urlscan.io logo urlscan.io
SecurityTrails logo

entrychallenge-instagram.com Open in urlscan Pro
160.153.133.215  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://entrychallenge-instagram.com/
Submission: On November 27 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 160.153.133.215, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is entrychallenge-instagram.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 27th 2018. Valid for: 2 years.
This is the only time entrychallenge-instagram.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
6 160.153.133.215 26496 (AS-26496-...)
1 5 2a03:2880:f02... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
4 4 2406:da00:ff0... 14618 (AMAZON-AES)
4 2a03:2880:f22... 32934 (FACEBOOK)
2 2a03:2880:f12... 32934 (FACEBOOK)
17 5
6    160.153.133.215 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-160-153-133-215.ip.secureserver.net
entrychallenge-instagram.com
5    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
staticxx.facebook.com
1    2a00:1450:4001:816::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
4    2406:da00:ff00::342c:68f1 (United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
instagram.com
4    2a03:2880:f22d:e5:face:b00c:0:4420 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.instagram.com
2    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
Domain Requested by
6 entrychallenge-instagram.com entrychallenge-instagram.com
4 www.instagram.com entrychallenge-instagram.com
4 instagram.com 4 redirects
3 connect.facebook.net entrychallenge-instagram.com
connect.facebook.net
2 www.facebook.com entrychallenge-instagram.com
2 staticxx.facebook.com 1 redirects entrychallenge-instagram.com
1 ajax.googleapis.com entrychallenge-instagram.com
17 7

This site contains no links.

Subject Issuer Validity Valid
entrychallenge-instagram.com
Go Daddy Secure Certificate Authority - G2		 2018-11-27 -
2020-11-27		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh
*.googleapis.com
Google Internet Authority G3		 2018-10-30 -
2019-01-22		 3 months crt.sh
*.www.instagram.com
DigiCert SHA2 High Assurance Server CA		 2018-09-05 -
2019-12-12		 a year crt.sh

This page contains 2 frames:

Primary Page: https://entrychallenge-instagram.com/
Frame ID: D849CBFE622364A40151E5F223DF5366
Requests: 16 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
Frame ID: 2D47004E8F5D0DA02781CB9675D3E9E2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

17
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

7
Subdomains

5
IPs

2
Countries

324 kB
Transfer

704 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://instagram.com/files/6514c5e08593.js.indir HTTP 301
  • https://www.instagram.com/files/6514c5e08593.js.indir
Request Chain 9
  • https://instagram.com/files/fc3c22cf2d67.js.indir HTTP 301
  • https://www.instagram.com/files/fc3c22cf2d67.js.indir
Request Chain 10
  • https://instagram.com/files/f1abf980aaf5.js.indir HTTP 301
  • https://www.instagram.com/files/f1abf980aaf5.js.indir
Request Chain 11
  • https://instagram.com/files/8d4b99281427.js.indir HTTP 301
  • https://www.instagram.com/files/8d4b99281427.js.indir
Request Chain 12
  • https://staticxx.facebook.com/connect/xd_arbiter/r/2VRzCA39w_9.js?version=42 HTTP 302
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=43

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
entrychallenge-instagram.com/ 		234 KB
58 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://entrychallenge-instagram.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.133.215 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-133-215.ip.secureserver.net
Software
Apache / PHP/7.2.8
Resource Hash
8103d2ad6add3eb8c73279a3542adfb46e453e575e93afb5bdd522bc6a0aee3d

