urlscan.io logo urlscan.io
SecurityTrails logo

www.linkhaitao.com Open in urlscan Pro
120.55.244.223  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://prtonvpn.com/
Effective URL: https://www.linkhaitao.com/index.php?mod=lhdeal&track=532fCx51NSivRyNWbMWAooPavM6Tsr8O9erdVG82chD4nhbXZTn8JDPK8V_as9igGkl9M...
Submission: On May 23 via manual from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 120.55.244.223, located in Hangzhou, China and belongs to CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is www.linkhaitao.com.
TLS certificate: Issued by RapidSSL RSA CA 2018 on December 13th 2019. Valid for: a year.
This is the only time www.linkhaitao.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 162.255.119.70 22612 (NAMECHEAP...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 120.55.244.223 37963 (CNNIC-ALI...)
3 2
Apex Domain
Subdomains		 Transfer
2 ler123.com
ler123.com
889 B
1 linkhaitao.com
www.linkhaitao.com
700 B
1 prtonvpn.com
prtonvpn.com
260 B
3 3
Domain Requested by
2 ler123.com
1 www.linkhaitao.com
1 prtonvpn.com 1 redirects
3 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-05 -
2020-10-09		 8 months crt.sh
*.linkhaitao.com
RapidSSL RSA CA 2018		 2019-12-13 -
2020-12-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.linkhaitao.com/index.php?mod=lhdeal&track=532fCx51NSivRyNWbMWAooPavM6Tsr8O9erdVG82chD4nhbXZTn8JDPK8V_as9igGkl9M&new=https%3A%2F%2Fwww.expressvpn.com%2F&tag=ler
Frame ID: 13BB4337A30EA2F6C19556A5DB61299B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://prtonvpn.com/ HTTP 302
    https://ler123.com/go.php?s=express&t=9944335dddec3cad Page URL
  2. https://ler123.com/to.php?s=express Page URL
  3. https://www.linkhaitao.com/index.php?mod=lhdeal&track=532fCx51NSivRyNWbMWAooPavM6Tsr8O9erdVG82chD4nhbXZ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

2 kB
Transfer

1 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://prtonvpn.com/ HTTP 302
    https://ler123.com/go.php?s=express&t=9944335dddec3cad Page URL
  2. https://ler123.com/to.php?s=express Page URL
  3. https://www.linkhaitao.com/index.php?mod=lhdeal&track=532fCx51NSivRyNWbMWAooPavM6Tsr8O9erdVG82chD4nhbXZTn8JDPK8V_as9igGkl9M&new=https%3A%2F%2Fwww.expressvpn.com%2F&tag=ler Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://prtonvpn.com/ HTTP 302
  • https://ler123.com/go.php?s=express&t=9944335dddec3cad

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
go.php
ler123.com/
Redirect Chain
  • http://prtonvpn.com/
  • https://ler123.com/go.php?s=express&t=9944335dddec3cad
63 B
635 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ler123.com/go.php?s=express&t=9944335dddec3cad
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:6352 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.0.33
Resource Hash
08b3cca107dda493723f33e315e1dc085311e1016cbcd5ebff2f2e598ea4c929

Request headers

:method
GET
:authority
ler123.com
:scheme
https
:path
/go.php?s=express&t=9944335dddec3cad
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Sat, 23 May 2020 18:24:40 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d696c51b83d67d5569781410c47a0a9f01590258278; expires=Mon, 22-Jun-20 18:24:38 GMT; path=/; domain=.ler123.com; HttpOnly; SameSite=Lax; Secure _pk_ses.1.4ead=%2A; expires=Sat, 23-May-2020 18:54:39 GMT; Max-Age=1800; path=/ _pk_id.1.4ead=9035b812d4fa787d.1590258279.1.1590258279..; expires=Sun, 20-Jun-2021 18:24:39 GMT; Max-Age=33955200; path=/ _pk_cvar.1.4ead=false; expires=Sat, 23-May-2020 18:54:39 GMT; Max-Age=1800; path=/
x-powered-by
PHP/7.0.33
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5980d0a068a5d6bd-FRA
content-encoding
br
cf-request-id
02e460b8440000d6bd94092200000001

Redirect headers

Server
nginx
Date
Sat, 23 May 2020 18:24:38 GMT
Content-Type
text/html; charset=utf-8
Content-Length
77
Connection
keep-alive
Location
https://ler123.com/go.php?s=express&t=9944335dddec3cad
X-Served-By
Namecheap URL Forward
to.php
ler123.com/ 		218 B
254 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ler123.com/to.php?s=express
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:6352 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.0.33
Resource Hash

Request headers

:method
GET
:authority
ler123.com
:scheme
https
:path
/to.php?s=express
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ler123.com/go.php?s=express&t=9944335dddec3cad
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d696c51b83d67d5569781410c47a0a9f01590258278; _pk_ses.1.4ead=%2A; _pk_id.1.4ead=9035b812d4fa787d.1590258279.1.1590258279..; _pk_cvar.1.4ead=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://ler123.com/go.php?s=express&t=9944335dddec3cad

Response headers

status
200
date
Sat, 23 May 2020 18:24:40 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.0.33
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5980d0aa6f79d6bd-FRA
content-encoding
br
cf-request-id
02e460be800000d6bd9410f200000001
Primary Request index.php
www.linkhaitao.com/ 		804 B
700 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.linkhaitao.com/index.php?mod=lhdeal&track=532fCx51NSivRyNWbMWAooPavM6Tsr8O9erdVG82chD4nhbXZTn8JDPK8V_as9igGkl9M&new=https%3A%2F%2Fwww.expressvpn.com%2F&tag=ler
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
120.55.244.223 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e7713c358e539963c7d21c06ee0cc304fda20a928c47dea91ce91dd828be3f33

Request headers

:method
GET
:authority
www.linkhaitao.com
:scheme
https
:path
/index.php?mod=lhdeal&track=532fCx51NSivRyNWbMWAooPavM6Tsr8O9erdVG82chD4nhbXZTn8JDPK8V_as9igGkl9M&new=https%3A%2F%2Fwww.expressvpn.com%2F&tag=ler
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ler123.com/to.php?s=express
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://ler123.com/to.php?s=express

Response headers

status
200
date
Sat, 23 May 2020 18:24:41 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
set-cookie
discuz_2132_saltkey=Yt3NzfWJ; expires=Mon, 22-Jun-2020 18:24:41 GMT; Max-Age=2592000; path=/; httponly
id
1183144197
content-encoding
gzip

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Domain/Path Name / Value
www.linkhaitao.com/ Name: discuz_2132_saltkey
Value: Yt3NzfWJ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ler123.com
prtonvpn.com
www.linkhaitao.com
120.55.244.223
162.255.119.70
2606:4700:3032::6818:6352
08b3cca107dda493723f33e315e1dc085311e1016cbcd5ebff2f2e598ea4c929
e7713c358e539963c7d21c06ee0cc304fda20a928c47dea91ce91dd828be3f33