urlscan.io logo urlscan.io
SecurityTrails logo

x.co Open in urlscan Pro
184.168.131.241  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bit.ly/2DKEMPr
Effective URL: http://x.co/6nMbc
Submission: On January 30 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 23 HTTP transactions. The main IP is 184.168.131.241, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is x.co.
This is the only time x.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 395224 (BITLY-AS)
1 184.168.131.241 26496 (AS-26496-...)
7 104.111.232.126 16625 (AKAMAI-AS)
1 45.40.140.1 26496 (AS-26496-...)
1 172.217.21.232 15169 (GOOGLE)
1 104.108.65.19 16625 (AKAMAI-AS)
3 68.232.35.180 15133 (EDGECAST)
1 173.194.76.155 15169 (GOOGLE)
2 178.249.101.23 11054 (LIVEPERSON)
1 172.217.22.46 15169 (GOOGLE)
1 178.249.101.99 11054 (LIVEPERSON)
3 208.89.12.87 11054 (LIVEPERSON)
23 12
1    67.199.248.11 (United States)

ASN395224 (BITLY-AS - Bitly Inc, US)
bit.ly
1    184.168.131.241 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-184-168-131-241.ip.secureserver.net
x.co
7    104.111.232.126 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-232-126.deploy.static.akamaitechnologies.com
img1.wsimg.com
1    45.40.140.1 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-140-1.ip.secureserver.net
shortener.godaddy.com
1    172.217.21.232 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f232.1e100.net
www.googletagmanager.com
1    104.108.65.19 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-65-19.deploy.static.akamaitechnologies.com
gui.godaddy.com
3    68.232.35.180 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
tags.tiqcdn.com
1    173.194.76.155 (Portage, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f155.1e100.net
stats.g.doubleclick.net
2    178.249.101.23 (Netherlands)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
lptag.liveperson.net
1    172.217.22.46 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f14.1e100.net
www.google-analytics.com
1    178.249.101.99 (Netherlands)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
accdn.lpsnmedia.net
3    208.89.12.87 (New York, United States)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
PTR: va.v.liveperson.net
va.v.liveperson.net
Domain Requested by
7 img1.wsimg.com x.co
tags.tiqcdn.com
3 va.v.liveperson.net lptag.liveperson.net
3 tags.tiqcdn.com img1.wsimg.com
tags.tiqcdn.com
2 lptag.liveperson.net img1.wsimg.com
1 accdn.lpsnmedia.net lptag.liveperson.net
1 www.google-analytics.com
1 stats.g.doubleclick.net
1 gui.godaddy.com img1.wsimg.com
1 www.googletagmanager.com img1.wsimg.com
1 shortener.godaddy.com x.co
1 x.co
1 bit.ly 1 redirects
0 img.x.co Failed x.co
23 13

This site contains links to these domains. Also see Links.

Domain
www.godaddy.com
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://x.co/6nMbc
Frame ID: (BF5FFFBB9122411F1756D0BBADBB455A)
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bit.ly/2DKEMPr HTTP 301
    http://x.co/6nMbc Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /^https?:\/\/lptag\.liveperson\.net\/tag\/tag\.js/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • script /^\/\/tags\.tiqcdn\.com\//i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

23
Requests

0 %
HTTPS

0 %
IPv6

10
Domains

13
Subdomains

12
IPs

2
Countries

466 kB
Transfer

1207 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bit.ly/2DKEMPr HTTP 301
    http://x.co/6nMbc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • http://stats.g.doubleclick.net/dc.js HTTP 307
  • https://stats.g.doubleclick.net/dc.js
Request Chain 16
  • http://www.google-analytics.com/plugins/ga/inpage_linkid.js HTTP 307
  • https://www.google-analytics.com/plugins/ga/inpage_linkid.js

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 6nMbc
x.co/
Redirect Chain
  • http://bit.ly/2DKEMPr
  • http://x.co/6nMbc
10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://x.co/6nMbc
Protocol
HTTP/1.1
Server
184.168.131.241 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-184-168-131-241.ip.secureserver.net
Software
Apache/2.2.15 (CentOS) /
Resource Hash
999c2862299b2c34963296abd3b929837346093bb9f970948c106cc3dddaa722
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
x.co
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:29 GMT
Server
Apache/2.2.15 (CentOS)
Connection
close
X-Frame-Options
DENY
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8