Request headers

Host
entrychallenge-instagram.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 27 Nov 2018 04:22:26 GMT
Server
Apache
X-Powered-By
PHP/7.2.8
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Keep-Alive
timeout=5
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
fbevents.js
connect.facebook.net/en_US/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
81b3511c035def5eb9622b30e2abeb52c5a0e276355cfe7b74c28ee0afbf4472
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
public
x-fb-debug
IjMdBkpQPNlQvMOho2wHj6E/1/bWu03lwlxqk/fBRJCpz2CeJXt28Wau0W58/Oz1p66ts3jgBub6Wt/1oe4MkA==
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 27 Nov 2018 04:22:26 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
strict-transport-security
max-age=31536000; preload; includeSubDomains
vary
Accept-Encoding
content-length
14862
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
1425767024389221
entrychallenge-instagram.com/files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://entrychallenge-instagram.com/files/1425767024389221
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.133.215 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-133-215.ip.secureserver.net
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
entrychallenge-instagram.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://entrychallenge-instagram.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 27 Nov 2018 04:22:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5
Content-Length
339
Content-Type
text/html; charset=iso-8859-1
fbevents.js.indir
entrychallenge-instagram.com/files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://entrychallenge-instagram.com/files/fbevents.js.indir
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.133.215 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-133-215.ip.secureserver.net
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
entrychallenge-instagram.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://entrychallenge-instagram.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 27 Nov 2018 04:22:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5
Content-Length
340
Content-Type
text/html; charset=iso-8859-1
1425767024389221(1)
entrychallenge-instagram.com/files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://entrychallenge-instagram.com/files/1425767024389221(1)
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.133.215 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-133-215.ip.secureserver.net
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
entrychallenge-instagram.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://entrychallenge-instagram.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 27 Nov 2018 04:22:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5
Content-Length
342
Content-Type
text/html; charset=iso-8859-1
fbevents.js(1).indir
entrychallenge-instagram.com/files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://entrychallenge-instagram.com/files/fbevents.js(1).indir
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.133.215 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-133-215.ip.secureserver.net
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
entrychallenge-instagram.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://entrychallenge-instagram.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 27 Nov 2018 04:22:26 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5
Content-Length
343
Content-Type
text/html; charset=iso-8859-1
1425767024389221
connect.facebook.net/signals/config/ 		160 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1425767024389221?v=2.8.24&r=stable
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6174b3dc8a828ef622050a03041cd373f5400760960131cbc472f65ea9559978
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-xss-protection
0
pragma
public
x-fb-debug
sYXkRm7CuydKucEwi3UtXBfpPwnQbvNliZGBwC8TJ5FZS6Al1zt6jIE0fHZbBu4qhm9kIvnCYJI8O5Ub2zAVrg==
x-frame-options
DENY
date
Tue, 27 Nov 2018 04:22:26 GMT
vary
Origin, Accept-Encoding
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
vpaQNA.png
entrychallenge-instagram.com/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://entrychallenge-instagram.com/vpaQNA.png
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.133.215 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-133-215.ip.secureserver.net
Software
Apache /
Resource Hash
9de8c2729ae5603e5a54ebdf8bb76187a8c30d6100b3855853c58eef222f1473

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
entrychallenge-instagram.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://entrychallenge-instagram.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 27 Nov 2018 04:22:26 GMT
Last-Modified
Tue, 27 Nov 2018 03:28:15 GMT
Server
Apache
ETag
"acc00d4-3a77-57b9d0a3b8753"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
14967
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 14 Nov 2018 14:24:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1087086
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
30399
x-xss-protection
1; mode=block
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Nov 2019 14:24:20 GMT
6514c5e08593.js.indir
www.instagram.com/files/
Redirect Chain
  • https://instagram.com/files/6514c5e08593.js.indir
  • https://www.instagram.com/files/6514c5e08593.js.indir
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/files/6514c5e08593.js.indir
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Redirect headers

pragma
no-cache
strict-transport-security
max-age=60
x-content-type-options
nosniff
status
301
date
Tue, 27 Nov 2018 04:22:26 GMT
x-frame-options
SAMEORIGIN
content-language
en
location
https://www.instagram.com/files/6514c5e08593.js.indir
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
content-type
text/html; charset=utf-8
vary
Accept-Language
content-length
0
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
fc3c22cf2d67.js.indir
www.instagram.com/files/
Redirect Chain
  • https://instagram.com/files/fc3c22cf2d67.js.indir
  • https://www.instagram.com/files/fc3c22cf2d67.js.indir
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/files/fc3c22cf2d67.js.indir
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Redirect headers

