t.co Open in urlscan Pro
104.244.42.133 Public Scan

URL:
https://t.co/JR3qBR2def
Submission: On August 28 via manual (August 28th 2017, 11:55:03 am UTC) from IL

Summary HTTP 74 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 74 HTTP transactions. The main IP is 104.244.42.133, located in San Francisco, United States and belongs to TWITTER - Twitter Inc., US. The main domain is t.co.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on July 25th 2017. Valid for: a year.

This is the only time t.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER - Twitter Inc.)
54	199.168.117.22 199.168.117.22	32181 (ASN-GIGENET) (ASN-GIGENET - GigeNET)
1	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
3	2400:cb00:204... 2400:cb00:2048:1::6813:c066	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
5	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
6	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:4009:815::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
74	9

1 104.244.42.133 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 199.168.117.22 (Arlington Heights, United States)

ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: 22.117.168.199.hosted.by.thegcloud.com

www.helpnetsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2400:cb00:2048:1::6813:c066 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81e::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:824::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4009:815::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	helpnetsecurity.com www.helpnetsecurity.com Failed	848 KB
7	gstatic.com fonts.gstatic.com csi.gstatic.com	168 KB
6	googleapis.com fonts.googleapis.com maps.googleapis.com	113 KB
3	cloudflare.com cdnjs.cloudflare.com	7 KB
2	google-analytics.com www.google-analytics.com	13 KB
1	t.co t.co	200 B
74	6

	Domain	Requested by
54	www.helpnetsecurity.com	www.helpnetsecurity.com
6	fonts.gstatic.com	www.helpnetsecurity.com
5	maps.googleapis.com	www.helpnetsecurity.com maps.googleapis.com
3	cdnjs.cloudflare.com	www.helpnetsecurity.com
2	www.google-analytics.com	www.helpnetsecurity.com
1	csi.gstatic.com	www.helpnetsecurity.com
1	fonts.googleapis.com	www.helpnetsecurity.com
1	t.co
74	8

This site contains links to these domains. Also see Links.

Domain
www.netwrix.com
www.facebook.com
twitter.com
plus.google.com
www.linkedin.com
www.proofpoint.com
xvision.org

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 Extended Validation Server CA	`2017-07-25` - `2018-11-05`	a year	crt.sh
www.helpnetsecurity.com DigiCert SHA2 Secure Server CA	`2015-12-28` - `2019-03-06`	3 years	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-05-27` - `2017-12-03`	6 months	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh
*.google.com Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh

This page contains 2 frames:

Frame: https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/
Frame ID: 28450.1
Requests: 2 HTTP requests in this frame

Frame: https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/
Frame ID: 28477.1
Requests: 73 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

74
Requests

99 %
HTTPS

75 %
IPv6

6
Domains

8
Subdomains

9
IPs

2
Countries

1151 kB
Transfer

1800 kB
Size

5
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.netwrix.com/defending_against_crypto-ransomware.html?cID=70170000001IAD8

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?s=100&p[title]=New,%20custom%20ransomware%20delivered%20to%20orgs%20via%20extremely%20targeted%20emails%20-%20Help%20Net%20Security&p[summary]=Ransomware%20campaigns%20are%20usually%20wide-flung%20affairs,%20but%20more%20targeted%20attacks%20are%20also%20becoming%20a%20trend,%20researchers%20have%20warned.&p[url]=https%3A%2F%2Fwww.helpnetsecurity.com%2F2017%2F08%2F28%2Fcustom-ransomware-delivered%2F&p[images][0]=https://www.helpnetsecurity.com/wp-content/uploads/2016/03/target.jpg

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=New%2C%20custom%20ransomware%20delivered%20to%20orgs%20via%20extremely%20targeted%20emails%20-%20Help%20Net%20Security+https%3A%2F%2Fwww.helpnetsecurity.com%2F2017%2F08%2F28%2Fcustom-ransomware-delivered%2F

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2017%2F08%2F28%2Fcustom-ransomware-delivered%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/zeljkazorz

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/&title=New,%20custom%20ransomware%20delivered%20to%20orgs%20via%20extremely%20targeted%20emails

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?status=New,%20custom%20ransomware%20delivered%20to%20orgs%20via%20extremely%20targeted%20emails+https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/&title=New,%20custom%20ransomware%20delivered%20to%20orgs%20via%20extremely%20targeted%20emails&source=https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/defray-new-ransomware-targeting-education-and-healthcare-verticals
Title: pointed out

Search URL Search Domain Scan URL

URL: https://www.facebook.com/nhslanarkshire/posts/10155087435128897
Title: publicly known

Search URL Search Domain Scan URL

URL: http://xvision.org/
Title: Design by FatDUX

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 0

http://bit.ly/2whwviN
https://www.helpnetsecurity.com/2017/08/28/custom-ransomware-delivered/

74 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
S 200 Primary Request JR3qBR2def Show response
t.co/ 257 B
200 B 123ms
123ms Document
text/html 104.244.42.133
Twitter Inc.

General

Domain/Path	Expires	Name / Value
.helpnetsecurity.com/	2017-08-28 11:55:51	Name: _gat Value: 1
.helpnetsecurity.com/	2019-08-28 11:54:51	Name: _ga Value: GA1.2.28563206.1503921291
.helpnetsecurity.com/	2017-08-29 11:54:51	Name: _gid Value: GA1.2.1509944327.1503921291
www.helpnetsecurity.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: 64la4ibg9aidtkmds0m7slv055
www.helpnetsecurity.com/	2017-08-28 12:24:50	Name: wfvt_34328101 Value: 59a46543bfafc

Source	Level	URL Text
console-api	log	URL: https://www.helpnetsecurity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	warning	URL: https://maps.googleapis.com/maps-api-v3/api/js/30/2/util.js(Line 222) Message: Google Maps API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	1; mode=block

t.co Open in urlscan Pro 104.244.42.133 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

74 Requests

99 %HTTPS

75 %IPv6

6 Domains

8 Subdomains

9 IPs

2 Countries

1151 kBTransfer

1800 kBSize

5 Cookies

11 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

t.co Open in urlscan Pro
104.244.42.133 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

99 %
HTTPS

75 %
IPv6

6
Domains

8
Subdomains

9
IPs

2
Countries

1151 kB
Transfer

1800 kB
Size

5
Cookies

74 HTTP transactions
1 data transactions