Redirect headers

Date
Tue, 30 Jan 2018 00:42:29 GMT
Server
nginx
Content-Type
text/html; charset=utf-8
Location
http://x.co/6nMbc
Set-Cookie
_bit=i0u0Gt-6c63e9c81117266cac-00Y; Domain=bit.ly; Expires=Sun, 29 Jul 2018 00:42:29 GMT
Cache-Control
private, max-age=90
Connection
keep-alive
Content-Length
104
uxcore.min.css
img1.wsimg.com/ux/1.3.50-brand/css/ 		145 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/1.3.50-brand/css/uxcore.min.css
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b107ed47d8dc52696807ebee2405972a04022114519dacc0fcac7936214ab3d0

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Nov 2017 21:40:22 GMT
ETag
"7a43c358a359d31:0"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
25190
Expires
Wed, 30 Jan 2019 00:42:30 GMT
brandheader-brand2.min.css
img1.wsimg.com/ux/eldorado/1.5.107/css/ 		32 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/eldorado/1.5.107/css/brandheader-brand2.min.css
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
84f7c8260f73d2b4a2b833afc8bdb2e157608c1ebd52f240cd47f3a4bb6047ac

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 31 Aug 2017 18:42:30 GMT
ETag
"cffaece68822d31:0"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
8025
Expires
Wed, 30 Jan 2019 00:42:30 GMT
uxcore.en.min.js
img1.wsimg.com/ux/1.3.50-brand/js/ 		448 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4e9eb39bd2d4a943ebc78767969a9b62c5490ae30dff9dc6d29c8f4cd3e4c112

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Nov 2017 21:42:31 GMT
ETag
"374694a5a359d31:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
141232
Expires
Wed, 30 Jan 2019 00:42:30 GMT
brandheader.min.js
img1.wsimg.com/ux/eldorado/1.5.107/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/eldorado/1.5.107/js/brandheader.min.js
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
64cbf7917561cfe91c75b5e1d0712c975fc938c04d3718fa257d234319e43638

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 31 Aug 2017 18:43:10 GMT
ETag
"d43ac2fe8822d31:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
3965
Expires
Wed, 30 Jan 2019 00:42:30 GMT
gd-header-logo.png
img1.wsimg.com/ux/eldorado/1.5.107/images/brand2.0/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img1.wsimg.com/ux/eldorado/1.5.107/images/brand2.0/gd-header-logo.png
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bf61ed2a448815aae212e1f3b7e87b1ae3b6f30738156b808ddc502fbdd5e0e3

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Last-Modified
Thu, 31 Aug 2017 18:43:06 GMT
ETag
"e722dffb8822d31:0"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1767
Expires
Wed, 30 Jan 2019 00:42:30 GMT
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/1.4/woff2/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/1.4/woff2/Boing-Bold.woff2
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
SPDY
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://img1.wsimg.com/ux/1.3.50-brand/css/uxcore.min.css
Origin
http://x.co

Response headers

date
Tue, 30 Jan 2018 00:42:30 GMT
last-modified
Wed, 04 May 2016 22:29:16 GMT
etag
"59c6cd6454a6d11:0"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
28220
expires
Wed, 30 Jan 2019 00:42:30 GMT
shortener_bg.jpg
shortener.godaddy.com/static/img/ 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shortener.godaddy.com/static/img/shortener_bg.jpg
Requested by
Host: x.co
URL: http://x.co/6nMbc
Protocol
SPDY
Server
45.40.140.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-45-40-140-1.ip.secureserver.net
Software
nginx/1.12.2 /
Resource Hash
c8a18c582d47da500d209aec71b6e5719541fa1f80c5ac5e2efa1f5efbeb5d18

