# twtr037.surge.sh — MALICIOUS

> twtr037.surge.sh was flagged as a medium-risk phishing site. Learn why it was blocked and how to stay safe from similar scams.

## Summary
PhishDestroy has identified twtr037.surge.sh as a medium-risk phishing domain that was recently taken offline. Phishing sites like this pose significant threats by attempting to trick users into revealing sensitive information such as passwords, financial data, or personal details. Even though the domain is no longer active, its presence on multiple security blocklists signals its prior malicious intent.

This phishing operation relied on the domain twtr037.surge.sh, registered through Surge.sh in early March 2026, and resolved to IP address 138.197.235.123. While the page title was unavailable, evidence from VirusTotal indicates that 6 out of 95 security vendors flagged the domain, underscoring its suspicious nature. Such phishing pages often mimic legitimate services or platforms to deceive users into submitting confidential data, enabling cybercriminals to commit fraud or identity theft.

If you have visited twtr037.surge.sh, it is important to remain vigilant. Immediately change any passwords you may have entered, monitor your accounts for unusual activity, and consider enabling two-factor authentication wherever possible. Users should also run a comprehensive antivirus scan and remain cautious about unsolicited messages or links. Staying informed and verifying website authenticity can help prevent falling victim to similar phishing scams in the future.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 451)
- Page title: Unavailable

## Domain Intelligence
- Registered: 2026-03-07 15:07:01
- Registrar: Surge.sh
- IP: 138.197.235.123
- IP Country: US
- IP City: Santa Clara
- IP Org: AS14061 DigitalOcean, LLC
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Sectigo Limited / Sectigo RSA Domain Validation Secure Server CA

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: ["DNS8", "Emsisoft", "G-Data", "Gridinsoft", "Netcraft", "OpenPhish"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc890-3427-77c8-b09d-17a50cd7d9c9.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/45823d11-97a5-48f9-924b-756453c2efcc
- Wayback Machine: https://web.archive.org/web/https://twtr037.surge.sh
- PhishDestroy: https://phishdestroy.io/domain/twtr037.surge.sh/
- LLM endpoint: https://phishdestroy.io/domain/twtr037.surge.sh/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/twtr037.surge.sh/
Last updated: 2026-03-19