urlscan.io logo urlscan.io
SecurityTrails logo

x.co Open in urlscan Pro
184.168.131.241  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://x.co/6nHLb
Submission: On February 02 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 9 domains to perform 23 HTTP transactions. The main IP is 184.168.131.241, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is x.co.
This is the only time x.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 184.168.131.241 26496 (AS-26496-...)
7 104.111.232.126 16625 (AKAMAI-AS)
1 45.40.140.1 26496 (AS-26496-...)
1 216.58.207.40 15169 (GOOGLE)
1 104.108.65.19 16625 (AKAMAI-AS)
3 2.18.234.23 16625 (AKAMAI-AS)
1 74.125.206.156 15169 (GOOGLE)
2 178.249.101.23 11054 (LIVEPERSON)
1 172.217.23.174 15169 (GOOGLE)
1 178.249.101.99 11054 (LIVEPERSON)
3 208.89.12.87 11054 (LIVEPERSON)
23 12
1    184.168.131.241 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-184-168-131-241.ip.secureserver.net
x.co
7    104.111.232.126 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-232-126.deploy.static.akamaitechnologies.com
img1.wsimg.com
1    45.40.140.1 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-140-1.ip.secureserver.net
shortener.godaddy.com
1    216.58.207.40 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s24-in-f8.1e100.net
www.googletagmanager.com
1    104.108.65.19 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-65-19.deploy.static.akamaitechnologies.com
gui.godaddy.com
3    2.18.234.23 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
tags.tiqcdn.com
1    74.125.206.156 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: wk-in-f156.1e100.net
stats.g.doubleclick.net
2    178.249.101.23 (Netherlands)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
lptag.liveperson.net
1    172.217.23.174 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f174.1e100.net
www.google-analytics.com
1    178.249.101.99 (Netherlands)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
accdn.lpsnmedia.net
3    208.89.12.87 (New York, United States)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
PTR: va.v.liveperson.net
va.v.liveperson.net
Domain Requested by
7 img1.wsimg.com x.co
tags.tiqcdn.com
3 va.v.liveperson.net lptag.liveperson.net
3 tags.tiqcdn.com img1.wsimg.com
tags.tiqcdn.com
2 lptag.liveperson.net img1.wsimg.com
1 accdn.lpsnmedia.net lptag.liveperson.net
1 www.google-analytics.com
1 stats.g.doubleclick.net
1 gui.godaddy.com img1.wsimg.com
1 www.googletagmanager.com img1.wsimg.com
1 shortener.godaddy.com x.co
1 x.co
0 img.x.co Failed x.co
23 12

This site contains links to these domains. Also see Links.

Domain
www.godaddy.com
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://x.co/6nHLb
Frame ID: (7263A07A403D1B72D91A326D6297425)
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /^https?:\/\/lptag\.liveperson\.net\/tag\/tag\.js/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • script /^\/\/tags\.tiqcdn\.com\//i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

23
Requests

0 %
HTTPS

0 %
IPv6

9
Domains

12
Subdomains

12
IPs

3
Countries

466 kB
Transfer

1207 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • http://stats.g.doubleclick.net/dc.js HTTP 307
  • https://stats.g.doubleclick.net/dc.js
Request Chain 16
  • http://www.google-analytics.com/plugins/ga/inpage_linkid.js HTTP 307
  • https://www.google-analytics.com/plugins/ga/inpage_linkid.js

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 6nHLb
x.co/ 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://x.co/6nHLb
Protocol
HTTP/1.1
Server
184.168.131.241 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-184-168-131-241.ip.secureserver.net
Software
Apache/2.2.15 (CentOS) /
Resource Hash
52dcc151ca9333f5bea4d4b4137c5102dfda7bebd3cceddda2a0f52455bc59b3
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
x.co
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Server
Apache/2.2.15 (CentOS)
Connection
close
X-Frame-Options
DENY
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
uxcore.min.css
img1.wsimg.com/ux/1.3.50-brand/css/ 		145 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/1.3.50-brand/css/uxcore.min.css
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b107ed47d8dc52696807ebee2405972a04022114519dacc0fcac7936214ab3d0

