instagram-resets-password.gq Open in urlscan Pro
2606:4700:3031::681f:5682  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response instagram-resets-password.gq/	3 KB 2 KB	364ms 336ms	Document text/html	2606:4700:3031::681f:5682 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:5682 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.0.0 ASP.NET Resource Hash 9a0afb870802bb3344cbe4a3dd06fc877a13d00d138d4eead5d3827acf9a3cf7 Request headers :method GET :authority instagram-resets-password.gq :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:14 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d3ded81d27f2b36ad422545112d21220f1609708034; expires=Tue, 02-Feb-21 21:07:14 GMT; path=/; domain=.instagram-resets-password.gq; HttpOnly; SameSite=Lax; Secure PHPSESSID=qkalbsb36heigq7c9nfedsd7hq; path=/ cache-control no-store, no-cache, must-revalidate pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT vary Accept-Encoding x-powered-by PHP/8.0.0 ASP.NET cf-cache-status DYNAMIC cf-request-id 076bac6ff800002bf21d285000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iFpGFUiRa1GHGwZY82CWNvp%2BtBDsQhteNGQ7ui6KDjL6ihOetunj3iEGqG96PrkxCzbHj%2BzOaXlMFGZuT%2Bumi30g3GE4JVnD%2Bjyz9ZeN6VQZbPTkyY%2FsmnAmMhEk6nr1WfmtqtjVKz2c"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 60bfb02cbbb52bf2-FRA content-encoding br
GET H2	200	stayle.css instagram-resets-password.gq/css/	634 B 602 B	341ms 340ms	Stylesheet text/css	2606:4700:3031::681f:5682 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://instagram-resets-password.gq/css/stayle.css Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:5682 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash 08d009ac3263088c96485531ea800ea49139a2d7910bfe397a31318c5a7099bf Request headers Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:14 GMT content-encoding br cf-cache-status MISS last-modified Sun, 03 Jan 2021 19:34:53 GMT server cloudflare x-powered-by ASP.NET etag W/"2c742b827e2d61:0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XNEdCNv12Kl8RFLK8K25tLK4mFpDBNV7KTufoMcftqgMDnCBZD%2B38PserY4Fx5gN7MRiVXAdeB6NeheLSs%2FUr6j%2BxE82GDp6QMrbpsIqR51IcqI6rCPdOOiujjImfPs%2BjzaGxJJFt3nb"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000 nel {"report_to":"cf-nel","max_age":604800} cf-ray 60bfb02ee9422bf2-FRA cf-request-id 076bac714f00002bf2f4b07000000001
GET H2	200	css fonts.googleapis.com/	1 KB 538 B	16ms 15ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Indie+Flower|Overpass+Mono Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 1ec9395cd3bf9f1a33fb89c3a74b0db58632a399931fc76bec11836d085d35f6 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Sun, 03 Jan 2021 21:07:14 GMT server ESF date Sun, 03 Jan 2021 21:07:14 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 03 Jan 2021 21:07:14 GMT
GET H2	200	jquery-1.9.1.min.js Show response instagram-resets-password.gq/js/	90 KB 31 KB	1415ms 1414ms	Script application/javascript	2606:4700:3031::681f:5682 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://instagram-resets-password.gq/js/jquery-1.9.1.min.js Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681f:5682 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash 7933ff01db5be57ca6677daaad6bf5009d38d294ab5aa5d998de3ba47e89ca0e Request headers Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:15 GMT content-encoding br cf-cache-status MISS last-modified Sun, 03 Jan 2021 19:35:02 GMT server cloudflare x-powered-by ASP.NET etag W/"8bf8d9877e2d61:0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PEMytX3fZc9IWPFzzoInuy41uOXukHUp8sqMTBNA8jd8dyFVLTsD9CY5MZ8y070uxkJPHWrHxTaZqBPuG2FUvP7sx9meUDOGXY6mtI6D0uY6bMog3XznchxuBWYPw6dxBX51Tm1%2FlceV"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=31536000 nel {"report_to":"cf-nel","max_age":604800} cf-ray 60bfb02ee9492bf2-FRA cf-request-id 076bac714f00002bf253a7c000000001
