protakipci.com Open in urlscan Pro
2400:cb00:2048:1::681f:4e1f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://protakipci.com/member
Submission: On September 10 via automatic, source twitter_illegalFawn (September 10th 2017, 7:30:51 pm UTC)

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2400:cb00:2048:1::681f:4e1f, located in United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is protakipci.com.

This is the only time protakipci.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
2	2400:cb00:204... 2400:cb00:2048:1::681f:4e1f	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2400:cb00:204... 2400:cb00:2048:1::681f:4f1f	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	178.162.194.172 178.162.194.172	28753 (LEASEWEB-) (LEASEWEB-)
1	2a02:26f0:78:... 2a02:26f0:78::5f64:f89b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	67.202.94.93 67.202.94.93	32748 (STEADFAST) (STEADFAST - Steadfast)
2	146.185.16.146 146.185.16.146	() ()
7	6

2 2400:cb00:2048:1::681f:4e1f (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

protakipci.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::681f:4f1f (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

protakipci.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.194.172 (Germany)

ASN28753 (LEASEWEB-, DE)
PTR: img.webme.com

img.webme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:78::5f64:f89b (European Union)

ASN20940 (AKAMAI-ASN1, US)

instagramstatic-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.94.93 (Chicago, United States) 2 redirects

ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.185.16.146 (United Kingdom)

ASN- ()
PTR: 92b91092.rdns.100tb.com

widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	amung.us 2 redirects whos.amung.us widgets.amung.us	4 KB
3	protakipci.com protakipci.com	37 KB
1	akamaihd.net instagramstatic-a.akamaihd.net	98 KB
1	webme.com img.webme.com	14 KB
7	4

	Domain	Requested by
3	protakipci.com	protakipci.com
2	widgets.amung.us	protakipci.com
2	whos.amung.us	2 redirects
1	instagramstatic-a.akamaihd.net	protakipci.com
1	img.webme.com	protakipci.com
7	5

This site contains no links.

Subject Issuer	Validity	Valid
img.webme.com Let's Encrypt Authority X3	`2017-08-17` - `2017-11-15`	3 months	crt.sh
whos.amung.us GeoTrust EV SSL CA - G4	`2017-07-19` - `2018-05-22`	10 months	crt.sh

This page contains 1 frames:

Primary Page: http://protakipci.com/member
Frame ID: 18357.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i

Page Statistics

7
Requests

43 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

6
IPs

4
Countries

151 kB
Transfer

231 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://whos.amung.us/widget/begenapp.png HTTP 303
https://widgets.amung.us/classic/01/178.png

Request Chain 6

https://whos.amung.us/widget/takipapp.png HTTP 303
https://widgets.amung.us/classic/03/386.png

