instagramverifyscc.ga Open in urlscan Pro
2606:4700:3037::681b:a4b3  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response instagramverifyscc.ga/	2 KB 1 KB	611ms 551ms	Document text/html	2606:4700:3037::681b:a4b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://instagramverifyscc.ga/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:a4b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.38 ASP.NET Resource Hash 2cba6cf1bc41937ab7bec673d883ce40541fd9f27018c99b9345d83ceb7b6f38 Request headers :method GET :authority instagramverifyscc.ga :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 02:46:39 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d76b87c356046c6be81feb3fa2119331f1610505998; expires=Fri, 12-Feb-21 02:46:38 GMT; path=/; domain=.instagramverifyscc.ga; HttpOnly; SameSite=Lax; Secure ARRAffinity=b8f2fc3c7e750633d8c2b6bdc9fb38eaad12d0161f093b301c1a9365f1f5546d;Path=/;Domain=instagramverifyscc.ga vary Accept-Encoding x-powered-by PHP/5.6.38 ASP.NET cf-cache-status DYNAMIC cf-request-id 079b3c6950000005eda59a6000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=O65d4XEZxTz5F2Mu8cBftqygKM3RZ7jveJ2IxlfOb6wCQ7UpdwTMzKCxiVY4qyazAwCqf42BlzT3ajj1lKde8PztMVjUIVnj93J7IfF1WqPm69x2xQimxEZERHTVj8sIpLc%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 610bc9bbbd0205ed-FRA content-encoding br
GET H2	200	main.css instagramverifyscc.ga/	3 KB 1 KB	552ms 551ms	Stylesheet text/css	2606:4700:3037::681b:a4b3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://instagramverifyscc.ga/main.css Requested by Host: instagramverifyscc.ga URL: https://instagramverifyscc.ga/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:a4b3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash 30ec974e4f604f22d60412ab21ab4cddc03643ba44b68a1adf48832ef4e0475d Request headers Referer https://instagramverifyscc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 02:46:39 GMT content-encoding br cf-cache-status MISS last-modified Wed, 13 Jan 2021 02:20:56 GMT server cloudflare x-powered-by ASP.NET etag W/"1c7bb3b952e9d61:0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2qldYBTrPx7TonRpc95wc8QTVQeHlI1Y6nQUjQTNY1t8mqzW5l%2BbDXUra14AoK6RvNZx4feKyUkp8obwC9HV4flHOyv0Fk7nxS00pNgtsGFK%2Be8f1kQta1VxcXG02BqnFTg%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 610bc9bf283405ed-FRA cf-request-id 079b3c6b7c000005eda0a97000000001
GET H2	200	free.min.css kit-free.fontawesome.com/releases/latest/css/	59 KB 14 KB	83ms 26ms	Stylesheet text/css	151.139.128.8 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://kit-free.fontawesome.com/releases/latest/css/free.min.css Requested by Host: instagramverifyscc.ga URL: https://instagramverifyscc.ga/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.8 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software / Resource Hash 4f02bd6f018d6f08c37c39f2d114101beac342c2c065046635e5ed0c42853590 Request headers Referer https://instagramverifyscc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 02:46:39 GMT content-encoding gzip last-modified Mon, 05 Oct 2020 16:00:45 GMT etag "1601913645" vary Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding x-hw 1610505999.cds011.lo4.hn,1610505999.cds209.lo4.c content-type text/css access-control-allow-origin * access-control-max-age 3000 cache-control max-age=60, private, must-revalidate access-control-allow-methods GET accept-ranges bytes content-length 13753
