urlscan.io logo urlscan.io
SecurityTrails logo

twitterhelp-exclusive.com Open in urlscan Pro
4.227.202.73  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://twitterhelp-exclusive.com/mail.php
Submission Tags: falconsandbox
Submission: On October 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 4.227.202.73, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is twitterhelp-exclusive.com.
TLS certificate: Issued by R3 on October 1st 2022. Valid for: 3 months.
This is the only time twitterhelp-exclusive.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 4.227.202.73 8075 (MICROSOFT...)
1 13.211.241.244 16509 (AMAZON-02)
3 2a03:2880:f22... 32934 (FACEBOOK)
1 198.37.116.50 17216 (DC74-AS)
7 5
Domain Requested by
3 www.instagram.com twitterhelp-exclusive.com
1 ads.mgmt.somee.com twitterhelp-exclusive.com
1 thoughtfulschools.org.au twitterhelp-exclusive.com
1 twitterhelp-exclusive.com
0 vb1700.mgmt.somee.com Failed twitterhelp-exclusive.com
7 5

This site contains links to these domains. Also see Links.

Domain
somee.com
Subject Issuer Validity Valid
twitterhelp-exclusive.com
R3		 2022-10-01 -
2022-12-30		 3 months crt.sh
thoughtfulschools.org.au
R3		 2022-08-04 -
2022-11-02		 3 months crt.sh
*.www.instagram.com
DigiCert SHA2 High Assurance Server CA		 2022-07-14 -
2022-10-12		 3 months crt.sh
ads.mgmt.somee.com
R3		 2022-09-18 -
2022-12-17		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://twitterhelp-exclusive.com/mail.php
Frame ID: C5961B2EE8310128D8250D30D6F89083
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Twitter

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

7
Requests

86 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

454 kB
Transfer

619 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request mail.php
twitterhelp-exclusive.com/ 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://twitterhelp-exclusive.com/mail.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
4.227.202.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx / PHP/8.0.24 PleskLin
Resource Hash
49ddcb8734a8477ce0916ec4cb081a4c0e0dbd0c167450a140ab1f4e41d028de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 04 Oct 2022 17:02:44 GMT
server
nginx
x-powered-by
PHP/8.0.24 PleskLin
Twitter-gif-2.gif
thoughtfulschools.org.au/wp-content/uploads/2021/11/ 		416 KB
416 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thoughtfulschools.org.au/wp-content/uploads/2021/11/Twitter-gif-2.gif
Requested by
Host: twitterhelp-exclusive.com
URL: https://twitterhelp-exclusive.com/mail.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.211.241.244 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
kuuwa.com.au
Software
Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash
ed005e3b951925a5e37e3fe6d0b15d3dc11c95bc6a10ad6de309f6db20542bbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://twitterhelp-exclusive.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Tue, 04 Oct 2022 17:02:45 GMT
Last-Modified
Mon, 29 Nov 2021 06:09:07 GMT
Server
Apache/2.4.54 () OpenSSL/1.0.2k-fips
ETag
"67e72-5d1e7474a09ea"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
425586
4c68346f3fc7.css
www.instagram.com/static/bundles/es6/ConsumerUICommons.css/ 		113 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/static/bundles/es6/ConsumerUICommons.css/4c68346f3fc7.css
Requested by
Host: twitterhelp-exclusive.com
URL: https://twitterhelp-exclusive.com/mail.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8ba4b1252264531dd9c3470451173cd553e4832ed959857dd6c3f2b319be4899

Request headers

Referer
https://twitterhelp-exclusive.com/
Origin
https://twitterhelp-exclusive.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 06:17:52 GMT
content-encoding
br
x-fb-trip-id
1679558926
etag
"4c68346f3fc7"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
13907
f5339c1f472f.css
www.instagram.com/static/bundles/es6/ConsumerAsyncCommons.css/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/static/bundles/es6/ConsumerAsyncCommons.css/f5339c1f472f.css
Requested by
Host: twitterhelp-exclusive.com
URL: https://twitterhelp-exclusive.com/mail.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c6f34c73fb517a1dcb1e10298b863bc04e21485a3fb88b19310494670b6bed6a

Request headers

Referer
https://twitterhelp-exclusive.com/
Origin
https://twitterhelp-exclusive.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 06:17:52 GMT
content-encoding
br
x-fb-trip-id
1679558926
etag
"f5339c1f472f"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
3080
e6dcc76c8eaf.css
www.instagram.com/static/bundles/es6/Challenge.css/ 		65 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/static/bundles/es6/Challenge.css/e6dcc76c8eaf.css
Requested by
Host: twitterhelp-exclusive.com
URL: https://twitterhelp-exclusive.com/mail.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
16c16a825280d02191f5bfa3b9084965ccfe31ca16621354c2625fd0e7e15dd3

Request headers

Referer
https://twitterhelp-exclusive.com/
Origin
https://twitterhelp-exclusive.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 06:17:52 GMT
content-encoding
br
x-fb-trip-id
1679558926
etag
"e6dcc76c8eaf"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
17468
WholeInsert4.js
ads.mgmt.somee.com/serveimages/ad2/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.mgmt.somee.com/serveimages/ad2/WholeInsert4.js
Requested by
Host: twitterhelp-exclusive.com
URL: https://twitterhelp-exclusive.com/mail.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.37.116.50 Miami, United States, ASN17216 (DC74-AS, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f0847b313c3f0714d708fd7402e2babc6e7db1d445819859c6aaaf4b743539c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://twitterhelp-exclusive.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Tue, 04 Oct 2022 17:02:44 GMT
content-encoding
gzip
last-modified
Tue, 27 Dec 2016 18:04:08 GMT
server
Microsoft-IIS/10.0
etag
"01c419e6b60d21:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
1533
DOProcessAdClick.aspx
vb1700.mgmt.somee.com/dzwebsvc/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
vb1700.mgmt.somee.com
URL
https://vb1700.mgmt.somee.com/dzwebsvc/DOProcessAdClick.aspx?cid=someehost&ct=h&p=0&rn=0.8949406042891557&c=1&vr=adwords&r=&fr=0&pg=https%3A//twitterhelp-exclusive.com/mail.php&go=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation boolean| Ssac boolean| Ssc function| Ss_sec function| S_ssac function| D_ssac function| Do_se function| S_tst object| sEmpty function| findX function| findY function| checkFrame boolean| chFr string| ins string| Mu object| Md object| Mnv number| Mp number| Mc number| Mrn number| Mn string| Mz number| Mfr string| My object| smeimg

1 Cookies

Domain/Path Name / Value
twitterhelp-exclusive.com/ Name: b
Value: b

1 Console Messages

Source Level URL
Text
security warning URL: https://twitterhelp-exclusive.com/mail.php
Message:
Mixed Content: The page at 'https://twitterhelp-exclusive.com/mail.php' was loaded over HTTPS, but requested an insecure element 'http://vb1700.mgmt.somee.com/dzwebsvc/DOProcessAdClick.aspx?cid=someehost&ct=h&p=0&rn=0.8949406042891557&c=1&vr=adwords&r=&fr=0&pg=https%3A//twitterhelp-exclusive.com/mail.php&go='. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html