urlscan.io logo urlscan.io
SecurityTrails logo

school3.net Open in urlscan Pro
91.200.40.27  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://school3.net/instagram.php
Submission: On December 10 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 91.200.40.27, located in Ukraine and belongs to HVOSTING-AS, UA. The main domain is school3.net.
This is the only time school3.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 91.200.40.27 43773 (HVOSTING-AS)
6 2a03:2880:f21... 32934 (FACEBOOK)
1 4 2a03:2880:f01... 32934 (FACEBOOK)
10 3
Apex Domain
Subdomains		 Transfer
6 instagram.com
www.instagram.com
354 KB
2 facebook.com
staticxx.facebook.com
586 B
2 facebook.net
connect.facebook.net
60 KB
1 school3.net
school3.net
41 KB
10 4
Domain Requested by
6 www.instagram.com school3.net
2 staticxx.facebook.com 1 redirects school3.net
2 connect.facebook.net school3.net
connect.facebook.net
1 school3.net
10 4
Subject Issuer Validity Valid
*.www.instagram.com
DigiCert SHA2 High Assurance Server CA		 2019-11-23 -
2020-02-21		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-11-06 -
2020-02-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://school3.net/instagram.php
Frame ID: ED5334B4B697B3BAA94A548C3AFF9D78
Requests: 9 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Frame ID: D1044BF1D70ABEF29B6BB91CBBFE38AE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Page Statistics

10
Requests

90 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

455 kB
Transfer

1660 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://connect.facebook.net/en_US/sdk.js HTTP 307
  • https://connect.facebook.net/en_US/sdk.js
Request Chain 7
  • https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42 HTTP 302
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=44

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request instagram.php
school3.net/ 		183 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://school3.net/instagram.php
Protocol
HTTP/1.1
Server
91.200.40.27 , Ukraine, ASN43773 (HVOSTING-AS, UA),
Reverse DNS
h27.hvosting.ua
Software
nginx/1.2.1 / PHP/5.2.17
Resource Hash
755ce9806c847a88c4c328e6aa5ff38e9aaff0995df7386652e701fc33166139

Request headers

Host
school3.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.2.1
Date
Tue, 10 Dec 2019 17:39:49 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/5.2.17
Vary
Accept-Encoding
Content-Encoding
gzip
37dfc9bff206.js
www.instagram.com/static/bundles/base/LandingPage.js/ 		578 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/static/bundles/base/LandingPage.js/37dfc9bff206.js
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
e4d3867e5ede3a661152d85f0f3d26c71fe812cf8822abbb714ed4a59fd90c1b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://school3.net/instagram.php
Origin
http://school3.net

Response headers

date
Tue, 10 Dec 2019 17:05:16 GMT
x-fb-trip-id
1679558926
access-control-allow-origin
*
etag
"37dfc9bff206"
vary
Accept-Encoding
content-type
text/javascript
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-encoding
br
content-length
117842
sdk.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/sdk.js
  • https://connect.facebook.net/en_US/sdk.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
8dba13ad7c244e96ebef7b949def16dfbee89b581108069790835de932d59adc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://school3.net/instagram.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
Qcs3qwUi23NzJR52icquKg==
status
200
date
Tue, 10 Dec 2019 17:39:51 GMT
expires
Tue, 10 Dec 2019 17:50:57 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
1780
x-fb-debug
Xc5MxM+Zri6CObyX35fpA95lJuRWiEhNKgt4hsxUUHuj2Dm63t/pwVqzSWjG+xK1Cz9ZVFf6xQMkWN5ZzJN51g==
x-fb-trip-id
975780461
x-fb-content-md5
d373558040d717b458240ae4851f335e
etag
"b2d08e1561c1dc71561ff0911ebeb071"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5

Redirect headers

Location
https://connect.facebook.net/en_US/sdk.js
Non-Authoritative-Reason
HSTS
sdk.js
connect.facebook.net/en_US/ 		194 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=318196a7f5851cd8055eac6da0d36f14&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6fcf4c3d6c3d6f1900858ac6c9e70024d329e65b3586a17e070b26aeb5c53bbe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://school3.net/instagram.php
Origin
http://school3.net

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
U4vM8UhjgIfYm7rB3UvA2w==
status
200
date
Tue, 10 Dec 2019 17:39:51 GMT
expires
Wed, 09 Dec 2020 16:27:12 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
59318
x-fb-debug
O6C4x5F3iG+zFCBZrCrtZl/Wl+dE6zBPmeskZm4JWid1864CouzuqqK7mqJ7FtCTIF/1DB2iW9WydBLs7URWog==
x-fb-trip-id
975780461
x-fb-content-md5
8cf4734d39864b66c775872ef30024d5
etag
"c94bc48a19cbe06dbfa856996495fbd5"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
a7a7800cd70f.js
www.instagram.com/static/bundles/base/LoginAndSignupPage.js/ 		575 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/static/bundles/base/LoginAndSignupPage.js/a7a7800cd70f.js
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
b721e0f83c79e1a15c8fd80144b455387179c9d24ddb8a9e0f79c0598ec7368e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://school3.net/instagram.php
Origin
http://school3.net

