instargam.kz Open in urlscan Pro
95.59.127.128 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://instargam.kz/
Effective URL:
https://instargam.kz/
Submission: On November 11 via automatic, source openphish (November 11th 2020, 1:28:01 pm UTC)

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 95.59.127.128, located in Kazakhstan and belongs to KAZTELECOM-AS, KZ. The main domain is instargam.kz.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 31st 2020. Valid for: 3 months.

This is the only time instargam.kz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 10	95.59.127.128 95.59.127.128	9198 (KAZTELECO...) (KAZTELECOM-AS)
6	2a02:6b8::173 2a02:6b8::173	13238 (YANDEX) (YANDEX)
1	2a02:6b8:20::215 2a02:6b8:20::215	13238 (YANDEX) (YANDEX)
16	3

10 95.59.127.128 (Kazakhstan) 1 redirects

ASN9198 (KAZTELECOM-AS, KZ)
PTR: 95.59.127.128.megaline.telecom.kz

instargam.kz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
test-awareness.wtotem.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:6b8::173 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)

api-maps.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8:20::215 (Russian Federation)

ASN13238 (YANDEX, RU)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	instargam.kz 1 redirects instargam.kz	101 KB
6	yandex.ru api-maps.yandex.ru	20 KB
2	wtotem.net test-awareness.wtotem.net
1	yastatic.net yastatic.net	666 KB
16	4

	Domain	Requested by
8	instargam.kz	1 redirects instargam.kz
6	api-maps.yandex.ru	instargam.kz yastatic.net
2	test-awareness.wtotem.net	instargam.kz
1	yastatic.net	api-maps.yandex.ru
16	4

This site contains links to these domains. Also see Links.

Domain
www.instagram.com

Subject Issuer	Validity	Valid
instargam.kz Let's Encrypt Authority X3	`2020-08-31` - `2020-11-29`	3 months	crt.sh
api-maps.yandex.ru Yandex CA	`2020-10-01` - `2021-03-30`	6 months	crt.sh
*.yastatic.net Yandex CA	`2020-09-29` - `2021-03-30`	6 months	crt.sh
test-awareness.wtotem.net Let's Encrypt Authority X3	`2020-09-07` - `2020-12-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://instargam.kz/
Frame ID: CABC7E91E86CB840EF986A4D330D2310
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://instargam.kz/ HTTP 301
https://instargam.kz/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

16
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

786 kB
Transfer

3233 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/accounts/emailsignup/?hl=ru
Title: Зарегистрироваться

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://instargam.kz/ HTTP 301
https://instargam.kz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
instargam.kz/
Redirect Chain

http://instargam.kz/
https://instargam.kz/

5 KB
5 KB

374ms
121ms

Document
text/html

95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: bd0b2de90e1976904fc91bc5918a3e61df61a68efc5451049c9eb8f34e3e3996

Request headers

:method: GET
:authority: instargam.kz
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: nginx/1.16.1
date: Wed, 11 Nov 2020 13:27:43 GMT
content-type: text/html
content-length: 5029
last-modified: Tue, 13 Oct 2020 08:01:59 GMT
etag: "5f855ef7-13a5"
accept-ranges: bytes

Redirect headers

Server: nginx/1.16.1
Date: Wed, 11 Nov 2020 13:27:42 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://instargam.kz/

GET
H2 200 style.css
instargam.kz/css/ 2 KB
2 KB 126ms
125ms Stylesheet
text/css 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://instargam.kz/css/style.css
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: 9586075c5538aeacfb29fead8a56b4a2147ca3f3b84d0cf46ee2f3969fa54f92

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
last-modified: Tue, 13 Oct 2020 08:01:59 GMT
server: nginx/1.16.1
etag: "5f855ef7-768"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1896

GET
H/1.1 200
OK / Show response
api-maps.yandex.ru/2.1/ 39 KB
14 KB 284ms
185ms Script
application/javascript 2a02:6b8::173
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://api-maps.yandex.ru/2.1/?apikey=d3c2e533-b2fc-4f2c-abb2-8a1b99880bf8&lang=ru_RU