GET H2	200	bootstrap.min.css stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/	156 KB 23 KB	11ms 9ms	Stylesheet text/css	2001:4de0:ac19::1:b:3a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software / Resource Hash 2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://instagram-resets-password.gq Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:14 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 28 Nov 2019 17:52:46 GMT etag "1574963566" vary Accept-Encoding x-cache HIT content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * content-length 23681
GET H2	200	bootstrap.min.js Show response stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/	59 KB 16 KB	11ms 10ms	Script text/javascript	2001:4de0:ac19::1:b:3a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software / Resource Hash 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://instagram-resets-password.gq Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:14 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 28 Nov 2019 17:52:52 GMT etag "1574963572" vary Accept-Encoding x-cache HIT content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * content-length 15919
GET H2	200	zqpwkLQ.png i.imgur.com/	4 KB 5 KB	482ms 40ms	Image image/png	151.101.112.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/zqpwkLQ.png Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash f6c27238f90013f0372406259eb08aef22725841e4db0d2ce4b668c4b5bbe57c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:15 GMT x-content-type-options nosniff age 1509019 x-cache MISS, HIT content-length 4398 x-served-by cache-bwi5131-BWI, cache-hhn4025-HHN last-modified Fri, 08 Sep 2017 07:37:47 GMT server cat factory 1.0 x-timer S1609708035.182704,VS0,VE1 etag "52934dad5fc77f25dd3c733bec1db620" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 0, 1
GET H2	200	aOVvJn.png i.imgyukle.com/2020/12/29/	46 KB 47 KB	162ms 68ms	Image image/png	168.119.145.176 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgyukle.com/2020/12/29/aOVvJn.png Requested by Host: instagram-resets-password.gq URL: https://instagram-resets-password.gq/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 168.119.145.176 , United States, ASN24940 (HETZNER-AS, DE), Reverse DNS static.176.145.119.168.clients.your-server.de Software nginx / PleskLin Resource Hash 67dbfd09e9dcc8df52c32390b01bbb0b51053b7338a8d8599f501be17e6d9e02 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://instagram-resets-password.gq/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 03 Jan 2021 21:07:15 GMT referrer-policy origin last-modified Tue, 29 Dec 2020 17:19:18 GMT server nginx x-powered-by PleskLin etag "5feb6516-b906" x-frame-options SAMEORIGIN content-type image/png x-xss-protection 1; mode=block x-permitted-cross-domain-policies master-only feature-policy geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none; content-security-policy frame-ancestors 'self'; accept-ranges bytes content-length 47366 x-content-type-options nosniff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| bootstrap object| jQuery191045255262302302524

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			instagram-resets-password.gq/	1969-12-31 23:59:59	Name: PHPSESSID Value: qkalbsb36heigq7c9nfedsd7hq
			.instagram-resets-password.gq/	1970-01-19 15:51:40	Name: __cfduid Value: d3ded81d27f2b36ad422545112d21220f1609708034

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
i.imgur.com
i.imgyukle.com
instagram-resets-password.gq
stackpath.bootstrapcdn.com
151.101.112.193
168.119.145.176
2001:4de0:ac19::1:b:3a
2606:4700:3031::681f:5682
2a00:1450:4001:81d::200a
08d009ac3263088c96485531ea800ea49139a2d7910bfe397a31318c5a7099bf
1ec9395cd3bf9f1a33fb89c3a74b0db58632a399931fc76bec11836d085d35f6
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
67dbfd09e9dcc8df52c32390b01bbb0b51053b7338a8d8599f501be17e6d9e02
7933ff01db5be57ca6677daaad6bf5009d38d294ab5aa5d998de3ba47e89ca0e
9a0afb870802bb3344cbe4a3dd06fc877a13d00d138d4eead5d3827acf9a3cf7
f6c27238f90013f0372406259eb08aef22725841e4db0d2ce4b668c4b5bbe57c