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Nov 2017 21:40:22 GMT
ETag
"7a43c358a359d31:0"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
25190
Expires
Sat, 02 Feb 2019 14:14:24 GMT
brandheader-brand2.min.css
img1.wsimg.com/ux/eldorado/1.5.108/css/ 		32 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/eldorado/1.5.108/css/brandheader-brand2.min.css
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
84f7c8260f73d2b4a2b833afc8bdb2e157608c1ebd52f240cd47f3a4bb6047ac

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 01 Feb 2018 21:45:01 GMT
ETag
"b0e851e9a59bd31:0"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
8025
Expires
Sat, 02 Feb 2019 14:14:24 GMT
uxcore.en.min.js
img1.wsimg.com/ux/1.3.50-brand/js/ 		448 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4e9eb39bd2d4a943ebc78767969a9b62c5490ae30dff9dc6d29c8f4cd3e4c112

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Nov 2017 21:42:31 GMT
ETag
"374694a5a359d31:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
141232
Expires
Sat, 02 Feb 2019 14:14:24 GMT
brandheader.min.js
img1.wsimg.com/ux/eldorado/1.5.108/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/ux/eldorado/1.5.108/js/brandheader.min.js
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f176ca90ddc605d532cd39cc755e5bceb8a8a6e3daa956a20ce223ebbf522579

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 01 Feb 2018 21:45:41 GMT
ETag
"11e9a1a69bd31:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
3875
Expires
Sat, 02 Feb 2019 14:14:24 GMT
gd-header-logo.png
img1.wsimg.com/ux/eldorado/1.5.108/images/brand2.0/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img1.wsimg.com/ux/eldorado/1.5.108/images/brand2.0/gd-header-logo.png
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bf61ed2a448815aae212e1f3b7e87b1ae3b6f30738156b808ddc502fbdd5e0e3

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Last-Modified
Thu, 01 Feb 2018 21:45:36 GMT
ETag
"49d333fea59bd31:0"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1767
Expires
Sat, 02 Feb 2019 14:14:24 GMT
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/1.4/woff2/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/ux/fonts/1.4/woff2/Boing-Bold.woff2
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
SPDY
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://img1.wsimg.com/ux/1.3.50-brand/css/uxcore.min.css
Origin
http://x.co

Response headers

date
Fri, 02 Feb 2018 14:14:24 GMT
last-modified
Wed, 04 May 2016 22:29:16 GMT
etag
"59c6cd6454a6d11:0"
status
200
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
28220
expires
Sat, 02 Feb 2019 14:14:24 GMT
shortener_bg.jpg
shortener.godaddy.com/static/img/ 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shortener.godaddy.com/static/img/shortener_bg.jpg
Requested by
Host: x.co
URL: http://x.co/6nHLb
Protocol
SPDY
Server
45.40.140.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-45-40-140-1.ip.secureserver.net
Software
nginx/1.10.2 /
Resource Hash
c8a18c582d47da500d209aec71b6e5719541fa1f80c5ac5e2efa1f5efbeb5d18

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Fri, 02 Feb 2018 14:14:25 GMT
last-modified
Fri, 15 Dec 2017 19:06:43 GMT
server
nginx/1.10.2
etag
"5a341d43-1c323"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
115491
gtm.js
www.googletagmanager.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.googletagmanager.com/gtm.js?id=GTM-SXRF&l=_gaDataLayer
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Protocol
HTTP/1.1
Server
216.58.207.40 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s24-in-f8.1e100.net
Software
Google Tag Manager (scaffolding) /
Resource Hash
6d450f928034c8d602e3b6cc03ac1ceac60ae571b55e83014cf653bd6067ccb4
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Content-Encoding
gzip
Server
Google Tag Manager (scaffolding)
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
http://www.googletagmanager.com
Cache-Control
private, max-age=900
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Cache-Control
Content-Length
17196
X-XSS-Protection
1; mode=block
Expires
Fri, 02 Feb 2018 14:14:24 GMT
/
gui.godaddy.com/pcjson/applicationheader/ 		207 B
848 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gui.godaddy.com/pcjson/applicationheader/?callback=jQuery18307578817788124612_1517580864835&_=1517580864870
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Protocol
HTTP/1.1
Server
104.108.65.19 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-65-19.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/8.5 / ARR/2.5, ASP.NET
Resource Hash
daa3a25f9f012f4050a1d97208c114ce2be60678f87d768978b963e0e23ff4b2

