component.windows-remora-system.com Open in urlscan Pro
104.227.245.243 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://component.windows-remora-system.com/
Submission Tags: @phishunt_io
Submission: On January 04 via api (January 4th 2021, 1:45:41 am UTC) from ES

Summary HTTP 5 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 104.227.245.243, located in Stoney Creek, Canada and belongs to SERVER-MANIA, CA. The main domain is component.windows-remora-system.com.
TLS certificate: Issued by R3 on January 3rd 2021. Valid for: 3 months.

This is the only time component.windows-remora-system.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
4	104.227.245.243 104.227.245.243		55286 (SERVER-MANIA) (SERVER-MANIA)
5	2

4 104.227.245.243 (Stoney Creek, Canada)

ASN55286 (SERVER-MANIA, CA)

component.windows-remora-system.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
component.wrs-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	windows-remora-system.com component.windows-remora-system.com	19 KB
1	wrs-js.com component.wrs-js.com	859 B
0	vkrpep12.com Failed ef.vkrpep12.com Failed
5	3

	Domain	Requested by
3	component.windows-remora-system.com	component.windows-remora-system.com
1	component.wrs-js.com	component.windows-remora-system.com
0	ef.vkrpep12.com Failed	component.windows-remora-system.com
5	3

This site contains links to these domains. Also see Links.

Domain
twitter.com
facebook.com

Subject Issuer	Validity	Valid
component.rs-cd.com R3	`2021-01-03` - `2021-04-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://component.windows-remora-system.com/
Frame ID: F7AED0B404F3DEE69307ADBDF61CBD67
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

19 kB
Transfer

79 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/
Title: Advertisement 1

Search URL Search Domain Scan URL

URL: https://facebook.com/
Title: Advertisement 2

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response component.windows-remora-system.com/	1 KB 894 B	379ms 122ms	Document text/html	104.227.245.243 SERVER-MANIA
General Check archive.org Show headers Download Go to Full URL https://component.windows-remora-system.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.227.245.243 Stoney Creek, Canada, ASN55286 (SERVER-MANIA, CA), Reverse DNS Software nginx / PHP/7.3.25 Resource Hash `bd5f9a2fc4bf61dc2a3b86cf61c7ce7c1c863ca8ecbfb2738ae8ac2fad4cf704` Request headers :method GET :authority component.windows-remora-system.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers server nginx date Mon, 04 Jan 2021 01:45:11 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding x-powered-by PHP/7.3.25 access-control-allow-origin * content-encoding gzip
GET H2	200	remora.js Show response component.windows-remora-system.com/	62 KB 14 KB	124ms 124ms	Script application/javascript	104.227.245.243 SERVER-MANIA
General Check archive.org Show headers Download Go to Full URL https://component.windows-remora-system.com/remora.js Requested by Host: component.windows-remora-system.com URL: https://component.windows-remora-system.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.227.245.243 Stoney Creek, Canada, ASN55286 (SERVER-MANIA, CA), Reverse DNS Software nginx / Resource Hash `9db39556bb5f0691a5d58a3968e56257ccb589dbf121f62b4e1975883eb3166d` Request headers Referer https://component.windows-remora-system.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 04 Jan 2021 01:45:11 GMT content-encoding gzip last-modified Fri, 17 Jul 2020 20:26:40 GMT server nginx etag W/"5f120980-f930" vary Accept-Encoding content-type application/javascript access-control-allow-origin *
GET H2	200	rem.php Show response component.wrs-js.com/	3 KB 859 B	392ms 131ms	XHR application/json	104.227.245.243 SERVER-MANIA
General Check archive.org Show headers Download Go to Full URL https://component.wrs-js.com/rem.php?pr=209228 Requested by Host: component.windows-remora-system.com URL: https://component.windows-remora-system.com/remora.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.227.245.243 Stoney Creek, Canada, ASN55286 (SERVER-MANIA, CA), Reverse DNS Software nginx / PHP/7.3.25 Resource Hash `bc63b4c39ff79f7f5d46214b37a0a50eb9c28b6ddf414e1b29d30657d9fe6db6` Request headers Referer https://component.windows-remora-system.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers access-control-allow-origin * date Mon, 04 Jan 2021 01:45:11 GMT content-encoding gzip server nginx x-powered-by PHP/7.3.25 vary Accept-Encoding content-type application/json
GET H2	200	d.js Show response component.windows-remora-system.com/	13 KB 4 KB	122ms 121ms	Script application/javascript	104.227.245.243 SERVER-MANIA
General Check archive.org Show headers Download Go to Full URL https://component.windows-remora-system.com/d.js Requested by Host: component.windows-remora-system.com URL: https://component.windows-remora-system.com/remora.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.227.245.243 Stoney Creek, Canada, ASN55286 (SERVER-MANIA, CA), Reverse DNS Software nginx / Resource Hash `2194b6b9766141903f0937300a1edbc4567ab18593cb295e569a2ef800c8ceb8` Request headers Referer https://component.windows-remora-system.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 04 Jan 2021 01:45:12 GMT content-encoding gzip last-modified Sat, 06 Jun 2020 01:44:07 GMT server nginx etag W/"5edaf4e7-3465" vary Accept-Encoding content-type application/javascript access-control-allow-origin *
GET		/ ef.vkrpep12.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ef.vkrpep12.com
URL: https://ef.vkrpep12.com/

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

61 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Settings fid tgXl53vZopSznqxyKo51lICrNnwCoB86McwMIRb6jkfnEouzCM
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Initalizing...
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: New..2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Settings fid tgXl53vZopSznqxyKo51lICrNnwCoB86McwMIRb6jkfnEouzCM
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: infofino [object Object]
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: ts [object Object]
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Now ads-- 0
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Current non monetized visit: 1 - Minimum visits to show ad: 3
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Initalizing...
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Moze
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: incinc
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: endincinc
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: Settings fid tgXl53vZopSznqxyKo51lICrNnwCoB86McwMIRb6jkfnEouzCM
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: del 119 r:2
console-api	log	URL: https://component.windows-remora-system.com/remora.js(Line 2) Message: inside del funt:adkpp_tm

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

component.windows-remora-system.com
component.wrs-js.com
ef.vkrpep12.com
ef.vkrpep12.com
104.227.245.243
2194b6b9766141903f0937300a1edbc4567ab18593cb295e569a2ef800c8ceb8
9db39556bb5f0691a5d58a3968e56257ccb589dbf121f62b4e1975883eb3166d
bc63b4c39ff79f7f5d46214b37a0a50eb9c28b6ddf414e1b29d30657d9fe6db6
bd5f9a2fc4bf61dc2a3b86cf61c7ce7c1c863ca8ecbfb2738ae8ac2fad4cf704

component.windows-remora-system.com Open in urlscan Pro 104.227.245.243 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

80 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

19 kBTransfer

79 kBSize

0 Cookies

2 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

0 Cookies

61 Console Messages

Indicators

component.windows-remora-system.com Open in urlscan Pro
104.227.245.243 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

19 kB
Transfer

79 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions