usshared08.twinservers.net
Open in
urlscan Pro
162.247.154.35
Malicious Activity!
Public Scan
Effective URL: https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI
Submission: On March 29 via api from CZ — Scanned from CA
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 5th 2022. Valid for: 3 months.
This is the only time usshared08.twinservers.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 132.219.135.140 132.219.135.140 | 376 (RISQ-AS) (RISQ-AS) | |
3 | 162.247.154.35 162.247.154.35 | 30235 (TWINSERVERS) (TWINSERVERS) | |
3 | 1 |
ASN376 (RISQ-AS, CA)
PTR: www.motivationeps.ca
monurl.ca |
ASN30235 (TWINSERVERS, US)
PTR: usshared08.twinservers.net
usshared08.twinservers.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
twinservers.net
usshared08.twinservers.net |
2 KB |
1 |
monurl.ca
1 redirects
monurl.ca |
360 B |
3 | 2 |
Domain | Requested by | |
---|---|---|
3 | usshared08.twinservers.net |
usshared08.twinservers.net
|
1 | monurl.ca | 1 redirects |
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
usshared08.twinservers.net cPanel, Inc. Certification Authority |
2022-02-05 - 2022-05-06 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI
Frame ID: 4828F1BAF0DBC7B22E486837893844CA
Requests: 1 HTTP requests in this frame
Frame:
https://usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/?i=&i=P2BYY
Frame ID: 20D9002CBD90B34EBF92A790846A7B47
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://monurl.ca/hotographie
HTTP 301
https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://monurl.ca/hotographie
HTTP 301
https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
usshared08.twinservers.net/~razommed/ Redirect Chain
|
561 B 547 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/ Frame 20D9 |
2 KB 654 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylesheet.css
usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/ Frame 20D9 |
1 KB 519 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone object| oncontextlost object| oncontextrestored0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
monurl.ca
usshared08.twinservers.net
132.219.135.140
162.247.154.35
03184ae442bef9645598edee172ada62e6baf053009adcc732527f611f0a19bf
25c36c31e1e73199c65a27da0e9c22f2b199269184d79654b082b605cc0f9e04
549feae64965edf6cd1bedf9b849f2e5f0b8220cf91edce44d1fe02aa412141d