twitterhelp-exclusive.com
Open in
urlscan Pro
4.227.202.73
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On October 04 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 1st 2022. Valid for: 3 months.
This is the only time twitterhelp-exclusive.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Instagram (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 4.227.202.73 4.227.202.73 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 13.211.241.244 13.211.241.244 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a03:2880:f22... 2a03:2880:f22d:e5:face:b00c:0:4420 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 198.37.116.50 198.37.116.50 | 17216 (DC74-AS) (DC74-AS) | |
7 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
twitterhelp-exclusive.com |
ASN16509 (AMAZON-02, US)
PTR: kuuwa.com.au
thoughtfulschools.org.au |
ASN32934 (FACEBOOK, US)
www.instagram.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
instagram.com
www.instagram.com — Cisco Umbrella Rank: 1396 |
34 KB |
1 |
somee.com
ads.mgmt.somee.com vb1700.mgmt.somee.com Failed |
2 KB |
1 |
thoughtfulschools.org.au
thoughtfulschools.org.au |
416 KB |
1 |
twitterhelp-exclusive.com
twitterhelp-exclusive.com |
3 KB |
7 | 4 |
Domain | Requested by | |
---|---|---|
3 | www.instagram.com |
twitterhelp-exclusive.com
|
1 | ads.mgmt.somee.com |
twitterhelp-exclusive.com
|
1 | thoughtfulschools.org.au |
twitterhelp-exclusive.com
|
1 | twitterhelp-exclusive.com | |
0 | vb1700.mgmt.somee.com Failed |
twitterhelp-exclusive.com
|
7 | 5 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
twitterhelp-exclusive.com R3 |
2022-10-01 - 2022-12-30 |
3 months | crt.sh |
thoughtfulschools.org.au R3 |
2022-08-04 - 2022-11-02 |
3 months | crt.sh |
*.www.instagram.com DigiCert SHA2 High Assurance Server CA |
2022-07-14 - 2022-10-12 |
3 months | crt.sh |
ads.mgmt.somee.com R3 |
2022-09-18 - 2022-12-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://twitterhelp-exclusive.com/mail.php
Frame ID: C5961B2EE8310128D8250D30D6F89083
Requests: 7 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Hosted Windows Virtual Server. 2.5GHz CPU, 1.5GB RAM, 60GB SSD. Try it now for $1!
Search URL Search Domain Scan URL
Title: Web hosting by Somee.com
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
mail.php
twitterhelp-exclusive.com/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Twitter-gif-2.gif
thoughtfulschools.org.au/wp-content/uploads/2021/11/ |
416 KB 416 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4c68346f3fc7.css
www.instagram.com/static/bundles/es6/ConsumerUICommons.css/ |
113 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f5339c1f472f.css
www.instagram.com/static/bundles/es6/ConsumerAsyncCommons.css/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e6dcc76c8eaf.css
www.instagram.com/static/bundles/es6/Challenge.css/ |
65 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WholeInsert4.js
ads.mgmt.somee.com/serveimages/ad2/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
DOProcessAdClick.aspx
vb1700.mgmt.somee.com/dzwebsvc/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- vb1700.mgmt.somee.com
- URL
- https://vb1700.mgmt.somee.com/dzwebsvc/DOProcessAdClick.aspx?cid=someehost&ct=h&p=0&rn=0.8949406042891557&c=1&vr=adwords&r=&fr=0&pg=https%3A//twitterhelp-exclusive.com/mail.php&go=
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Instagram (Social Network)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation boolean| Ssac boolean| Ssc function| Ss_sec function| S_ssac function| D_ssac function| Do_se function| S_tst object| sEmpty function| findX function| findY function| checkFrame boolean| chFr string| ins string| Mu object| Md object| Mnv number| Mp number| Mc number| Mrn number| Mn string| Mz number| Mfr string| My object| smeimg1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
twitterhelp-exclusive.com/ | Name: b Value: b |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads.mgmt.somee.com
thoughtfulschools.org.au
twitterhelp-exclusive.com
vb1700.mgmt.somee.com
www.instagram.com
vb1700.mgmt.somee.com
13.211.241.244
198.37.116.50
2a03:2880:f22d:e5:face:b00c:0:4420
4.227.202.73
16c16a825280d02191f5bfa3b9084965ccfe31ca16621354c2625fd0e7e15dd3
49ddcb8734a8477ce0916ec4cb081a4c0e0dbd0c167450a140ab1f4e41d028de
8ba4b1252264531dd9c3470451173cd553e4832ed959857dd6c3f2b319be4899
c6f34c73fb517a1dcb1e10298b863bc04e21485a3fb88b19310494670b6bed6a
ed005e3b951925a5e37e3fe6d0b15d3dc11c95bc6a10ad6de309f6db20542bbd
f0847b313c3f0714d708fd7402e2babc6e7db1d445819859c6aaaf4b743539c5