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Feb 2018 14:14:25 GMT
Content-Type
text/javascript; charset=utf-8
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ARR/2.5, ASP.NET
P3P
policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND", policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Cache-Control
no-cache
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
207
Expires
-1
utag.js
tags.tiqcdn.com/utag/godaddy/godaddy/prod/ 		137 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/ux/1.3.50-brand/js/uxcore.en.min.js
Protocol
HTTP/1.1
Server
2.18.234.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
4f66eb5a967a3d1445fe2c031b482744c5d8f189836118763fd5030f97bf9e53

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 01 Feb 2018 19:47:33 GMT
Server
Apache
ETag
"bc567a3ecf35da581ce8551a104d0bb1:1517514453"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
30073
Expires
Fri, 02 Feb 2018 14:19:24 GMT
pageevents.aspx
img.x.co/ 		0
0
utag.1355.js
tags.tiqcdn.com/utag/godaddy/godaddy/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.1355.js?utv=ut4.42.201710051852
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Protocol
HTTP/1.1
Server
2.18.234.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
7d7e31cc2e38d6bae44d9e4ac2ae99b7310129365b1ce7a3d5f8b948f9b56b6c

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Jan 2018 18:34:25 GMT
Server
Apache
ETag
"3cf5ff2f474069a3a4ee5621d8781b1d:1516214065"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=1296000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
888
Expires
Sat, 17 Feb 2018 14:14:25 GMT
dc.js
stats.g.doubleclick.net/
Redirect Chain
  • http://stats.g.doubleclick.net/dc.js
  • https://stats.g.doubleclick.net/dc.js
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Protocol
SPDY
Server
74.125.206.156 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
wk-in-f156.1e100.net
Software
Golfe2 /
Resource Hash
5df2e53f0fb2bcd2127d868006f864b192f2ad9758017a1bc3202bfcc97059f5
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Nov 2017 20:19:12 GMT
server
Golfe2
age
1517
date
Fri, 02 Feb 2018 13:49:08 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
17097
expires
Fri, 02 Feb 2018 15:49:08 GMT

Redirect headers

Location
https://stats.g.doubleclick.net/dc.js
Non-Authoritative-Reason
HSTS
liveengage.js
img1.wsimg.com/liveengage/v2/tag/1.11.0/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://img1.wsimg.com/liveengage/v2/tag/1.11.0/liveengage.js
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Protocol
HTTP/1.1
Server
104.111.232.126 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-232-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a38b5041fcd059061b52e53cee0df87162870842758cd9409efb52bc78f2628f

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:25 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Jan 2018 18:02:56 GMT
x-amz-request-id
tx00000000000000d580e0c-005a63e6a5-23b5e965-default
ETag
"5b4957f4ce186ef97969229371efa64d"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
7483
Expires
Sat, 02 Feb 2019 14:14:25 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
346 B 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=godaddy/godaddy/201802011946&cb=1517580865648
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/godaddy/godaddy/prod/utag.js
Protocol
HTTP/1.1
Server
2.18.234.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:25 GMT
Last-Modified
Thu, 14 Apr 2016 16:57:51 GMT
Server
Apache
ETag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
Content-Type
application/x-javascript
Cache-Control
max-age=600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2
Expires
Fri, 02 Feb 2018 14:24:25 GMT
tag.js
lptag.liveperson.net/tag/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=30187337
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/liveengage/v2/tag/1.11.0/liveengage.js
Protocol
SPDY
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
2bb96cd3b8c2c1dd9f879670c0612cc00ed49a09af73ff847232d8682588c877