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 30 Jan 2018 00:42:30 GMT
last-modified
Fri, 15 Dec 2017 19:06:43 GMT
server
nginx/1.12.2
etag
"5a341d43-1c323"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
115491
gtm.js
www.googletagmanager.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.googletagmanager.com/gtm.js?id=GTM-SXRF&l=_gaDataLayer
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Protocol
HTTP/1.1
Server
172.217.21.232 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f232.1e100.net
Software
Google Tag Manager (scaffolding) /
Resource Hash
58009b66f15c186fc13b80913800b3f645e29c2efab75d6bb58db59e6d1b59a9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Encoding
gzip
Server
Google Tag Manager (scaffolding)
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
http://www.googletagmanager.com
Cache-Control
private, max-age=900
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Cache-Control
Content-Length
17140
X-XSS-Protection
1; mode=block
Expires
Tue, 30 Jan 2018 00:42:30 GMT
/
gui.godaddy.com/pcjson/applicationheader/ 		207 B
848 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gui.godaddy.com/pcjson/applicationheader/?callback=jQuery18308449737643141331_1517272950167&_=1517272950217
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Protocol
HTTP/1.1
Server
104.108.65.19 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-65-19.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/8.5 / ARR/2.5, ASP.NET
Resource Hash
8fe675198669d8ebf454ac805feeae6c074135e88959f4d7c5007c0914921749

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Type
text/javascript; charset=utf-8
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ARR/2.5, ASP.NET
P3P
policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND", policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Cache-Control
no-cache
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
207
Expires
-1
utag.js
tags.tiqcdn.com/utag/godaddy/godaddy/prod/ 		137 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Protocol
HTTP/1.1
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (oxr/8392) /
Resource Hash
dcda2928fdc84866efebcb92f33c39fa0c6a1d711c6761751459310420d9ef29

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 26 Jan 2018 19:33:40 GMT
Server
ECS (oxr/8392)
Etag
"3281777586"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/javascript
Cache-Control
max-age=300
Accept-Ranges
bytes
Content-Length
30256
Expires
Tue, 30 Jan 2018 00:47:30 GMT
pageevents.aspx
img.x.co/ 		0
0
utag.1355.js
tags.tiqcdn.com/utag/godaddy/godaddy/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.1355.js?utv=ut4.42.201710051852
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Protocol
HTTP/1.1
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41CE) /
Resource Hash
7d7e31cc2e38d6bae44d9e4ac2ae99b7310129365b1ce7a3d5f8b948f9b56b6c

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Jan 2018 18:34:23 GMT
Server
ECS (fcn/41CE)
Etag
"58878187+gzip"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/javascript
Cache-Control
max-age=1296000
Accept-Ranges
bytes
Content-Length
888
Expires
Wed, 14 Feb 2018 00:42:31 GMT
dc.js
stats.g.doubleclick.net/
Redirect Chain
  • http://stats.g.doubleclick.net/dc.js
  • https://stats.g.doubleclick.net/dc.js
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Protocol
SPDY
Server
173.194.76.155 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
ws-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
5df2e53f0fb2bcd2127d868006f864b192f2ad9758017a1bc3202bfcc97059f5
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Nov 2017 20:19:12 GMT
server
Golfe2
age
3308
date
Mon, 29 Jan 2018 23:47:23 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
17097
expires
Tue, 30 Jan 2018 01:47:23 GMT

Redirect headers

Location
https://stats.g.doubleclick.net/dc.js
Non-Authoritative-Reason
HSTS
liveengage.js
img1.wsimg.com/liveengage/v2/tag/1.11.0/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/liveengage/v2/tag/1.11.0/liveengage.js
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a38b5041fcd059061b52e53cee0df87162870842758cd9409efb52bc78f2628f

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Jan 2018 18:02:56 GMT
x-amz-request-id
tx00000000000000d580e0c-005a63e6a5-23b5e965-default
ETag
"5b4957f4ce186ef97969229371efa64d"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
7483
Expires
Wed, 30 Jan 2019 00:42:31 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
301 B 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=godaddy/godaddy/201801261933&cb=1517272951208
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Protocol
HTTP/1.1
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41A2) /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Last-Modified
Thu, 14 Apr 2016 16:59:33 GMT
Server
ECS (fcn/41A2)
Etag
"144534940"
X-Cache
HIT
Content-Type
text/javascript
Cache-Control
max-age=600
Accept-Ranges
bytes
Content-Length
2
Expires
Tue, 30 Jan 2018 00:52:31 GMT
tag.js
lptag.liveperson.net/tag/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=30187337
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/liveengage/v2/tag/1.11.0/liveengage.js
Protocol
SPDY
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
2bb96cd3b8c2c1dd9f879670c0612cc00ed49a09af73ff847232d8682588c877