Requested by

Host: instargam.kz
URL: https://instargam.kz/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:6b8::173 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx /

Resource Hash

8c20b87e11ede9b1815c153f0a921030ccb109c7725d29c052cf422e44883a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 13:27:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Server: nginx
X-qloud-router: sas2-7339e412954d.qloud-c.yandex.net
Vary: Accept-Encoding, Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
X-LIGHTTPD-LOCALE: ru_RU
Content-Disposition: attachment; filename=json.txt
Connection: keep-alive
Timing-Allow-Origin: *
Keep-Alive: timeout=120
X-XSS-Protection: 1; mode=block

GET
H2 200 images.jpg
instargam.kz/img/ 57 KB
58 KB 129ms
129ms Image
image/jpeg 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://instargam.kz/img/images.jpg
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: 90b4c564a73a057c955420d980846f028fb0c484ab37eaabc46ea8654bd3d549

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
last-modified: Tue, 13 Oct 2020 08:01:59 GMT
server: nginx/1.16.1
etag: "5f855ef7-e593"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 58771

GET
H2 200 instagram.jpg
instargam.kz/img/ 4 KB
4 KB 228ms
227ms Image
image/jpeg 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://instargam.kz/img/instagram.jpg
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: 838c3993ee89e30670b39d3056c1298051e4603c5387c6ee2d5796df85b569d3

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
last-modified: Tue, 13 Oct 2020 08:01:59 GMT
server: nginx/1.16.1
etag: "5f855ef7-e2f"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 3631

GET
H2 200 app-store.png
instargam.kz/img/ 3 KB
4 KB 229ms
227ms Image
image/png 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://instargam.kz/img/app-store.png
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: 32953df0b8cf36634903003593f451fee0923180faf7a64285b8b0bca7223b17

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
last-modified: Tue, 13 Oct 2020 08:01:59 GMT
server: nginx/1.16.1
etag: "5f855ef7-ddb"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 3547

GET
H2 200 google-play.png
instargam.kz/img/ 10 KB
11 KB 232ms
231ms Image
image/png 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://instargam.kz/img/google-play.png
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: d39c9db2f39e4e205e2bd2489261bf7ad8972907404e42a5c991f3cb357651d9

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
last-modified: Tue, 13 Oct 2020 08:01:59 GMT
server: nginx/1.16.1
etag: "5f855ef7-2994"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 10644

GET
H2 200 ua-parser.min.js Show response
instargam.kz/js/ 18 KB
18 KB 132ms
131ms Script
application/javascript 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://instargam.kz/js/ua-parser.min.js
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash: abe52f66a592550040c0d4d1544f79b0d7841637341ab1fc11a9ad30f16c83c9

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
last-modified: Tue, 20 Oct 2020 10:12:29 GMT
server: nginx/1.16.1
etag: "5f8eb80d-48a9"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 18601

GET
H2 200 full-d3f34cc99c9c0dd436b9bc268e8dd6c17d0c711a.js Show response
yastatic.net/s3/front-maps-static/front-jsapi-v2-1/2.1.77-27/build/release/ 3 MB
666 KB 100ms
32ms Script
application/javascript 2a02:6b8:20::215
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/front-maps-static/front-jsapi-v2-1/2.1.77-27/build/release/full-d3f34cc99c9c0dd436b9bc268e8dd6c17d0c711a.js

Requested by

Host: api-maps.yandex.ru
URL: https://api-maps.yandex.ru/2.1/?apikey=d3c2e533-b2fc-4f2c-abb2-8a1b99880bf8&lang=ru_RU

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c4c7d01b5d85dc271c4de5ab1ba99bd00bb22283ec5d040160d24f9ab4d4f45

