urlscan.io logo urlscan.io
SecurityTrails logo

copyright.infringement-ig.cf Open in urlscan Pro
2606:4700:30::681b:9168  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://tinyurl.com/y28lv52k
Effective URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Submission: On July 28 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 8 HTTP transactions. The main IP is 2606:4700:30::681b:9168, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is copyright.infringement-ig.cf.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on July 11th 2019. Valid for: a year.
This is the only time copyright.infringement-ig.cf was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 68.183.240.60 14061 (DIGITALOC...)
2 2a03:2880:f20... 32934 (FACEBOOK)
1 2406:da00:ff0... 14618 (AMAZON-AES)
8 6
1    2606:4700:10::6814:db2a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tinyurl.com
1    2606:4700:30::681b:9168 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
copyright.infringement-ig.cf
1    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
2    68.183.240.60 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
newbigdata.science
2    2a03:2880:f203:c4:face:b00c:0:43fe (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
scontent-iad3-1.cdninstagram.com
1    2406:da00:ff00::22e0:99cd (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
instagram.com
Domain Requested by
2 scontent-iad3-1.cdninstagram.com copyright.infringement-ig.cf
2 newbigdata.science copyright.infringement-ig.cf
1 instagram.com copyright.infringement-ig.cf
1 ajax.googleapis.com copyright.infringement-ig.cf
1 copyright.infringement-ig.cf
1 tinyurl.com 1 redirects
8 6

This site contains links to these domains. Also see Links.

Domain
instagram-copyrighthelp.cf
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-07-11 -
2020-07-10		 a year crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-07-02 -
2019-09-24		 3 months crt.sh
watchtheball.co.za
Let's Encrypt Authority X3		 2019-07-27 -
2019-10-25		 3 months crt.sh
*.instagram.com
DigiCert SHA2 High Assurance Server CA		 2019-05-27 -
2019-08-25		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Frame ID: 8F0846EAB050140537E2AEE547C27B30
Requests: 6 HTTP requests in this frame

Frame: https://newbigdata.science/connect/xd_arbiter/r/qMnGlIs-JNW.js?version=42&__cpo=aHR0cHM6Ly9zdGF0aWN4eC5mYWNlYm9vay5jb20
Frame ID: 39D5125895CE14BA7D8F16207C040534
Requests: 1 HTTP requests in this frame

Frame: https://newbigdata.science/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FqMnGlIs-JNW.js%3Fversion%3D42%23cb%3Df1f19c0950ec264%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff59a022dfc20ec%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2&__cpo=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29t
Frame ID: 39984842DEC85638BAE1C513FECDFF7E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://tinyurl.com/y28lv52k HTTP 301
    https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

8
Requests

63 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

239 kB
Transfer

428 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tinyurl.com/y28lv52k HTTP 301
    https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
copyright.infringement-ig.cf/help/contact/copyrightedusers/
Redirect Chain
  • http://tinyurl.com/y28lv52k
  • https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
172 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:9168 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/7.3.6
Resource Hash
f036e22b60d5d11f045f78beaca026cb268d1b69eea09322c2bf57166e0a4763

Request headers

:method
GET
:authority
copyright.infringement-ig.cf
:scheme
https
:path
/help/contact/copyrightedusers/?nick=golos_ameriki
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

status
200
date
Sun, 28 Jul 2019 07:48:57 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d5f0f386558a3630620682630adb76ad11564300136; expires=Mon, 27-Jul-20 07:48:56 GMT; path=/; domain=.infringement-ig.cf; HttpOnly; Secure
x-powered-by
PHP/7.3.6
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4fd540ea7e4f9704-FRA
content-encoding
br

Redirect headers

Date
Sun, 28 Jul 2019 07:48:56 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d5c9482ff8edd561ccb7bc963114569c21564300135; expires=Mon, 27-Jul-20 07:48:55 GMT; path=/; domain=.tinyurl.com; HttpOnly XSRF-TOKEN=eyJpdiI6Ik1QY0lDMTRGZ1FFK0xOMDFScDYwbHc9PSIsInZhbHVlIjoiQURDY1dJOFR5dEN0WVF4NFJQVFQ1S3RKdEJ2dlB2RFVzU0pXVTdQV3hxcmdicVUrZGQ5aTk3YnZoNWtDZ05PUiIsIm1hYyI6IjI1ZDU1ZWJmZGE4ZWI4Y2NiMjI0NzllMDkyYmEwODE3NzE4ODYwZmI5MDUxNmVjMjY5YTJhOTFlNjE3MmVhOGQifQ%3D%3D; expires=Sun, 28-Jul-2019 09:48:55 GMT; Max-Age=7200; path=/ tinyurl_session=eyJpdiI6Ik9oRWhuTTRYSllvSkVZbWpOWnFveGc9PSIsInZhbHVlIjoiODNcL2JQZmsrTWZaaVpSbDBSa21weTF6bCtUY0tZUmZaYkU2VWJvSFNCdktabThIUkU4TVVoVm5sMlVuY2NKNXciLCJtYWMiOiIzZjFmZmRlNjMxMDk5MTIzZGRkMDllNDc5MTkyYzQ1ODg0Mjg3YmU3MjE0ZmZlMGVhNzBiNTYxNzI4OTBmNGJhIn0%3D; expires=Sun, 28-Jul-2019 09:48:55 GMT; Max-Age=7200; path=/; httponly tinyUUID=d3d536cdedbf000000000000; expires=Fri, 26-Jul-2024 07:48:55 GMT; Max-Age=157680000; path=/; domain=.tinyurl.com
Location
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Cache-Control
max-age=0, no-cache, private
Server
cloudflare
CF-RAY
4fd540e7fbbb980e-FRA
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: copyright.infringement-ig.cf
URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date
Tue, 09 Jul 2019 02:16:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1661545
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
30399
x-xss-protection
0
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jul 2020 02:16:32 GMT
__cpa.cp.js
newbigdata.science/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://newbigdata.science/__cpa.cp.js?dummy=bb38f5627f85538afdae92980142c88c&__cpo=1
Requested by
Host: copyright.infringement-ig.cf
URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
68.183.240.60 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers
44470665_1949622688426119_7438251824680796160_n.jpg
scontent-iad3-1.cdninstagram.com/vp/bb4cf2bfa42dfa6746fde3741eea26e0/5DCE804A/t51.2885-19/s150x150/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent-iad3-1.cdninstagram.com/vp/bb4cf2bfa42dfa6746fde3741eea26e0/5DCE804A/t51.2885-19/s150x150/44470665_1949622688426119_7438251824680796160_n.jpg?_nc_ht=scontent-iad3-1.cdninstagram.com
Requested by
Host: copyright.infringement-ig.cf
URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f203:c4:face:b00c:0:43fe , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
eabbe8a1f038f5ae66c4ef64277f9f2ced39e050ded6bba069cd5154b7b81435