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 30 Jan 2018 00:42:31 GMT
content-encoding
gzip
last-modified
Thu, 26 Oct 2017 11:19:28 GMT
server
ws
etag
"59f1c4c0-1991"
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
content-type
application/javascript
status
200
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
6545
inpage_linkid.js
www.google-analytics.com/plugins/ga/
Redirect Chain
  • http://www.google-analytics.com/plugins/ga/inpage_linkid.js
  • https://www.google-analytics.com/plugins/ga/inpage_linkid.js
1 KB
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ga/inpage_linkid.js
Protocol
SPDY
Server
172.217.22.46 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s16-in-f14.1e100.net
Software
sffe /
Resource Hash
989a73eb9e9faa5bcf87eb500ba218549b0b1ef37dc53d9ac948b33010bd78da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 30 Jan 2018 00:26:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 21 Apr 2016 03:17:22 GMT
server
sffe
age
985
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
701
x-xss-protection
1; mode=block
expires
Tue, 30 Jan 2018 01:26:06 GMT

Redirect headers

Location
https://www.google-analytics.com/plugins/ga/inpage_linkid.js
Non-Authoritative-Reason
HSTS
.jsonp
lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/ 		143 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/liveengage/v2/tag/1.11.0/liveengage.js
Protocol
SPDY
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
c3b04bf5c16c2ef038f82c831e5867ea4ef4b66200ad96ece30656851ae6ef7b

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 30 Jan 2018 00:42:31 GMT
content-encoding
gzip
server
ws
x-cache-status
HIT
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
content-type
application/x-javascript
status
200
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
zones
accdn.lpsnmedia.net/api/account/30187337/configuration/le-campaigns/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/30187337/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
178.249.101.99 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
22fc3a90f8238f0989079e1164d3b86622503aa3f389bfdc6ab114487f1f165e

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Content-Encoding
gzip
Server
ws
X-Cache-Status
HIT
Vary
Accept
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 30 Jan 2018 00:42:48 GMT
30187337
va.v.liveperson.net/api/js/ 		207 B
942 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/30187337?&cb=lpCb43527x31213&t=sp&ts=1517272951380&pid=4411470812&tid=3124241481&pt=URL%20Shortener&u=http%3A%2F%2Fx.co%2F6nMbc&sec=%5B%22env%3Aprod%22%2C%22path%3A%2F6nMbc%22%2C%226nMbc%22%2C%22market%3Aen-US%22%2C%22lang%3Aen%22%2C%22app%3Ashortener%22%2C%22plid%3A1%22%2C%22isgd%3Afalse%22%2C%22split%3AA%22%2C%22tms_split%3Achat-split-A%22%5D&df=0&os=1
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
dec589623b657ab147bfe2886ed20ae4125e45b25618e150fb3dbfe043b2b394

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Content-Encoding
gzip
Server
ws
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
30187337
va.v.liveperson.net/api/js/ 		110 B
685 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/30187337?sid=TX9Dgm_3R3SSlaRRXC8C9w&cb=lpCb42808x21879&t=pl&ts=1517272951381&pid=4411470812&tid=3124241481&vid=c4MzZhZjFjYTdlNDA0Njlj
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
1688f065bcfc97c807f7a2cc30664682a518f65df24c3c2c4f9424b7c266369a

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Content-Encoding
gzip
Server
ws
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
30187337
va.v.liveperson.net/api/js/ 		42 B
624 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/30187337?sid=TX9Dgm_3R3SSlaRRXC8C9w&cb=lpCb94793x50332&t=uc&ts=1517272951501&pid=4411470812&tid=3124241481&sdes=%5B%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22gdchat-fixed-bottom-left%22%7D%2C%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22gdchat-fixed-bottom-right%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%5D&vid=c4MzZhZjFjYTdlNDA0Njlj
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
29003ab13da984144be9c06bc3d38c33b210d1b721ed30c5b57024941907f4b2