pragma
no-cache
strict-transport-security
max-age=60
x-content-type-options
nosniff
status
301
date
Tue, 27 Nov 2018 04:22:26 GMT
x-frame-options
SAMEORIGIN
content-language
en
location
https://www.instagram.com/files/fc3c22cf2d67.js.indir
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
content-type
text/html; charset=utf-8
vary
Accept-Language
content-length
0
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
f1abf980aaf5.js.indir
www.instagram.com/files/
Redirect Chain
  • https://instagram.com/files/f1abf980aaf5.js.indir
  • https://www.instagram.com/files/f1abf980aaf5.js.indir
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/files/f1abf980aaf5.js.indir
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Nov 2018 04:22:27 GMT
x-content-type-options
nosniff
status
404
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
null
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
strict-transport-security
max-age=60
content-type
text/html; charset=utf-8
vary
Accept-Language, Cookie
content-length
19712
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=60
x-content-type-options
nosniff
access-control-allow-origin
https://entrychallenge-instagram.com
status
301
content-length
0
x-xss-protection
0
pragma
no-cache
x-frame-options
SAMEORIGIN
date
Tue, 27 Nov 2018 04:22:26 GMT
vary
Accept-Language
content-language
en
location
https://www.instagram.com/files/f1abf980aaf5.js.indir
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
content-type
text/html; charset=utf-8
expires
Sat, 01 Jan 2000 00:00:00 GMT
8d4b99281427.js.indir
www.instagram.com/files/
Redirect Chain
  • https://instagram.com/files/8d4b99281427.js.indir
  • https://www.instagram.com/files/8d4b99281427.js.indir
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/files/8d4b99281427.js.indir
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:2880:f22d:e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Nov 2018 04:22:27 GMT
x-content-type-options
nosniff
status
404
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
null
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
strict-transport-security
max-age=60
content-type
text/html; charset=utf-8
vary
Accept-Language, Cookie
content-length
19712
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=60
x-content-type-options
nosniff
access-control-allow-origin
https://entrychallenge-instagram.com
status
301
content-length
0
x-xss-protection
0
pragma
no-cache
x-frame-options
SAMEORIGIN
date
Tue, 27 Nov 2018 04:22:26 GMT
vary
Accept-Language
content-language
en
location
https://www.instagram.com/files/8d4b99281427.js.indir
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
content-type
text/html; charset=utf-8
expires
Sat, 01 Jan 2000 00:00:00 GMT
xd_arbiter.php
staticxx.facebook.com/connect/ Frame 2D47
Redirect Chain
  • https://staticxx.facebook.com/connect/xd_arbiter/r/2VRzCA39w_9.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=43
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://entrychallenge-instagram.com/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://entrychallenge-instagram.com/

Response headers

status
200
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
x-xss-protection
0
expires
Tue, 26 Nov 2019 23:47:59 GMT
cache-control
public,max-age=31536000,immutable
x-fb-debug
NM3OPLB0jqMU06EVwlvxzTTxaZHJ2PxFD4V3QwpX1+KtiOUDMyTuZjPogHkhy7bLdkkjG0nIEBHduhTkur7YoQ==
content-length
39457
date
Tue, 27 Nov 2018 04:22:26 GMT

Redirect headers

status
302
strict-transport-security
max-age=15552000; preload
location
https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
x-content-type-options
nosniff
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
x-xss-protection
0
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
content-type
text/html; charset="utf-8"
x-fb-debug
CJE2qj2hYm2QY6hG0ZxCgNcgLY7DhONDS11eEF8pklyfwomJhcEJ1ANdKJnGBpShPmmrw2f135OdfeVCnGUZEg==
content-length
0
date
Tue, 27 Nov 2018 04:22:26 GMT
1425767024389221
connect.facebook.net/signals/config/ 		160 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1425767024389221?v=2.8.33&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
aef052f11dc61ef7be56eef97106864a7667394cc5d7daf7dfbb86a5f9d98dc9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-type-options
nosniff
status
200
content-length
163679
x-xss-protection
0
pragma
public
x-fb-debug
MC2c6UaQVgws+D/2aV89art+d7fG3RGjtMHBzXvw7xQwOtfRuAIXRPVVc8Mm1IZH+U3Lxxr5RUcnc+TfZEZa6w==
x-frame-options
DENY
date
Tue, 27 Nov 2018 04:22:27 GMT
vary
Origin
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1425767024389221&ev=PageView&dl=https%3A%2F%2Fentrychallenge-instagram.com%2F&rl=&if=false&ts=1543292547180&sw=1600&sh=1200&v=2.8.33&r=stable&ec=0&o=30&it=1543292547141&coo=false
Requested by
Host: entrychallenge-instagram.com
URL: https://entrychallenge-instagram.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 27 Nov 2018 04:22:27 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Tue, 27 Nov 2018 04:22:27 GMT
/
www.facebook.com/tr/ 		44 B
144 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1425767024389221&ev=Microdata&dl=https%3A%2F%2Fentrychallenge-instagram.com%2F&rl=&if=false&ts=1543292548683&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%7D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5CnSecurity%20%E2%80%A2%20Instagram%5Cn%5Cn%22%7D&cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.8.33&r=stable&ec=1&o=30&it=1543292547141&coo=false&es=automatic
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://entrychallenge-instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 27 Nov 2018 04:22:28 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Tue, 27 Nov 2018 04:22:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| _sharedData function| fbq function| _fbq object| __core-js_shared__

1 Cookies

Domain/Path Name / Value
.facebook.com/ Name: fr
Value: 0FimA2HbY1RbuUpDO..Bb_MaD...1.0.Bb_MaD.

1 Console Messages

Source Level URL
Text
console-api warning URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js(Line 2)
Message:
jQuery.Deferred exception: Cannot read property 'value' of null