urlscan.io logo urlscan.io
SecurityTrails logo

instagramverificationservice.usa.cc Open in urlscan Pro
104.248.156.245  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://instagramverificationservice.usa.cc/
Effective URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJ...
Submission: On October 07 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 104.248.156.245, located in Wilmington, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is instagramverificationservice.usa.cc.
This is the only time instagramverificationservice.usa.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2 104.248.156.245 14061 (DIGITALOC...)
5 2406:da00:ff0... 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2406:da00:ff0... 14618 (AMAZON-AES)
1 2 2a03:2880:f01... 32934 (FACEBOOK)
9 6
2    104.248.156.245 (Wilmington, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
instagramverificationservice.usa.cc
5    2406:da00:ff00::22ce:6cb7 (United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
instagram.com
1    2a00:1450:4001:825::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    2406:da00:ff00::342c:68f1 (United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
instagram.com
2    2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
staticxx.facebook.com
Apex Domain
Subdomains		 Transfer
6 instagram.com
instagram.com
493 KB
2 facebook.com
staticxx.facebook.com
778 B
2 usa.cc
instagramverificationservice.usa.cc
142 KB
1 googleapis.com
ajax.googleapis.com
30 KB
9 4
Domain Requested by
6 instagram.com instagramverificationservice.usa.cc
2 staticxx.facebook.com 1 redirects instagramverificationservice.usa.cc
2 instagramverificationservice.usa.cc 1 redirects
1 ajax.googleapis.com instagramverificationservice.usa.cc
9 4

This site contains links to these domains. Also see Links.

Domain
instagram.com
play.google.com
Subject Issuer Validity Valid
*.instagram.com
DigiCert SHA2 High Assurance Server CA		 2017-10-17 -
2018-10-22		 a year crt.sh
*.googleapis.com
Google Internet Authority G3		 2018-09-18 -
2018-12-11		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh

This page contains 2 frames:

Primary Page: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Frame ID: 149433101C40E0727BE58E602BB475B3
Requests: 9 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=42
Frame ID: D5D98385117E37FFF95C6E475F914BB0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://instagramverificationservice.usa.cc/ HTTP 302
    http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoA... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

9
Requests

89 %
HTTPS

80 %
IPv6

4
Domains

4
Subdomains

6
IPs

2
Countries

664 kB
Transfer

1716 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://instagramverificationservice.usa.cc/ HTTP 302
    http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://staticxx.facebook.com/connect/xd_arbiter/r/2VRzCA39w_9.js?version=42 HTTP 302
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=42

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request SignIn
instagramverificationservice.usa.cc/
Redirect Chain
  • http://instagramverificationservice.usa.cc/
  • http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account...
141 KB
141 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
HTTP/1.1
Server
104.248.156.245 Wilmington, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
94376b78ed805e58d4629c4b82d5d119f3eb48aec530e3572c3d56e869c64dcd

Request headers

Host
instagramverificationservice.usa.cc
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
PHPSESSID=p0t8v25u1j2fdkk6ng76kplqo6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 07 Oct 2018 23:44:58 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sun, 07 Oct 2018 23:44:58 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=p0t8v25u1j2fdkk6ng76kplqo6; path=/
Location
/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
a5eb59fc0aaa.js
instagram.com/static/bundles/base/LandingPage.js/ 		221 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://instagram.com/static/bundles/base/LandingPage.js/a5eb59fc0aaa.js
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2406:da00:ff00::22ce:6cb7 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
0785d6c19debc77370599338b0ac468d5e43f39b01614156938af1f2759da9ba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Origin
http://instagramverificationservice.usa.cc

Response headers

date
Sun, 07 Oct 2018 23:44:59 GMT
content-encoding
gzip
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
status
200
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
61048
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 02 Oct 2018 06:22:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
494545
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
30399
x-xss-protection
1; mode=block
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Oct 2019 06:22:33 GMT
0b34a2e2f7c2.js
instagram.com/static/bundles/base/Vendor.js/ 		416 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://instagram.com/static/bundles/base/Vendor.js/0b34a2e2f7c2.js
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2406:da00:ff00::22ce:6cb7 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
9cdb0c8c7b2ea4c0f4ee7948c24bd89d1f9e099f01cb8cf1a2afa98acc2b9a35