GET H2	200	cHgTep.png i.hizliresim.com/	9 KB 9 KB	33ms 11ms	Image image/png	2606:4700:3038::6815:e9d1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://i.hizliresim.com/cHgTep.png Requested by Host: instagramverifyscc.ga URL: https://instagramverifyscc.ga/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3038::6815:e9d1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 699b7d097cf9b72cd9c368900b1d7b19ceb94db0c23886fc58147c80d3152c15 Request headers Referer https://instagramverifyscc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 02:46:39 GMT cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 156296 cf-bgj csam-hash x-amz-request-id 3D3365549C9C0C7A x-amz-id-2 02vkVXUNyu2cQLJbdRlCTki0lhgSZCyo0QZsalATzGUJzo16lJB6qOp7VIjMhgAwEKmePo+gnhW6 last-modified Fri, 11 Sep 2020 19:04:02 GMT server cloudflare etag W/"bfb8c1d7518ca5d110abae73c013ba67" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XsqmofWY3ZEBe3P8ZWwcPW%2FPs5e1tNeZTgcGegITMKcydSal1DlQ6odHIjYqA3FNpTXWTe6vpFMmku6YEag6UF2Iv%2FuAT0aCua3HqdpYm4ssEQdcx4u0NuKWKqJx"}],"group":"cf-nel","max_age":604800} content-type image/png access-control-allow-origin * cache-control max-age=604800 cf-request-id 079b3c6b9100004ab6272e7000000001 cf-ray 610bc9bf4b974ab6-FRA expires Mon, 18 Jan 2021 07:21:43 GMT
GET H2	200	instagram-simgeler.gif hwp.com.tr/wp-content/uploads/2020/10/	2 MB 2 MB	252ms 222ms	Image image/gif	2606:4700:3032::681c:472 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hwp.com.tr/wp-content/uploads/2020/10/instagram-simgeler.gif Requested by Host: instagramverifyscc.ga URL: https://instagramverifyscc.ga/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::681c:472 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 01c2dd34c38060f7e8a6fbd2624288bc4b5b404a92b2f5c6a0fbe80c2593aa58 Request headers Referer https://instagramverifyscc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 02:46:39 GMT cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} content-length 2286653 cf-request-id 079b3c6b9900004a6ed51a7000000001 last-modified Tue, 06 Oct 2020 06:22:33 GMT server cloudflare etag "22e43d-5f7c0d29-622a67ba;;;" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eonBfcGy1XLagLT2lWuIlT7d6c%2FqYB9q%2FAQ81yxVFky2%2Fozhtfz%2BWj1cqFeTMumzz5bvhb6ztqhpvOKsVqpQDCBcCWz5HSoNgubR3jeI1dDI42q9AWah"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 610bc9bf5c5f4a6e-FRA expires Wed, 20 Jan 2021 02:46:34 GMT
GET H2	200	Facebook-Logo.png marka-logo.com/wp-content/uploads/2020/04/	34 KB 34 KB	75ms 18ms	Image image/png	45.82.68.161 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://marka-logo.com/wp-content/uploads/2020/04/Facebook-Logo.png Requested by Host: instagramverifyscc.ga URL: https://instagramverifyscc.ga/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 45.82.68.161 Seattle, United States, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS erreurs.net Software nginx/1.18.0 / Resource Hash 4c403fc26b9b547d1a430fec0f1c2fc07bcd001a5ac82867c017347f0f6e4c19 Request headers Referer https://instagramverifyscc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 02:46:39 GMT last-modified Wed, 08 Apr 2020 18:24:35 GMT server nginx/1.18.0 etag "5e8e16e3-88e8" content-type image/png cache-control max-age=31622400 accept-ranges bytes content-length 35048 expires Fri, 14 Jan 2022 02:46:39 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network) Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.instagramverifyscc.ga/	1969-12-31 23:59:59	Name: ARRAffinity Value: b8f2fc3c7e750633d8c2b6bdc9fb38eaad12d0161f093b301c1a9365f1f5546d
			.instagramverifyscc.ga/	1970-01-19 16:04:57	Name: __cfduid Value: d76b87c356046c6be81feb3fa2119331f1610505998

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hwp.com.tr
i.hizliresim.com
instagramverifyscc.ga
kit-free.fontawesome.com
marka-logo.com
151.139.128.8
2606:4700:3032::681c:472
2606:4700:3037::681b:a4b3
2606:4700:3038::6815:e9d1
45.82.68.161
01c2dd34c38060f7e8a6fbd2624288bc4b5b404a92b2f5c6a0fbe80c2593aa58
2cba6cf1bc41937ab7bec673d883ce40541fd9f27018c99b9345d83ceb7b6f38
30ec974e4f604f22d60412ab21ab4cddc03643ba44b68a1adf48832ef4e0475d
4c403fc26b9b547d1a430fec0f1c2fc07bcd001a5ac82867c017347f0f6e4c19
4f02bd6f018d6f08c37c39f2d114101beac342c2c065046635e5ed0c42853590
699b7d097cf9b72cd9c368900b1d7b19ceb94db0c23886fc58147c80d3152c15