synbizsolutions.com Open in urlscan Pro
103.27.34.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://remigijusetp.lt/crf.html
Effective URL:
https://synbizsolutions.com/wp-content/plugins/press/cranew/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=gt...
Submission: On December 06 via manual (December 6th 2022, 11:41:18 pm UTC) from CA — Scanned from CA

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 12 domains to perform 30 HTTP transactions. The main IP is 103.27.34.3, located in Sydney, Australia and belongs to SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU. The main domain is synbizsolutions.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 19th 2022. Valid for: 3 months.

This is the only time synbizsolutions.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	79.98.26.40 79.98.26.40	212531 (INTERNETO...) (INTERNETO-VIZIJA)
14	103.27.34.3 103.27.34.3	45638 (SYNERGYWH...) (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD)
1	2606:4700:20:... 2606:4700:20::ac43:4739	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:21:... 2606:4700:21::8d65:780a	() ()
1	2606:4700:10:... 2606:4700:10::6816:4aab	() ()
1	13.32.164.97 13.32.164.97	() ()
1	18.222.157.208 18.222.157.208	() ()
1	104.18.36.173 104.18.36.173	() ()
1	2606:4700:e2:... 2606:4700:e2::ac40:8c1f	() ()
30	10

1 79.98.26.40 (Lithuania)

ASN212531 (INTERNETO-VIZIJA, LT)
PTR: storlapis.serveriai.lt

remigijusetp.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 103.27.34.3 (Sydney, Australia)

ASN45638 (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU)
PTR: s311.syd3.hostingplatform.net.au

synbizsolutions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4739 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:21::8d65:780a (None, )

ASN- ()

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:4aab (None, )

ASN- ()

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.164.97 (None, )

ASN- ()

get.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.222.157.208 (None, )

ASN- ()

pd.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.173 (None, )

ASN- ()

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:8c1f (None, )

ASN- ()

a.dtssrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	synbizsolutions.com synbizsolutions.com	144 KB
3	dtscout.com t.dtscout.com	5 KB
1	dtssrv.com a.dtssrv.com	592 B
1	tynt.com cdn.tynt.com	7 KB
1	sharethis.com pd.sharethis.com t.sharethis.com Failed	3 KB
1	s-onetag.com get.s-onetag.com onetag-geo.s-onetag.com Failed	30 KB
1	amung.us whos.amung.us	182 B
1	waust.at waust.at — Cisco Umbrella Rank: 32298	7 KB
1	remigijusetp.lt remigijusetp.lt	266 B
0	onaudience.com Failed pixel.onaudience.com Failed
0	dtscdn.com Failed t.dtscdn.com Failed
0	crwdcntrl.net Failed tags.crwdcntrl.net Failed
30	12

	Domain	Requested by
14	synbizsolutions.com	synbizsolutions.com
3	t.dtscout.com	waust.at t.dtscout.com
1	a.dtssrv.com	t.dtscout.com
1	cdn.tynt.com	waust.at
1	pd.sharethis.com	t.dtscout.com synbizsolutions.com
1	get.s-onetag.com	t.dtscout.com
1	whos.amung.us	waust.at
1	waust.at	synbizsolutions.com
1	remigijusetp.lt
0	t.sharethis.com Failed	pd.sharethis.com
0	onetag-geo.s-onetag.com Failed	get.s-onetag.com
0	pixel.onaudience.com Failed	synbizsolutions.com
0	t.dtscdn.com Failed	t.dtscout.com
0	tags.crwdcntrl.net Failed	t.dtscout.com
30	14

This site contains no links.

Subject Issuer	Validity	Valid
remigijusetp.lt R3	`2022-11-04` - `2023-02-02`	3 months	crt.sh
synbizsolutions.com cPanel, Inc. Certification Authority	`2022-11-19` - `2023-02-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-04` - `2023-07-04`	a year	crt.sh
*.dtscout.com GTS CA 1P5	`2022-11-30` - `2023-02-28`	3 months	crt.sh
*.amung.us Sectigo RSA Domain Validation Secure Server CA	`2022-05-18` - `2023-06-17`	a year	crt.sh
*.s-onetag.com Amazon	`2022-12-04` - `2024-01-02`	a year	crt.sh
sharethis.com Amazon	`2022-06-21` - `2023-07-20`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-07` - `2023-09-30`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://synbizsolutions.com/wp-content/plugins/press/cranew/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=gtKwaqhDBERDtyiaPPALSMLUMUOBgSYMLjJlZqpbuGfoENPUdQ
Frame ID: B9EAF85AFF76E60559AA66270A79B411
Requests: 28 HTTP requests in this frame

Frame: https://synbizsolutions.com/wp-content/plugins/press/cranew/door/sig-blk-en.svg
Frame ID: F278F44AC69489959044E2CCADEFFB47
Requests: 1 HTTP requests in this frame

Frame: https://synbizsolutions.com/wp-content/plugins/press/cranew/door/wmms-blk.svg
Frame ID: FEBA5896F2133996E710755DD892A028
Requests: 1 HTTP requests in this frame

Frame: https://t.dtscout.com/idg/?su=10401670370077000B0BE5B2AD19D7F3
Frame ID: 6531E31ADE13994842966C17299F0B2F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Step 1: Start your claim - Canadian Revenue Agency

Page URL History Show full URLs

https://remigijusetp.lt/crf.html Page URL
https://synbizsolutions.com/wp-content/plugins/press/cranew/ Page URL
https://synbizsolutions.com/wp-content/plugins/press/cranew/start.php?program=tax&target=details&lang=en... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

30
Requests

80 %
HTTPS

44 %
IPv6

12
Domains

14
Subdomains

10
IPs

3
Countries

197 kB
Transfer

764 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://remigijusetp.lt/crf.html Page URL
https://synbizsolutions.com/wp-content/plugins/press/cranew/ Page URL
https://synbizsolutions.com/wp-content/plugins/press/cranew/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=gtKwaqhDBERDtyiaPPALSMLUMUOBgSYMLjJlZqpbuGfoENPUdQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 crf.html Show response
remigijusetp.lt/ 124 B
266 B 1030ms
168ms Document
text/html 79.98.26.40
INTERNETO-VIZIJA

General

synbizsolutions.com Open in urlscan Pro 103.27.34.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

80 %HTTPS

44 %IPv6

12 Domains

14 Subdomains

10 IPs

3 Countries

197 kBTransfer

764 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

synbizsolutions.com Open in urlscan Pro
103.27.34.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

80 %
HTTPS

44 %
IPv6

12
Domains

14
Subdomains

10
IPs

3
Countries

197 kB
Transfer

764 kB
Size

1
Cookies

30 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!