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Origin
http://instagramverificationservice.usa.cc

Response headers

date
Sun, 07 Oct 2018 23:45:00 GMT
content-encoding
gzip
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
status
200
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
122739
59e9e4dce833.js
instagram.com/static/bundles/base/en_US.js/ 		79 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://instagram.com/static/bundles/base/en_US.js/59e9e4dce833.js
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2406:da00:ff00::22ce:6cb7 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
cf63cd5bba5518785c430ef5ba7ce26480af8d97e16a3d1244e71fc7390215e1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Origin
http://instagramverificationservice.usa.cc

Response headers

date
Sun, 07 Oct 2018 23:45:00 GMT
content-encoding
gzip
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
status
200
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
26386
659a2b31d799.js
instagram.com/static/bundles/base/ConsumerCommons.js/ 		523 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://instagram.com/static/bundles/base/ConsumerCommons.js/659a2b31d799.js
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2406:da00:ff00::22ce:6cb7 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
84ddd442b0c7b9c968837536b45add8a4054927460c7eef36a2b81038d17b400

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Origin
http://instagramverificationservice.usa.cc

Response headers

date
Sun, 07 Oct 2018 23:45:00 GMT
content-encoding
gzip
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
status
200
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
149222
832f5e38f9ba.js
instagram.com/static/bundles/base/Consumer.js/ 		150 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://instagram.com/static/bundles/base/Consumer.js/832f5e38f9ba.js
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2406:da00:ff00::22ce:6cb7 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
a9585dac9428e2a3e9d3ef39db9939de703e667497697cab657e0c934c355ca6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Origin
http://instagramverificationservice.usa.cc

Response headers

date
Sun, 07 Oct 2018 23:45:00 GMT
content-encoding
gzip
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
status
200
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
43259
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab56951eedd7791b33138ce04d75fffa328d87970b59a8a417089b11cc856754

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
b32d382b99a8.png
instagram.com/static/bundles/base/sprite_core.png/ 		99 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://instagram.com/static/bundles/base/sprite_core.png/b32d382b99a8.png
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2406:da00:ff00::342c:68f1 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
01162450adcbe1e531587d6f6c093a58950adb7f00b41d5fdff669095c57a3ac

Request headers

Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 07 Oct 2018 23:45:00 GMT
content-encoding
gzip
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
status
200
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
content-length
100943
xd_arbiter.php
staticxx.facebook.com/connect/ Frame D5D9
Redirect Chain
  • https://staticxx.facebook.com/connect/xd_arbiter/r/2VRzCA39w_9.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=42
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=42
Requested by
Host: instagramverificationservice.usa.cc
URL: http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=42
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://instagramverificationservice.usa.cc/SignIn?ref=checks&protocol=ssl&sessionsid=718U8WWwzTWDljrRskIpOiAZFyYuwnsEoAywxu26oYJKibBKvk9jDJjjihNPEgt2R2yowBuVzeFRphCU&path=/signin/?referrer=/account/manage

Response headers

status
200
expires
Fri, 04 Oct 2019 14:39:03 GMT
cache-control
public,max-age=31536000,immutable
x-xss-protection
0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
vary
Accept-Encoding
content-encoding
gzip
x-fb-debug
npp+vWuNJlLRJ9DaIRMQxV7XSFJHQnjjAs+TBLQv2+eI0M6xvfiMk3BdyoTj5OV0HXizQ/poejOHAXXncHUg3w==
content-length
13942
date
Sun, 07 Oct 2018 23:45:00 GMT

Redirect headers

status
302
location
https://staticxx.facebook.com/connect/xd_arbiter.php?version=42
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
x-xss-protection
0
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
content-type
text/html; charset="utf-8"
x-fb-debug
U7ydCGmH3U1HPfJCS7jrQ3cADxqX1GUNp01FoL0TEd5rOavPffkK8Uuhqidv0o/MDdNhNO+dYHPZ40JNtCwSCA==
content-length
0
date
Sun, 07 Oct 2018 23:45:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Activate1 function| v

1 Cookies

Domain/Path Name / Value
instagramverificationservice.usa.cc/ Name: PHPSESSID
Value: p0t8v25u1j2fdkk6ng76kplqo6