MalwareTips
Security Review

Is a.co legit or a scam?

Our verdict:Safe· 96/100

Amazon's legitimate URL shortener domain, registered since 2010 and actively promoted in the official mobile app.

Why we trust it
Registered by Amazon.com, Inc. in 2010 — 15-year-old corporate domain.Zero detections across 92 antivirus engines; clean browser blocklists.Hosting IP has zero abuse reports and a clean reputation score.
a.coScanned 14h ago
Post Facebook
0
Trust score
SAFE
Heuristics 99·MT 95
Warning signals (1)
Redirects to another domain
View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
Registration date unknown
MT Intelligence
Safe
Low likelihood · 98% confidence
SAFE

No threats detected

All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.

Website Preview

Screenshot of a.co
LIVE RENDER
a.co

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Low scam likelihoodengineMT · Guardiantrust95/100
MT AgentLive web researchVisual inspection
0%
Confidence
a.co is owned and operated by Amazon.com, Inc., registered on 2010-04-26 with active status through 2027. Our antivirus network reports zero detections across 92 engines, and the hosting IP carries no abuse reports. The domain is locked with multiple WHOIS protections typical of high-value corporate assets. Web research confirms a.co is Amazon's branded shortener used alongside amzn.to for product links and mobile app shares. Scammers sometimes impersonate Amazon using lookalike domains or other shorteners like cutt.ly, but a.co itself is legitimate. The blank page appearance is expected for a redirect service — users don't visit a.co directly; they follow shortened links that redirect to Amazon product pages.
Full dossier
Analysis complete

Page Content

The page displays as blank with minimal text, which is normal for a URL shortening service. Users do not visit a.co directly; instead, they follow shortened links (e.g., a.co/XXXXX) that redirect to Amazon product pages or other destinations. The domain is not designed to display content to direct visitors.

Infrastructure

Hosted on IP 98.87.170.8 with zero abuse reports and a clean reputation score. SSL certificate is valid (Amazon RSA 2048 M01) with 61 days remaining. The domain ranks in the global top-100k by traffic, consistent with a major corporate service. External resources loaded from m.media-amazon.com confirm Amazon infrastructure.

Domain History

Registered 2010-04-26 by Amazon.com, Inc. via MarkMonitor registrar. Expires 2027-04-25. Multiple WHOIS lock statuses (serverUpdateProhibited, clientTransferProhibited) protect the domain from unauthorized transfers — standard practice for high-value corporate domains. UltraDNS nameservers provide enterprise-grade DNS management.

Web Reputation

Web research confirms a.co is Amazon's official URL shortener, actively promoted in the Amazon mobile app (~1 month ago according to Reddit discussions). No scam reports or complaints are registered against a.co itself. Scammers sometimes use lookalike domains or alternative shorteners (e.g., cutt.ly) to impersonate Amazon, but a.co links from Amazon are legitimate.

Positive Signals
5
  • Registered by Amazon.com, Inc. in 2010 — 15-year-old corporate domain.
  • Zero detections across 92 antivirus engines; clean browser blocklists.
  • Hosting IP has zero abuse reports and a clean reputation score.
  • WHOIS locked with multiple protections typical of major corporate assets.
  • Confirmed as Amazon's official URL shortener in independent sources and Reddit discussions.
AI Recommendation
a.co is safe to use. If you receive a text or email claiming to be from Amazon with a link to a.co, verify the sender is Amazon before clicking. Scammers often use lookalike domains or other shorteners to impersonate Amazon — when in doubt, go directly to amazon.com instead of clicking a link.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for a.co, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
Active · United States
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 3 positive
Key findings
7 headline facts from open-web research
  • a.co is Amazon's official URL shortening domain used for product links and mobile app shares (e.g. a.co/ followed by code redirects to amazon.com products).
  • Domain registered on 2010-04-26, expires 2027-04-25, registrar MarkMonitor Inc., name servers all UltraDNS.
  • WHOIS shows multiple server- and client-side lock statuses (serverUpdateProhibited, clientTransferProhibited, etc.).
  • Scammers frequently impersonate Amazon using similar-looking or other shorteners (e.g. cutt.ly), but a.co links themselves are legitimate when from Amazon.
  • Reddit discussions note a.co links sometimes trigger spam filters due to .co TLD but confirm they are promoted by Amazon's official app.
  • No direct scam reports or complaints registered against a.co itself; references distinguish it from phishing attempts.
  • Owned and operated by Amazon.com, Inc. as a branded shortener alongside amzn.to.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • WBAY.comopen

    "Amazon’s short links use “amzn.to” or “a.co.” The scam text uses a short link, “cutt.ly,” from the public URL shortening service Cuttly."