Request headers

Referer
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-haystack-needlechecksum
3447739703
date
Sun, 28 Jul 2019 07:48:57 GMT
x-fb-trip-id
1679558926
last-modified
Tue, 20 Nov 2018 21:10:18 GMT
access-control-allow-origin
*
x-enc-origin-req-handler
AcJtlcrRs7PlMi3givg9mtER52EigYcFTgqlu67Go3_QF4cd-J-KoSz2sYV37V5gdW42tUtvctvf4UOFcg
content-type
image/jpeg
status
200
cache-control
max-age=1209600, no-transform
x-needle-checksum
3694640982
x-fb-config-version-olb-prod
524
timing-allow-origin
*
content-length
4582
66815123_2464464667159394_2529191506423529016_n.jpg
scontent-iad3-1.cdninstagram.com/vp/f08d7e58986cf3ceefdcb48469672fbc/5D3FCE4D/t51.2885-15/e15/c0.280.720.720a/s640x640/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent-iad3-1.cdninstagram.com/vp/f08d7e58986cf3ceefdcb48469672fbc/5D3FCE4D/t51.2885-15/e15/c0.280.720.720a/s640x640/66815123_2464464667159394_2529191506423529016_n.jpg?_nc_ht=scontent-iad3-1.cdninstagram.com
Requested by
Host: copyright.infringement-ig.cf
URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f203:c4:face:b00c:0:43fe , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
eb3c32d33c2d5cdfccd488a37d7557f1df955f8f51cba8c5c1d457d8c8d57559

Request headers

Referer
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-haystack-needlechecksum
2816386015
date
Sun, 28 Jul 2019 07:48:57 GMT
x-fb-trip-id
1679558926
last-modified
Fri, 26 Jul 2019 18:23:50 GMT
access-control-allow-origin
*
x-enc-origin-req-handler
AcLed4vt2ECyO9FHiFEUWdyNdZgMPtN7SsNr65fVP_HxponVVoECzQLM1i05E5Xt5J90eAM5YlLl3nnZKQ
content-type
image/jpeg
status
200
cache-control
max-age=1209600, no-transform
x-needle-checksum
487200974
x-fb-config-version-olb-prod
524
timing-allow-origin
*
content-length
39053
qMnGlIs-JNW.js
newbigdata.science/connect/xd_arbiter/r/ Frame 39D5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://newbigdata.science/connect/xd_arbiter/r/qMnGlIs-JNW.js?version=42&__cpo=aHR0cHM6Ly9zdGF0aWN4eC5mYWNlYm9vay5jb20
Requested by
Host: copyright.infringement-ig.cf
URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
68.183.240.60 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Host
newbigdata.science
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki

Response headers

Cache-Control
no-cache
Connection
close
Content-Type
text/html
ping
newbigdata.science/connect/ Frame 3998 		0
0
2115b50d229d.png
instagram.com/static/bundles/base/sprite_core.png/ 		128 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://instagram.com/static/bundles/base/sprite_core.png/2115b50d229d.png
Requested by
Host: copyright.infringement-ig.cf
URL: https://copyright.infringement-ig.cf/help/contact/copyrightedusers/?nick=golos_ameriki
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2406:da00:ff00::22e0:99cd Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
405e90473f7ac27061af0027ea856fe80c6f71310edb768f23f774c4088eb8c8

Request headers

Referer
https://instagram.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date
Sun, 28 Jul 2019 07:49:01 GMT
content-encoding
br
access-control-allow-origin
*
etag
"2115b50d229d"
vary
Accept-Encoding
content-type
image/png
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
130927

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
newbigdata.science
URL
https://newbigdata.science/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FqMnGlIs-JNW.js%3Fversion%3D42%23cb%3Df1f19c0950ec264%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff59a022dfc20ec%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2&__cpo=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29t

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery

0 Cookies