Request headers

Referer
http://x.co/6nMbc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Tue, 30 Jan 2018 00:42:31 GMT
Content-Encoding
gzip
Server
ws
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
img.x.co
URL
http://img.x.co/pageevents.aspx?sitename=x.co&page=/6nMbc&eventtype=impression&e_id=uxp.eld.int.brandheader.shortener.impression.uxpHeaderServed&rand=2860216694

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ux function| require object| openit function| $ function| jQuery function| _ object| jQuery18308449737643141331 object| uxel object| _gaDataLayer undefined| jQuery18308449737643141331_1517272950167 object| utag_data object| _gaq object| google_tag_manager boolean| utag_condload object| utag object| utag_cfg_ovrd object| tagUtils function| setImmediate function| clearImmediate object| lpTag object| _trfq object| _gat object| e function| f function| _typeof object| lpMTagConfig

4 Cookies

Domain/Path Name / Value
.x.co/ Name: cookie-warning-accepted
Value: true
.x.co/ Name: market
Value: en-US
.x.co/ Name: utag_main
Value: v_id:01614483e71600206c32e9e1e87a00078001107000b08$_sn:1$_ss:1$_st:1517274750550$ses_id:1517272950550%3Bexp-session$_pn:1%3Bexp-session
.x.co/ Name: OPTOUTMULTI
Value: 0:0%7Cc2:0%7Cc9:0%7Cc11:0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
bit.ly
gui.godaddy.com
img.x.co
img1.wsimg.com
lptag.liveperson.net
shortener.godaddy.com
stats.g.doubleclick.net
tags.tiqcdn.com
va.v.liveperson.net
www.google-analytics.com
www.googletagmanager.com
x.co
img.x.co
104.108.65.19
104.111.232.126
172.217.21.232
172.217.22.46
173.194.76.155
178.249.101.23
178.249.101.99
184.168.131.241
208.89.12.87
45.40.140.1
67.199.248.11
68.232.35.180
1688f065bcfc97c807f7a2cc30664682a518f65df24c3c2c4f9424b7c266369a
22fc3a90f8238f0989079e1164d3b86622503aa3f389bfdc6ab114487f1f165e
29003ab13da984144be9c06bc3d38c33b210d1b721ed30c5b57024941907f4b2
2bb96cd3b8c2c1dd9f879670c0612cc00ed49a09af73ff847232d8682588c877
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
4e9eb39bd2d4a943ebc78767969a9b62c5490ae30dff9dc6d29c8f4cd3e4c112
58009b66f15c186fc13b80913800b3f645e29c2efab75d6bb58db59e6d1b59a9
5df2e53f0fb2bcd2127d868006f864b192f2ad9758017a1bc3202bfcc97059f5
64cbf7917561cfe91c75b5e1d0712c975fc938c04d3718fa257d234319e43638
7d7e31cc2e38d6bae44d9e4ac2ae99b7310129365b1ce7a3d5f8b948f9b56b6c
84f7c8260f73d2b4a2b833afc8bdb2e157608c1ebd52f240cd47f3a4bb6047ac
8fe675198669d8ebf454ac805feeae6c074135e88959f4d7c5007c0914921749
989a73eb9e9faa5bcf87eb500ba218549b0b1ef37dc53d9ac948b33010bd78da
999c2862299b2c34963296abd3b929837346093bb9f970948c106cc3dddaa722
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a38b5041fcd059061b52e53cee0df87162870842758cd9409efb52bc78f2628f
b107ed47d8dc52696807ebee2405972a04022114519dacc0fcac7936214ab3d0
bf61ed2a448815aae212e1f3b7e87b1ae3b6f30738156b808ddc502fbdd5e0e3
c3b04bf5c16c2ef038f82c831e5867ea4ef4b66200ad96ece30656851ae6ef7b
c8a18c582d47da500d209aec71b6e5719541fa1f80c5ac5e2efa1f5efbeb5d18
dcda2928fdc84866efebcb92f33c39fa0c6a1d711c6761751459310420d9ef29
dec589623b657ab147bfe2886ed20ae4125e45b25618e150fb3dbfe043b2b394