instagramhelp1288173394636262.ml

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 89.163.138.120, located in Germany and belongs to MYLOC-AS IP Backbone of myLoc managed IT AG, DE. The main domain is instagramhelp1288173394636262.ml.
TLS certificate: Issued by R3 on February 6th 2022. Valid for: 3 months.

This is the only time instagramhelp1288173394636262.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
3	89.163.138.120 89.163.138.120	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2606:4700:303... 2606:4700:3035::6815:5cc8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e2:... 2606:4700:e2::ac40:850a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	3

3 89.163.138.120 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: edebali.kebirhost.com

instagramhelp1288173394636262.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:5cc8 (United States)

ASN13335 (CLOUDFLARENET, US)

kit-free.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:850a (United States)

ASN13335 (CLOUDFLARENET, US)

brandlogos.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	instagramhelp1288173394636262.ml instagramhelp1288173394636262.ml	182 KB
1	brandlogos.net brandlogos.net	27 KB
1	fontawesome.com kit-free.fontawesome.com — Cisco Umbrella Rank: 22478	13 KB
5	3

	Domain	Requested by
3	instagramhelp1288173394636262.ml	instagramhelp1288173394636262.ml
1	brandlogos.net	instagramhelp1288173394636262.ml
1	kit-free.fontawesome.com	instagramhelp1288173394636262.ml
5	3

This site contains no links.

Subject Issuer	Validity	Valid
instagramhelp1288173394636262.ml R3	`2022-02-06` - `2022-05-07`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://instagramhelp1288173394636262.ml/
Frame ID: 629F5B65EB5AFF5E196B246539E7C0ED
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Verified Badges | Help Center

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

5
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

222 kB
Transfer

270 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response instagramhelp1288173394636262.ml/	3 KB 1 KB	764ms 266ms	Document text/html	89.163.138.120 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://instagramhelp1288173394636262.ml/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 89.163.138.120 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS edebali.kebirhost.com Software nginx / PHP/7.4.27 Resource Hash `54012213e320a1f225ff1ca39c1d0ee2a3f7069535612e67cda99ab5c1470ea2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers server nginx date Mon, 07 Feb 2022 20:09:15 GMT content-type text/html; charset=UTF-8 content-length 1307 x-powered-by PHP/7.4.27 vary Accept-Encoding,User-Agent content-encoding gzip
GET H2	200	main.css instagramhelp1288173394636262.ml/	3 KB 1 KB	254ms 253ms	Stylesheet text/css	89.163.138.120 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://instagramhelp1288173394636262.ml/main.css Requested by Host: instagramhelp1288173394636262.ml URL: https://instagramhelp1288173394636262.ml/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 89.163.138.120 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS edebali.kebirhost.com Software nginx / Resource Hash `cc3b55a2e258629c10f158fcf5928906685be0dc78875082f12799c65e4dc62d` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://instagramhelp1288173394636262.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 07 Feb 2022 20:09:15 GMT content-encoding gzip last-modified Sat, 27 Nov 2021 17:56:17 GMT server nginx etag W/"61a27141-cb4" vary Accept-Encoding content-type text/css
GET H2	200	free.min.css kit-free.fontawesome.com/releases/latest/css/	59 KB 13 KB	20ms 11ms	Stylesheet text/css	2606:4700:3035::6815:5cc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kit-free.fontawesome.com/releases/latest/css/free.min.css Requested by Host: instagramhelp1288173394636262.ml URL: https://instagramhelp1288173394636262.ml/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:5cc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://instagramhelp1288173394636262.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 07 Feb 2022 20:09:15 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1080 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-request-id FSNSR7WJ4X1B2ABB x-amz-id-2 sHIn0sdIKSMsv8a+CcG0siTAws9AtUePiyAk6zDGidTb46QOwVMntDDGzLSPW4jH8FYfYS7Aje4= last-modified Wed, 04 Aug 2021 21:22:50 GMT server cloudflare etag W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1YCM%2FFB2e1NJ2YU47w7ww8rlSjmnI7asuDqFNawFa%2BnERV3bBWec%2BS7f%2FoE1V2UfACkHGO8ydFZvS1VZ9vAHK7s6EDzNkNiIMC6Zp5ouQO3A%2BCmWQgK%2FKAYi5UpojB5%2FscQpOVG6s%2Fre7zhO5UCTs2dMMHFWqvs%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=1800 cf-ray 6d9f413f6a112065-NRT
GET H2	200	Instagram-logo.png brandlogos.net/wp-content/uploads/2016/06/	26 KB 27 KB	752ms 743ms	Image image/png	2606:4700:e2::ac40:850a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://brandlogos.net/wp-content/uploads/2016/06/Instagram-logo.png Requested by Host: instagramhelp1288173394636262.ml URL: https://instagramhelp1288173394636262.ml/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:850a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2030697efca6c6891dd9ccb5fc0bb8f2d61d0837bf6dad6ccf1f144c830554b6` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://instagramhelp1288173394636262.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 07 Feb 2022 20:09:16 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 26527 pragma public last-modified Sun, 12 Jun 2016 16:34:14 GMT server cloudflare etag "575d8f06-679f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dt3PSNa03mpi%2FKA4w%2FT6jjqWogoduI4iRgFagzp%2B3GkO0p6%2FjWW2TdtOxfrhoJIDMYnSenGEHGvTR%2Fmuvp6Lcu6wBr6zsFCTdd2cKOgEROzA5hDwjmU3xU5FSoym48S69jgcjxRAVj85QNCM8Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000, must-revalidate, proxy-revalidate accept-ranges bytes cf-ray 6d9f413f6f7a8090-NRT expires Wed, 09 Mar 2022 20:09:15 GMT
GET H2	200	richy.jpg instagramhelp1288173394636262.ml/	179 KB 179 KB	498ms 497ms	Image image/jpeg	89.163.138.120 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://instagramhelp1288173394636262.ml/richy.jpg Requested by Host: instagramhelp1288173394636262.ml URL: https://instagramhelp1288173394636262.ml/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 89.163.138.120 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS edebali.kebirhost.com Software nginx / Resource Hash `38e0fc729a48ab90004406e7c728fa0bdb87b638c6301d4e5de05b22d275bf84` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://instagramhelp1288173394636262.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 07 Feb 2022 20:09:15 GMT last-modified Wed, 07 Jul 2021 19:58:54 GMT server nginx accept-ranges bytes etag "60e6077e-2cc3a" content-length 183354 content-type image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://instagramhelp1288173394636262.ml/(Line 7) Message: The key "inital-scale" is not recognized and ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

brandlogos.net
instagramhelp1288173394636262.ml
kit-free.fontawesome.com
2606:4700:3035::6815:5cc8
2606:4700:e2::ac40:850a
89.163.138.120
2030697efca6c6891dd9ccb5fc0bb8f2d61d0837bf6dad6ccf1f144c830554b6
38e0fc729a48ab90004406e7c728fa0bdb87b638c6301d4e5de05b22d275bf84
54012213e320a1f225ff1ca39c1d0ee2a3f7069535612e67cda99ab5c1470ea2
cc3b55a2e258629c10f158fcf5928906685be0dc78875082f12799c65e4dc62d
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

instagramhelp1288173394636262.ml Open in urlscan Pro 89.163.138.120 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

222 kBTransfer

270 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

instagramhelp1288173394636262.ml Open in urlscan Pro
89.163.138.120 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

222 kB
Transfer

270 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!