lnstagramlive.com - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 204.12.214.188, located in Kansas City, United States and belongs to WII, US. The main domain is lnstagramlive.com.

This is the only time lnstagramlive.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
2	204.12.214.188 204.12.214.188	32097 (WII) (WII)
1	2406:da00:ff0... 2406:da00:ff00::22cb:7c9	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:303... 2606:4700:3034::ac43:c38e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	3

2 204.12.214.188 (Kansas City, United States)

ASN32097 (WII, US)

lnstagramlive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:da00:ff00::22cb:7c9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::ac43:c38e (United States)

ASN13335 (CLOUDFLARENET, US)

resimag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	resimag.com resimag.com	14 KB
2	lnstagramlive.com lnstagramlive.com	7 KB
1	instagram.com instagram.com	14 KB
5	3

	Domain	Requested by
2	resimag.com	lnstagramlive.com
2	lnstagramlive.com	lnstagramlive.com
1	instagram.com	lnstagramlive.com
5	3

This site contains links to these domains. Also see Links.

Domain
about.instagram.com
help.instagram.com
www.instagram.com

Subject Issuer	Validity	Valid
*.instagram.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2020-08-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-07` - `2021-07-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://lnstagramlive.com/contact/43657542356/
Frame ID: A3FF13F29211E8E867DD36D59B41C500
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

60 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

35 kB
Transfer

37 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://about.instagram.com/
Title: ABOUT US

Search URL Search Domain Scan URL

URL: https://help.instagram.com/
Title: SUPPORT

Search URL Search Domain Scan URL

URL: https://about.instagram.com/blog/
Title: PRESS

Search URL Search Domain Scan URL

URL: https://www.instagram.com/developer/
Title: API

Search URL Search Domain Scan URL

URL: https://www.instagram.com/about/jobs/
Title: JOBS

Search URL Search Domain Scan URL

URL: https://www.instagram.com/legal/privacy/
Title: PRIVACY

Search URL Search Domain Scan URL

URL: https://www.instagram.com/legal/terms/
Title: TERMS

Search URL Search Domain Scan URL

URL: https://www.instagram.com/explore/locations/
Title: DIRECTORY

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response lnstagramlive.com/contact/43657542356/	5 KB 2 KB	368ms 221ms	Document text/html	204.12.214.188 WII
General Check archive.org Show headers Download Go to Full URL http://lnstagramlive.com/contact/43657542356/ Protocol HTTP/1.1 Server 204.12.214.188 Kansas City, United States, ASN32097 (WII, US), Reverse DNS Software Apache/2 / Resource Hash `8cb6545009a850569e704c9b60f1c09e9b126bc4de4040b037271d6bd5a7b23c` Request headers Host lnstagramlive.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 09 Jul 2020 17:39:32 GMT Server Apache/2 Upgrade h2,h2c Connection Upgrade, Keep-Alive Last-Modified Thu, 09 Jul 2020 08:44:19 GMT ETag "143a-5a9fe3aedbec0-gzip" Accept-Ranges bytes Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 1497 Keep-Alive timeout=2, max=100 Content-Type text/html
GET H/1.1	200 OK	xq1.png lnstagramlive.com/contact/43657542356/img/	5 KB 5 KB	123ms 119ms	Image image/png	204.12.214.188 WII
General Check archive.org Show headers Download Go to Show image Full URL http://lnstagramlive.com/contact/43657542356/img/xq1.png Requested by Host: lnstagramlive.com URL: http://lnstagramlive.com/contact/43657542356/ Protocol HTTP/1.1 Server 204.12.214.188 Kansas City, United States, ASN32097 (WII, US), Reverse DNS Software Apache/2 / Resource Hash `c8c0e72d2cce08c6c8865bfa1b4623b975f55cc919fc85b5a5580bc08a9658e5` Request headers Referer http://lnstagramlive.com/contact/43657542356/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 09 Jul 2020 17:39:32 GMT Last-Modified Thu, 09 Jul 2020 08:45:14 GMT Server Apache/2 ETag "1228-5a9fe3e34fa80" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 4648
GET H2	200	9fc4bab7565b.png instagram.com/static/images/ico/xxxhdpi_launcher.png/	14 KB 14 KB	424ms 211ms	Image image/png	2406:da00:ff00::22cb:7c9 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://instagram.com/static/images/ico/xxxhdpi_launcher.png/9fc4bab7565b.png Requested by Host: lnstagramlive.com URL: http://lnstagramlive.com/contact/43657542356/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2406:da00:ff00::22cb:7c9 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash `513bc757c30ee167e2f2a8c0792b16627800d85a33d4657b520cf255ba1a6e00` Request headers Referer http://lnstagramlive.com/contact/43657542356/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 09 Jul 2020 17:39:33 GMT content-encoding br status 200 etag "9fc4bab7565b" vary Accept-Encoding content-type image/png access-control-allow-origin * edge-control max-age=1209600, no-transform cache-control public,max-age=31536000,immutable alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 14131
GET H2	200	b6a0e4390db.png resimag.com/p1/	4 KB 4 KB	92ms 67ms	Image image/png	2606:4700:3034::ac43:c38e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://resimag.com/p1/b6a0e4390db.png Requested by Host: lnstagramlive.com URL: http://lnstagramlive.com/contact/43657542356/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:c38e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e` Request headers Referer http://lnstagramlive.com/contact/43657542356/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 09 Jul 2020 17:39:32 GMT cf-cache-status BYPASS server cloudflare x-powered-by PleskLin expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=0, no-cache, no-store, must-revalidate accept-ranges bytes cf-ray 5b03d3323f8b2488-FRA content-length 3754 cf-request-id 03d64253610000248865006200000001 expires Mon, 10 Apr 1972 00:00:00 GMT
GET H2	200	45ce843a3fd.png resimag.com/p1/	10 KB 10 KB	107ms 84ms	Image image/png	2606:4700:3034::ac43:c38e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://resimag.com/p1/45ce843a3fd.png Requested by Host: lnstagramlive.com URL: http://lnstagramlive.com/contact/43657542356/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:c38e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `583714033cab0d76045a8d4bbfb2326983f40d5c2cfa239e9527da9617686e6b` Request headers Referer http://lnstagramlive.com/contact/43657542356/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 09 Jul 2020 17:39:32 GMT cf-cache-status BYPASS server cloudflare x-powered-by PleskLin expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=0, no-cache, no-store, must-revalidate accept-ranges bytes cf-ray 5b03d3323f8e2488-FRA content-length 10071 cf-request-id 03d64253610000248865007200000001 expires Mon, 10 Apr 1972 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

instagram.com
lnstagramlive.com
resimag.com
204.12.214.188
2406:da00:ff00::22cb:7c9
2606:4700:3034::ac43:c38e
14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e
513bc757c30ee167e2f2a8c0792b16627800d85a33d4657b520cf255ba1a6e00
583714033cab0d76045a8d4bbfb2326983f40d5c2cfa239e9527da9617686e6b
8cb6545009a850569e704c9b60f1c09e9b126bc4de4040b037271d6bd5a7b23c
c8c0e72d2cce08c6c8865bfa1b4623b975f55cc919fc85b5a5580bc08a9658e5

lnstagramlive.com Open in urlscan Pro 204.12.214.188 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

60 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

35 kBTransfer

37 kBSize

0 Cookies

8 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

lnstagramlive.com Open in urlscan Pro
204.12.214.188 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

60 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

35 kB
Transfer

37 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!