# twtr023.surge.sh — MALICIOUS

> twtr023.surge.sh is under investigation for phishing risks. Learn how it works and what to do if you visited. Stay safe with PhishDestroy.

## Summary
PhishDestroy has identified twtr023.surge.sh as a domain under investigation for generic phishing activity. Although no security vendors have flagged it on VirusTotal, the domain's association with the Surge.sh platform and suspicious naming patterns raise concerns. Phishing sites often aim to trick users into revealing sensitive information by mimicking legitimate services.

This phishing attempt likely involves deceptive content hosted on twtr023.surge.sh designed to harvest credentials or personal data. Users may be lured via emails or messages to visit this domain, which can impersonate trusted brands or social platforms. The domain resolves to IP address 138.197.235.123 and is registered through Surge.sh, a common hosting service sometimes abused by attackers.

If you have visited twtr023.surge.sh, it is important to avoid entering any personal or login information. Immediately change passwords on any accounts that might be compromised and enable two-factor authentication where possible. Monitor your accounts for suspicious activity and consider running a full malware scan on your devices. Reporting the domain to your security team or through online phishing reporting tools can help protect others.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 451)
- Page title: Unavailable

## Domain Intelligence
- Registered: 2026-03-07 13:07:01
- Registrar: Surge.sh
- IP: 138.197.235.123
- IP Country: US
- IP City: Santa Clara
- IP Org: AS14061 DigitalOcean, LLC
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Sectigo Limited / Sectigo RSA Domain Validation Secure Server CA

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "DNS8", "G-Data", "Gridinsoft", "Kaspersky", "MalwareURL", "OpenPhish"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc821-d714-7794-b8ef-7c725510d113.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0596799c-c7bf-4e68-ab37-4c2981a19325
- Wayback Machine: https://web.archive.org/web/https://twtr023.surge.sh
- PhishDestroy: https://phishdestroy.io/domain/twtr023.surge.sh/
- LLM endpoint: https://phishdestroy.io/domain/twtr023.surge.sh/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/twtr023.surge.sh/
Last updated: 2026-03-19