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Fri, 02 Feb 2018 14:14:25 GMT
content-encoding
gzip
last-modified
Thu, 26 Oct 2017 11:19:28 GMT
server
ws
etag
"59f1c4c0-1991"
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
content-type
application/javascript
status
200
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
6545
inpage_linkid.js
www.google-analytics.com/plugins/ga/
Redirect Chain
  • http://www.google-analytics.com/plugins/ga/inpage_linkid.js
  • https://www.google-analytics.com/plugins/ga/inpage_linkid.js
1 KB
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ga/inpage_linkid.js
Protocol
SPDY
Server
172.217.23.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s22-in-f174.1e100.net
Software
sffe /
Resource Hash
989a73eb9e9faa5bcf87eb500ba218549b0b1ef37dc53d9ac948b33010bd78da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Fri, 02 Feb 2018 13:59:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 21 Apr 2016 03:17:22 GMT
server
sffe
age
890
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
701
x-xss-protection
1; mode=block
expires
Fri, 02 Feb 2018 14:59:35 GMT

Redirect headers

Location
https://www.google-analytics.com/plugins/ga/inpage_linkid.js
Non-Authoritative-Reason
HSTS
.jsonp
lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/ 		143 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by
Host: img1.wsimg.com
URL: http://img1.wsimg.com/liveengage/v2/tag/1.11.0/liveengage.js
Protocol
SPDY
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
5589becf6e8962d281da1fe13a44cbc1bfc8ce1a974bf00a8f8d8c4262044bf1

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Fri, 02 Feb 2018 14:14:25 GMT
content-encoding
gzip
server
ws
x-cache-status
HIT
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
content-type
application/x-javascript
status
200
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
zones
accdn.lpsnmedia.net/api/account/30187337/configuration/le-campaigns/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/30187337/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
178.249.101.99 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
22fc3a90f8238f0989079e1164d3b86622503aa3f389bfdc6ab114487f1f165e

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:25 GMT
Content-Encoding
gzip
Server
ws
X-Cache-Status
HIT
Vary
Accept
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Fri, 02 Feb 2018 14:14:38 GMT
30187337
va.v.liveperson.net/api/js/ 		207 B
942 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/30187337?&cb=lpCb13877x12963&t=sp&ts=1517580865799&pid=9994738678&tid=5423245533&pt=URL%20Shortener&u=http%3A%2F%2Fx.co%2F6nHLb&sec=%5B%22env%3Aprod%22%2C%22path%3A%2F6nHLb%22%2C%226nHLb%22%2C%22market%3Aen-US%22%2C%22lang%3Aen%22%2C%22app%3Ashortener%22%2C%22plid%3A1%22%2C%22isgd%3Afalse%22%2C%22split%3AA%22%2C%22tms_split%3Achat-split-A%22%5D&df=0&os=1
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
ea0a7b65342999351756a6fc3ece0c5ae320ae93cefbe744fad7a6de7c0a2927

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:26 GMT
Content-Encoding
gzip
Server
ws
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
30187337
va.v.liveperson.net/api/js/ 		110 B
685 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/30187337?sid=N6jSGU62TCOG8KaMWuT4VQ&cb=lpCb96699x49764&t=pl&ts=1517580865802&pid=9994738678&tid=5423245533&vid=c5ZDkzMWJjMGQzNzQ5MjNk
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
6d8a7be0da9a966d621a347e582a065a34602929d9373b4a97cbe329809bea9f

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:26 GMT
Content-Encoding
gzip
Server
ws
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
30187337
va.v.liveperson.net/api/js/ 		42 B
624 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/30187337?sid=N6jSGU62TCOG8KaMWuT4VQ&cb=lpCb77996x90722&t=uc&ts=1517580865922&pid=9994738678&tid=5423245533&sdes=%5B%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22gdchat-fixed-bottom-left%22%7D%2C%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22gdchat-fixed-bottom-right%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%2C%7B%22type%22%3A%22pagediv%22%7D%5D&vid=c5ZDkzMWJjMGQzNzQ5MjNk
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/30187337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
HTTP/1.1
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
2a9f69c98d15636fc52b65e8bb7be717fb4bff1e7a39af06db27a1a557cbfa60

