usshared08.twinservers.net Open in urlscan Pro
162.247.154.35 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://monurl.ca/hotographie
Effective URL:
https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI
Submission: On March 29 via api (March 29th 2022, 8:25:47 pm UTC) from CZ — Scanned from CA

Summary HTTP 3 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 162.247.154.35, located in United States and belongs to TWINSERVERS, US. The main domain is usshared08.twinservers.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 5th 2022. Valid for: 3 months.

This is the only time usshared08.twinservers.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	132.219.135.140 132.219.135.140	376 (RISQ-AS) (RISQ-AS)
3	162.247.154.35 162.247.154.35	30235 (TWINSERVERS) (TWINSERVERS)
3	1

1 132.219.135.140 (Saint-Hyacinthe, Canada) 1 redirects

ASN376 (RISQ-AS, CA)
PTR: www.motivationeps.ca

monurl.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.154.35 (United States)

ASN30235 (TWINSERVERS, US)
PTR: usshared08.twinservers.net

usshared08.twinservers.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	twinservers.net usshared08.twinservers.net	2 KB
1	monurl.ca 1 redirects monurl.ca	360 B
3	2

	Domain	Requested by
3	usshared08.twinservers.net	usshared08.twinservers.net
1	monurl.ca	1 redirects
3	2

This site contains no links.

Subject Issuer	Validity	Valid
usshared08.twinservers.net cPanel, Inc. Certification Authority	`2022-02-05` - `2022-05-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI
Frame ID: 4828F1BAF0DBC7B22E486837893844CA
Requests: 1 HTTP requests in this frame

Frame: https://usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/?i=&i=P2BYY
Frame ID: 20D9002CBD90B34EBF92A790846A7B47
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://monurl.ca/hotographie HTTP 301
https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Page URL

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

2 kB
Transfer

3 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://monurl.ca/hotographie HTTP 301
https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response usshared08.twinservers.net/~razommed/ Redirect Chain https://monurl.ca/hotographie https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI	561 B 547 B	165ms 44ms	Document text/html	162.247.154.35 TWINSERVERS
General Check archive.org Show headers Download Go to Full URL https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.247.154.35 , United States, ASN30235 (TWINSERVERS, US), Reverse DNS usshared08.twinservers.net Software LiteSpeed / PHP/7.2.34 Resource Hash `25c36c31e1e73199c65a27da0e9c22f2b199269184d79654b082b605cc0f9e04` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Accept-Language en-CA,en;q=0.9 Response headers x-powered-by PHP/7.2.34 content-type text/html; charset=UTF-8 content-length 275 content-encoding br vary Accept-Encoding,User-Agent date Tue, 29 Mar 2022 20:25:42 GMT server LiteSpeed alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" Redirect headers Date Tue, 29 Mar 2022 20:25:41 GMT Server Apache/2.4.53 (Ubuntu) X-Robots-Tag noindex Location https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H2	200	/ Show response usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/ Frame 20D9	2 KB 654 B	42ms 41ms	Document text/html	162.247.154.35 TWINSERVERS
General Check archive.org Show headers Download Go to Full URL https://usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/?i=&i=P2BYY Requested by Host: usshared08.twinservers.net URL: https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.247.154.35 , United States, ASN30235 (TWINSERVERS, US), Reverse DNS usshared08.twinservers.net Software LiteSpeed / PHP/7.2.34 Resource Hash `03184ae442bef9645598edee172ada62e6baf053009adcc732527f611f0a19bf` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://usshared08.twinservers.net/~razommed/?do=Ly8vbW9iaWxlZnJhbmNlL2xvZ2luLz9pPSZhbXA7aT1QMkJZWQ==&wscvI Response headers x-powered-by PHP/7.2.34 content-type text/html; charset=UTF-8 content-length 615 content-encoding br vary Accept-Encoding,User-Agent date Tue, 29 Mar 2022 20:25:42 GMT server LiteSpeed
GET H2	200	stylesheet.css usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/ Frame 20D9	1 KB 519 B	41ms 41ms	Stylesheet text/css	162.247.154.35 TWINSERVERS
General Check archive.org Show headers Download Go to Full URL https://usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/stylesheet.css Requested by Host: usshared08.twinservers.net URL: https://usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/?i=&i=P2BYY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.247.154.35 , United States, ASN30235 (TWINSERVERS, US), Reverse DNS usshared08.twinservers.net Software LiteSpeed / Resource Hash `549feae64965edf6cd1bedf9b849f2e5f0b8220cf91edce44d1fe02aa412141d` Request headers Accept-Language en-CA,en;q=0.9 Referer https://usshared08.twinservers.net/~razommed/js-pVGmcLO///mobilefrance/login/?i=&i=P2BYY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers date Tue, 29 Mar 2022 20:25:42 GMT content-encoding br last-modified Tue, 25 May 2021 17:40:11 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 412 expires Tue, 05 Apr 2022 20:25:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

monurl.ca
usshared08.twinservers.net
132.219.135.140
162.247.154.35
03184ae442bef9645598edee172ada62e6baf053009adcc732527f611f0a19bf
25c36c31e1e73199c65a27da0e9c22f2b199269184d79654b082b605cc0f9e04
549feae64965edf6cd1bedf9b849f2e5f0b8220cf91edce44d1fe02aa412141d

usshared08.twinservers.net Open in urlscan Pro 162.247.154.35 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

2 kBTransfer

3 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

usshared08.twinservers.net Open in urlscan Pro
162.247.154.35 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

2 kB
Transfer

3 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!