  • Incogni Blogopen

    "But Amazon really does own the a.co domain, and links that go to this domain are in fact official."

Positive reviews (3)
Quotes indicating the site is legitimate.
  • Reddit r/ModSupportopen

    "Amazon has made a recent change (~1mo) in their mobile app that promotes the a.co short links more than previously."

  • Giftster Helpopen

    "Amazon mobile app uses a.co short links"

  • Daniel Green's Homepageopen

    "Amazon's URL Shortener Domains: a.co"

Business registration
Status: active · United States

Registered to Amazon (via MarkMonitor registrar); created 2010-04-26, expires 2027-04-25; locked status flags

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Web research confirms a.co is Amazon's official URL shortening domain, registered since 2010 and actively promoted in Amazon's mobile app. Reddit discussions note that a.co links sometimes trigger spam filters due to the .co TLD, but confirm they are legitimate and promoted by Amazon's official app. No scam reports or complaints are registered against a.co itself; web sources distinguish it from phishing attempts that use lookalike domains or alternative shorteners like cutt.ly. Business registration data shows the domain is owned and operated by Amazon.com, Inc., with WHOIS locked status and UltraDNS nameservers.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious61Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerAmazon · Amazon RSA 2048 M01
ExpiresAug 18, 2026 (61d)
Self-signedNo
Hosting & Technology
HostingAmazon Data Services Northern Virginia
Server locationUS
Web serverAkamaiGHost
PopularityTop 100k worldwide

Redirect Chain

Hops
3
Cross-domain
Yes
Lookalike
No
Punycode
No
  • 1301http://a.co/
  • 2302https://a.co/
  • 3301http://www.amazon.com/cross-domain
  • 4202https://www.amazon.com/cross-domain

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPAmazon Data Services Northern Virginia
Usage typeData Center/Web Hosting/Transit

Still, stay alert

No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.

  • Double-check the exact URL in your address bar

    Confirm you are actually on a.co and not a lookalike like a-.co.com or an IDN homoglyph.

  • Use a password manager

    Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.

  • Discuss this site on the forum

    If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

m.media-amazon.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review found no threat indicators on a.co. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
  • a.co passed our automated security checks with a trust score of 96/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
  • Yes. a.co presents a valid TLSv1.3 certificate issued by Amazon · Amazon RSA 2048 M01, expiring in 61 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • No. All 92 antivirus engines in our malware network report a.co as clean.
  • No. a.co is not currently listed on the major browser blocklist feeds that modern browsers use.
  • a.co resolves to an IP operated by Amazon Data Services Northern Virginia in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Yes. a.co sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.
  • This is a permanent record of the scan run on June 17, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around a.co have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·a.co
SAFE

a.co is Amazon's official URL shortening domain, registered in 2010 and actively used by Amazon's mobile app to create short product links.

a.co is safe to use. If you receive a text or email claiming to be from Amazon with a link to a.co, verify the sender is Amazon before clicking. Scammers often use lookalike domains or other shorteners to impersonate Amazon — when in doubt, go directly to amazon.com instead of clicking a link.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Safe reports

Browse all reports
Safetrust85
rovde-fjordferien.de
21m ago
Read the review
Safetrust92
jaggaer.com
21m ago
Read the review
Safetrust85
galaktika21.ru
1h ago
Read the review
Safetrust85
biurorachunkoweiwa.pl
1h ago
Read the review
Safetrust93
0-10-7-app.agent.datadoghq.com
1h ago
Read the review
Safetrust93
gmail.com
1h ago
Read the review
Safetrust93
turismo.benicassim.es
2h ago
Read the review
Safetrust84
fejlesztesihitelkozpont.hu
2h ago
Read the review
Safetrust84
trinityscs.ie
2h ago
Read the review
Safetrust93
mtto.gov.ba
2h ago
Read the review
Safetrust86
pentagon.ae
2h ago
Read the review
Safetrust86
mitohealthcareclinic.co.uk
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.