Request headers

Referer
http://x.co/6nHLb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 02 Feb 2018 14:14:26 GMT
Content-Encoding
gzip
Server
ws
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
img.x.co
URL
http://img.x.co/pageevents.aspx?sitename=x.co&page=/6nHLb&eventtype=impression&e_id=uxp.eld.int.brandheader.shortener.impression.uxpHeaderServed&rand=2685092445

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ux function| require object| openit function| $ function| jQuery function| _ object| jQuery18307578817788124612 object| uxel object| _gaDataLayer undefined| jQuery18307578817788124612_1517580864835 object| utag_data object| _gaq object| google_tag_manager boolean| utag_condload object| utag object| utag_cfg_ovrd object| tagUtils function| setImmediate function| clearImmediate object| lpTag object| _trfq object| _gat object| e function| f function| _typeof object| lpMTagConfig

4 Cookies

Domain/Path Name / Value
.x.co/ Name: cookie-warning-accepted
Value: true
.x.co/ Name: market
Value: en-US
.x.co/ Name: utag_main
Value: v_id:016156de4d8800203daada3b77d400078001107000b08$_sn:1$_ss:1$_st:1517582664905$ses_id:1517580864905%3Bexp-session$_pn:1%3Bexp-session
.x.co/ Name: OPTOUTMULTI
Value: 0:0%7Cc2:0%7Cc9:0%7Cc11:0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
gui.godaddy.com
img.x.co
img1.wsimg.com
lptag.liveperson.net
shortener.godaddy.com
stats.g.doubleclick.net
tags.tiqcdn.com
va.v.liveperson.net
www.google-analytics.com
www.googletagmanager.com
x.co
img.x.co
104.108.65.19
104.111.232.126
172.217.23.174
178.249.101.23
178.249.101.99
184.168.131.241
2.18.234.23
208.89.12.87
216.58.207.40
45.40.140.1
74.125.206.156
22fc3a90f8238f0989079e1164d3b86622503aa3f389bfdc6ab114487f1f165e
2a9f69c98d15636fc52b65e8bb7be717fb4bff1e7a39af06db27a1a557cbfa60
2bb96cd3b8c2c1dd9f879670c0612cc00ed49a09af73ff847232d8682588c877
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
4e9eb39bd2d4a943ebc78767969a9b62c5490ae30dff9dc6d29c8f4cd3e4c112
4f66eb5a967a3d1445fe2c031b482744c5d8f189836118763fd5030f97bf9e53
52dcc151ca9333f5bea4d4b4137c5102dfda7bebd3cceddda2a0f52455bc59b3
5589becf6e8962d281da1fe13a44cbc1bfc8ce1a974bf00a8f8d8c4262044bf1
5df2e53f0fb2bcd2127d868006f864b192f2ad9758017a1bc3202bfcc97059f5
6d450f928034c8d602e3b6cc03ac1ceac60ae571b55e83014cf653bd6067ccb4
6d8a7be0da9a966d621a347e582a065a34602929d9373b4a97cbe329809bea9f
7d7e31cc2e38d6bae44d9e4ac2ae99b7310129365b1ce7a3d5f8b948f9b56b6c
84f7c8260f73d2b4a2b833afc8bdb2e157608c1ebd52f240cd47f3a4bb6047ac
989a73eb9e9faa5bcf87eb500ba218549b0b1ef37dc53d9ac948b33010bd78da
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a38b5041fcd059061b52e53cee0df87162870842758cd9409efb52bc78f2628f
b107ed47d8dc52696807ebee2405972a04022114519dacc0fcac7936214ab3d0
bf61ed2a448815aae212e1f3b7e87b1ae3b6f30738156b808ddc502fbdd5e0e3
c8a18c582d47da500d209aec71b6e5719541fa1f80c5ac5e2efa1f5efbeb5d18
daa3a25f9f012f4050a1d97208c114ce2be60678f87d768978b963e0e23ff4b2
ea0a7b65342999351756a6fc3ece0c5ae320ae93cefbe744fad7a6de7c0a2927
f176ca90ddc605d532cd39cc755e5bceb8a8a6e3daa956a20ce223ebbf522579