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 13:27:43 GMT
content-encoding: gzip
vary: Accept-Encoding
nel: {"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
status: 200
x-nginx-request-id: 941d20f72e8f8f10
last-modified: Fri, 17 Jul 2020 14:25:25 GMT
server: nginx/1.17.9
etag: W/"93a1917fff5d14485b3e5b2e73f63b04"
strict-transport-security: max-age=43200000; includeSubDomains;
report-to: { "group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31556952
timing-allow-origin: *
expires: Thu, 11 Nov 2021 19:14:10 GMT

GET
H/1.1 200
OK grab.cur
api-maps.yandex.ru/2.1.77/build/release/images/cursor/ 326 B
780 B 73ms
72ms Image
application/octet-stream 2a02:6b8::173
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-maps.yandex.ru/2.1.77/build/release/images/cursor/grab.cur
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:6b8::173 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software: nginx /
Resource Hash: 13e327b334d10b2b24101040eecace86aaaa2eed03d282fa75a04aa3bebf69c1

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 13:27:43 GMT
Last-Modified: Fri, 17 Jul 2020 14:25:47 GMT
Server: nginx
ETag: "5f11b4eb-146"
X-qloud-router: sas2-7339e412954d.qloud-c.yandex.net
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=120
Content-Length: 326
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK grabbing.cur
api-maps.yandex.ru/2.1.77/build/release/images/cursor/ 326 B
780 B 142ms
69ms Image
application/octet-stream 2a02:6b8::173
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-maps.yandex.ru/2.1.77/build/release/images/cursor/grabbing.cur
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:6b8::173 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software: nginx /
Resource Hash: a0fb89588dc7b711c0ffddb5fa2f6852f670ef1f615985bb65b2ea446cceb79f

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 13:27:44 GMT
Last-Modified: Fri, 17 Jul 2020 14:25:47 GMT
Server: nginx
ETag: "5f11b4eb-146"
X-qloud-router: sas2-7339e412954d.qloud-c.yandex.net
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=120
Content-Length: 326
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK help.cur
api-maps.yandex.ru/2.1.77/build/release/images/cursor/ 326 B
780 B 161ms
64ms Image
application/octet-stream 2a02:6b8::173
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-maps.yandex.ru/2.1.77/build/release/images/cursor/help.cur
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:6b8::173 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software: nginx /
Resource Hash: 128811e08fc761c192794eadb0ca1ece135e0b3a8ea7d897c2f7f9fd5a37281f

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 13:27:44 GMT
Last-Modified: Fri, 17 Jul 2020 14:25:47 GMT
Server: nginx
ETag: "5f11b4eb-146"
X-qloud-router: myt2-f6a82f317f96.qloud-c.yandex.net
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=120
Content-Length: 326
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK zoom_in.cur
api-maps.yandex.ru/2.1.77/build/release/images/cursor/ 326 B
780 B 170ms
72ms Image
application/octet-stream 2a02:6b8::173
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-maps.yandex.ru/2.1.77/build/release/images/cursor/zoom_in.cur
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:6b8::173 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software: nginx /
Resource Hash: eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 13:27:44 GMT
Last-Modified: Fri, 17 Jul 2020 14:25:47 GMT
Server: nginx
ETag: "5f11b4eb-146"
X-qloud-router: sas8-88460c552a61.qloud-c.yandex.net
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=120
Content-Length: 326
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK / Show response
api-maps.yandex.ru/services/search//v2/ 22 KB
3 KB 185ms
166ms Script
text/javascript 2a02:6b8::173
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://api-maps.yandex.ru/services/search//v2/?callback=id_160510126384573899344&text=55.753215%2C37.622504&format=json&rspn=0&lang=ru_RU&token=8fa0baf3170f59d7995fff0a9b0f2e9a&type=geo&properties=addressdetails&geocoder_sco=latlong&geocoder_kind=locality&geolocation_accuracy=97834.0066291908&origin=jsapi21Geolocation&apikey=d3c2e533-b2fc-4f2c-abb2-8a1b99880bf8&spn=0.5%2C0.5