7 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request member Show response protakipci.com/	10 KB 3 KB	200ms 177ms	Document text/html	2400:cb00:2048:1::681f:4e1f CloudFlare
General Check archive.org Show headers Download Go to Full URL http://protakipci.com/member Protocol HTTP/1.1 Server 2400:cb00:2048:1::681f:4e1f , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `21edbe0661a37b5c47052fe4977b0fd1ffada226ed6a042ebe64c6691932b84b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma no-cache Date Sun, 10 Sep 2017 19:30:03 GMT Content-Encoding gzip Server cloudflare-nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive CF-RAY 39c4ccb093322702-FRA Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	instastyle.css protakipci.com/assets/style/	19 KB 4 KB	16ms 16ms	Stylesheet text/css	2400:cb00:2048:1::681f:4e1f CloudFlare
General Check archive.org Show headers Download Go to Full URL http://protakipci.com/assets/style/instastyle.css Requested by Host: protakipci.com URL: http://protakipci.com/member Protocol HTTP/1.1 Server 2400:cb00:2048:1::681f:4e1f , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `17ba9095df6d7bdee9ee66fd3ff1520540b0f52e73e0e9854529eab6da1be968` Request headers Referer http://protakipci.com/member User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 19:30:03 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Fri, 08 Sep 2017 10:46:28 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=2592000 Transfer-Encoding chunked Connection keep-alive CF-RAY 39c4ccb1c3e22702-FRA Expires Tue, 10 Oct 2017 19:30:03 GMT
GET H/1.1	200 OK	jquery.min.js Show response protakipci.com/assets/jquery/2.2.4/	84 KB 29 KB	36ms 30ms	Script application/javascript	2400:cb00:2048:1::681f:4f1f CloudFlare
General Check archive.org Show headers Download Go to Full URL http://protakipci.com/assets/jquery/2.2.4/jquery.min.js Requested by Host: protakipci.com URL: http://protakipci.com/member Protocol HTTP/1.1 Server 2400:cb00:2048:1::681f:4f1f , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `91ca3667520e23877447d0a62b2d4c74a17ea613d4f31f6efcc1406eb57e7361` Request headers Referer http://protakipci.com/member User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 19:30:03 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Fri, 08 Sep 2017 10:46:26 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=2592000 Transfer-Encoding chunked Connection keep-alive CF-RAY 39c4ccb1c22a6379-FRA Expires Tue, 10 Oct 2017 19:30:03 GMT
GET H/1.1	200 OK	sol_bayrak2.png img.webme.com/pic/h/htmlkodlari34/	14 KB 14 KB	128ms 24ms	Image image/png	178.162.194.172 LEASEWEB-
General Check archive.org Show headers Download Go to Show image Full URL https://img.webme.com/pic/h/htmlkodlari34/sol_bayrak2.png Requested by Host: protakipci.com URL: http://protakipci.com/member Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 178.162.194.172 , Germany, ASN28753 (LEASEWEB-, DE), Reverse DNS img.webme.com Software nginx / Resource Hash `aa730d402247cdfda443222be4d0f22fa242c9f240c2efa71cd9d1e6845e7d5e` Request headers Referer http://protakipci.com/member User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 19:30:03 GMT Via 1.1 varnish-v4, 1.1 varnish-v4 Last-Modified Sat, 10 Jan 2015 07:33:29 GMT Server nginx Age 32713 ETag "54b0d5c9-3816" X-Varnish 1041302037, 97917076 75242186 Connection keep-alive Accept-Ranges bytes Content-Type image/png Content-Length 14358 X-wm-VIP 193.238.27.18
GET H/1.1	200 OK	d11aca.png instagramstatic-a.akamaihd.net/h1/sprites/core/	99 KB 98 KB	48ms 11ms	Image image/png	2a02:26f0:78::5f64:f89b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL http://instagramstatic-a.akamaihd.net/h1/sprites/core/d11aca.png Requested by Host: protakipci.com URL: http://protakipci.com/member Protocol HTTP/1.1 Server 2a02:26f0:78::5f64:f89b , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software AmazonS3 / Resource Hash `83c6dc0b19ddf3f95c910488b6eb4e6b9714ade37bccebddfbfd166955f49e6a` Request headers Referer http://protakipci.com/assets/style/instastyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 19:30:03 GMT Content-Encoding gzip Last-Modified Tue, 05 Jul 2016 20:36:22 GMT Server AmazonS3 x-amz-request-id ACEADFA04FB0253F ETag "7dd6b8cdfecd3440e5dc5393b660e9db" Vary Accept-Encoding Content-Type image/png Access-Control-Allow-Origin * Cache-Control public,max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 100048 x-amz-id-2 renkKg2PIVe6RgLwcr9g89jBoSghdrEqivqDxbPMdHfB7lrKAUba5TXuFBiey+0mcdAmz2SsaxE=
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ab56951eedd7791b33138ce04d75fffa328d87970b59a8a417089b11cc856754` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET H/1.1	200 OK	178.png widgets.amung.us/classic/01/ Redirect Chain https://whos.amung.us/widget/begenapp.png https://widgets.amung.us/classic/01/178.png	2 KB 2 KB	62ms 17ms	Image image/png	146.185.16.146
General Check archive.org Show headers Download Go to Show image Full URL https://widgets.amung.us/classic/01/178.png Requested by Host: protakipci.com URL: http://protakipci.com/member Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 146.185.16.146 , United Kingdom, ASN (), Reverse DNS 92b91092.rdns.100tb.com Software nginx/1.9.6 / Resource Hash `12be1dabb4e840d69c40792488575124456b00c4994ff9fad11510f530c53030` Request headers Referer http://protakipci.com/member User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 19:30:03 GMT Last-Modified Sun, 13 Jun 2010 09:03:09 GMT Server nginx/1.9.6 ETag "4c149ecd-621" Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 1569 Expires Sun, 10 Sep 2017 19:30:02 GMT Redirect headers Location https://widgets.amung.us/classic/01/178.png Date Sun, 10 Sep 2017 19:30:03 GMT Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	386.png widgets.amung.us/classic/03/ Redirect Chain https://whos.amung.us/widget/takipapp.png https://widgets.amung.us/classic/03/386.png	2 KB 2 KB	52ms 17ms	Image image/png	146.185.16.146
General Check archive.org Show headers Download Go to Show image Full URL https://widgets.amung.us/classic/03/386.png Requested by Host: protakipci.com URL: http://protakipci.com/member Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 146.185.16.146 , United Kingdom, ASN (), Reverse DNS 92b91092.rdns.100tb.com Software nginx/1.9.6 / Resource Hash `f0240ecbe075efe0bb3a2cf5fcda52572554ea664c0c238793e6d794c1a779b1` Request headers Referer http://protakipci.com/member User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 19:30:03 GMT Last-Modified Sun, 13 Jun 2010 09:03:09 GMT Server nginx/1.9.6 ETag "4c149ecd-65e" Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 1630 Expires Sun, 10 Sep 2017 19:30:02 GMT Redirect headers Location https://widgets.amung.us/classic/03/386.png Date Sun, 10 Sep 2017 19:30:03 GMT Transfer-Encoding chunked Content-Type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.webme.com
instagramstatic-a.akamaihd.net
protakipci.com
whos.amung.us
widgets.amung.us
146.185.16.146
178.162.194.172
2400:cb00:2048:1::681f:4e1f
2400:cb00:2048:1::681f:4f1f
2a02:26f0:78::5f64:f89b
67.202.94.93
12be1dabb4e840d69c40792488575124456b00c4994ff9fad11510f530c53030
17ba9095df6d7bdee9ee66fd3ff1520540b0f52e73e0e9854529eab6da1be968
21edbe0661a37b5c47052fe4977b0fd1ffada226ed6a042ebe64c6691932b84b
83c6dc0b19ddf3f95c910488b6eb4e6b9714ade37bccebddfbfd166955f49e6a
91ca3667520e23877447d0a62b2d4c74a17ea613d4f31f6efcc1406eb57e7361
aa730d402247cdfda443222be4d0f22fa242c9f240c2efa71cd9d1e6845e7d5e
ab56951eedd7791b33138ce04d75fffa328d87970b59a8a417089b11cc856754
f0240ecbe075efe0bb3a2cf5fcda52572554ea664c0c238793e6d794c1a779b1

protakipci.com Open in urlscan Pro 2400:cb00:2048:1::681f:4e1f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

43 %HTTPS

50 %IPv6

4 Domains

5 Subdomains

6 IPs

4 Countries

151 kBTransfer

231 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

protakipci.com Open in urlscan Pro
2400:cb00:2048:1::681f:4e1f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

43 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

6
IPs

4
Countries

151 kB
Transfer

231 kB
Size

0
Cookies

7 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!