980
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
link.do
referer
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
:scheme
https
:method
GET
Referer
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 04 Jan 2019 04:26:20 GMT
cf-cache-status
HIT
last-modified
Mon, 08 Oct 2018 11:30:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
493af2446ed7c300-FRA
content-length
15580
expires
Mon, 04 Feb 2019 04:26:20 GMT
jquery-1.12.4.min.js
link.do/
95 KB
32 KB
Script
General
Full URL
https://link.do/jquery-1.12.4.min.js
Requested by
Host: link.do
URL: https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681f:4c51 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

:path
/jquery-1.12.4.min.js
pragma
no-cache
cookie
__cfduid=d27a3192e2ad45ceff7e8d1b785bd493d1546575980
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
link.do
referer
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
:scheme
https
:method
GET
Referer
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 04 Jan 2019 04:26:20 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 05 Oct 2018 12:19:35 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=2678400
cf-ray
493af2446ed8c300-FRA
expires
Mon, 04 Feb 2019 04:26:20 GMT
/
track.omgpl.com/ Frame 2269
0
0
Document
General
Full URL
https://track.omgpl.com/?AID=1276226&PID=31159&CRID=174320&WID=83351&UID=ld&UID2=ld
Requested by
Host: link.do
URL: https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.25.245 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-19-25-245.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Host
track.omgpl.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://link.do/redirect.php?to=https://guavaberryjuices.com/redir.php

Response headers

Access-Control-Allow-Origin
*
Cache-Control
private,no-store, no-cache
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 04 Jan 2019 04:26:18 GMT
P3P
CP="ALL CURa ADMa DEVa TAIa PSAa PSDa OUR BUS IND UNI COM NAV INT"
Server
Microsoft-IIS/8.5
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.0
X-Powered-By
ASP.NET
X-XSS-Protection
1; mode=block
Content-Length
156
Connection
keep-alive
redir.php
guavaberryjuices.com/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
guavaberryjuices.com
URL
https://guavaberryjuices.com/redir.php

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
.link.do/ Name: __cfduid
Value: d27a3192e2ad45ceff7e8d1b785bd493d1546575980