Response headers

date
Tue, 10 Dec 2019 17:05:16 GMT
x-fb-trip-id
1679558926
access-control-allow-origin
*
etag
"a7a7800cd70f"
vary
Accept-Encoding
content-type
text/javascript
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-encoding
br
content-length
117233
bfba6d0fd6bd.png
www.instagram.com/static/images/appstore-install-badges/badge_ios_russian-ru.png/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.instagram.com/static/images/appstore-install-badges/badge_ios_russian-ru.png/bfba6d0fd6bd.png
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
32953df0b8cf36634903003593f451fee0923180faf7a64285b8b0bca7223b17

Request headers

Referer
http://school3.net/instagram.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 07 Dec 2019 19:26:12 GMT
x-fb-trip-id
1679558926
access-control-allow-origin
*
etag
"bfba6d0fd6bd"
vary
Accept-Encoding
content-type
image/png
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-encoding
br
content-length
3311
4c70948c09f3.png
www.instagram.com/static/images/appstore-install-badges/badge_android_russian-ru.png/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.instagram.com/static/images/appstore-install-badges/badge_android_russian-ru.png/4c70948c09f3.png
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d39c9db2f39e4e205e2bd2489261bf7ad8972907404e42a5c991f3cb357651d9

Request headers

Referer
http://school3.net/instagram.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 09 Dec 2019 07:44:06 GMT
x-fb-trip-id
1679558926
access-control-allow-origin
*
etag
"4c70948c09f3"
vary
Accept-Encoding
content-type
image/png
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-encoding
br
content-length
10406
5015b6cf7a69.png
www.instagram.com/static/images/appstore-install-badges/badge_microsoft_russian-ru.png/ 		22 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.instagram.com/static/images/appstore-install-badges/badge_microsoft_russian-ru.png/5015b6cf7a69.png
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
cbfb7d70c4241470b129ef9e6f137863cb9b7fa59e0263cdffafb51850348dcc

Request headers

Referer
http://school3.net/instagram.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 10 Dec 2019 17:05:14 GMT
x-fb-trip-id
1679558926
access-control-allow-origin
*
etag
"5015b6cf7a69"
vary
Accept-Encoding
content-type
image/png
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-encoding
br
content-length
19512
xd_arbiter.php
staticxx.facebook.com/connect/ Frame D104
Redirect Chain
  • https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=44
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
http://school3.net/instagram.php
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://school3.net/instagram.php

Response headers

status
200
content-encoding
br
content-type
text/html; charset=utf-8
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
expires
Tue, 08 Dec 2020 21:49:54 GMT
cache-control
public,max-age=31536000,immutable
x-fb-debug
kZ/GuRJdqGvDu3ofckQauUDzPV3ezdPlHPAOp1/+2MPToPHDHJNq9nPZowWagnJfQp/F3mm81BkxVBFFTUpwjA==
content-length
12348
x-fb-trip-id
975780461
date
Tue, 10 Dec 2019 17:39:51 GMT
alt-svc
h3-24=":443"; ma=3600

Redirect headers

status
302
location
https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
x-xss-protection
0
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
AwDmBF+Nx6O3IUD2hKmzW7rRxQteuGGzbB3He9P1KUE2iOR8Se/l8X0OVE+FDJaCmQ7HF4BK6bXWZNmXcCstWQ==
content-length
0
x-fb-trip-id
975780461
date
Tue, 10 Dec 2019 17:39:51 GMT
alt-svc
h3-24=":443"; ma=3600
3243a2788e25.png
www.instagram.com/static/bundles/base/sprite_core.png/ 		92 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.instagram.com/static/bundles/base/sprite_core.png/3243a2788e25.png
Requested by
Host: school3.net
URL: http://school3.net/instagram.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d884c43eb0a4907411f709280f050f6e565056eb9c0a9a9610cfc5876159bb4e

Request headers

Referer
http://school3.net/instagram.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 10 Dec 2019 03:03:19 GMT
x-fb-trip-id
1679558926
access-control-allow-origin
*
etag
"3243a2788e25"
vary
Accept-Encoding
content-type
image/png
status
200
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-encoding
br
content-length
93558

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| FB object| perfMetrics object| __bufferedPerformance object| __bufferedErrors object| __initialData function| __initialDataLoaded function| __initialDataError object| __additionalData function| __pendingAdditionalData function| __additionalDataLoaded function| __additionalDataError

0 Cookies