Requested by

Host: yastatic.net
URL: https://yastatic.net/s3/front-maps-static/front-jsapi-v2-1/2.1.77-27/build/release/full-d3f34cc99c9c0dd436b9bc268e8dd6c17d0c711a.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:6b8::173 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx /

Resource Hash

7fe534d91f5f7e3a2c0171580c56632448a50e44582113da8bbb3b98c15d2d17

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 13:27:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Server: nginx
ETag: W/"5691-nUuQ0UISNeioH7cjUIb8I1C2kdo"
X-qloud-router: myt6-3a8100c49af5.qloud-c.yandex.net
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=120
X-XSS-Protection: 1; mode=block

POST
H2 200 geolocation
test-awareness.wtotem.net/listener/ 0
0 299ms
299ms Fetch 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://test-awareness.wtotem.net/listener/geolocation?r_id=null
Requested by: Host: instargam.kz
URL: https://instargam.kz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash

Request headers

Referer: https://instargam.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json;charset=utf-8

Response headers

status: 200
date: Wed, 11 Nov 2020 13:27:44 GMT
server: nginx/1.16.1
access-control-allow-origin: *
content-length: 0

OPTIONS
H2 200 geolocation
test-awareness.wtotem.net/listener/ 0
0 440ms
139ms Other 95.59.127.128
KAZTELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://test-awareness.wtotem.net/listener/geolocation?r_id=null
Protocol: H2
Server: 95.59.127.128 , Kazakhstan, ASN9198 (KAZTELECOM-AS, KZ),
Reverse DNS: 95.59.127.128.megaline.telecom.kz
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://instargam.kz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
server: nginx/1.16.1
date: Wed, 11 Nov 2020 13:27:44 GMT
content-length: 0
access-control-allow-headers: Content-Type
access-control-allow-origin: *

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://instargam.kz/(Line 136) Message: [object Object]
console-api	log	URL: https://instargam.kz/(Line 125) Message: res [object Response]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-maps.yandex.ru
instargam.kz
test-awareness.wtotem.net
yastatic.net
2a02:6b8:20::215
2a02:6b8::173
95.59.127.128
0c4c7d01b5d85dc271c4de5ab1ba99bd00bb22283ec5d040160d24f9ab4d4f45
128811e08fc761c192794eadb0ca1ece135e0b3a8ea7d897c2f7f9fd5a37281f
13e327b334d10b2b24101040eecace86aaaa2eed03d282fa75a04aa3bebf69c1
32953df0b8cf36634903003593f451fee0923180faf7a64285b8b0bca7223b17
7fe534d91f5f7e3a2c0171580c56632448a50e44582113da8bbb3b98c15d2d17
838c3993ee89e30670b39d3056c1298051e4603c5387c6ee2d5796df85b569d3
8c20b87e11ede9b1815c153f0a921030ccb109c7725d29c052cf422e44883a0c
90b4c564a73a057c955420d980846f028fb0c484ab37eaabc46ea8654bd3d549
9586075c5538aeacfb29fead8a56b4a2147ca3f3b84d0cf46ee2f3969fa54f92
a0fb89588dc7b711c0ffddb5fa2f6852f670ef1f615985bb65b2ea446cceb79f
abe52f66a592550040c0d4d1544f79b0d7841637341ab1fc11a9ad30f16c83c9
bd0b2de90e1976904fc91bc5918a3e61df61a68efc5451049c9eb8f34e3e3996
d39c9db2f39e4e205e2bd2489261bf7ad8972907404e42a5c991f3cb357651d9
eb69f540be1e416b7346017da48deaf5ba2f2ee0af366c04f1e374351b651872

instargam.kz Open in urlscan Pro 95.59.127.128 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

786 kBTransfer

3233 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

instargam.kz Open in urlscan Pro
95.59.127.128 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

786 kB
Transfer

3233 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!