urlscan.io logo urlscan.io
SecurityTrails logo

instagarm.kesug.com Open in urlscan Pro
185.27.134.115  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://instagarm.kesug.com/
Effective URL: http://instagarm.kesug.com/?i=1
Submission: On July 27 via api from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 185.27.134.115, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is instagarm.kesug.com.
This is the only time instagarm.kesug.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 9 185.27.134.115 34119 (WILDCARD-...)
1 65.109.146.249 24940 (HETZNER-AS)
1 2a03:2880:f27... 32934 (FACEBOOK)
9 3
Apex Domain
Subdomains		 Transfer
9 kesug.com
instagarm.kesug.com
255 KB
1 instagram.com
www.instagram.com — Cisco Umbrella Rank: 1555
73 KB
1 cursor.cc
www.cursor.cc
31 KB
9 3
Domain Requested by
9 instagarm.kesug.com 2 redirects instagarm.kesug.com
1 www.instagram.com instagarm.kesug.com
1 www.cursor.cc instagarm.kesug.com
9 3

This site contains no links.

Subject Issuer Validity Valid
instagarm.kesug.com
GTS CA 1P5		 2024-03-19 -
2024-06-17		 3 months crt.sh
www.cursor.cc
R10		 2024-06-27 -
2024-09-25		 3 months crt.sh
*.www.instagram.com
DigiCert SHA2 High Assurance Server CA		 2024-05-05 -
2024-08-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://instagarm.kesug.com/?i=1
Frame ID: 1C41344215DF34A70E1D1B9492DFCAA3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Instagram

Page URL History Show full URLs

  1. http://instagarm.kesug.com/ HTTP 307
    https://instagarm.kesug.com/ Page URL
  2. https://instagarm.kesug.com/?i=1 HTTP 301
    http://instagarm.kesug.com/?i=1 HTTP 307
    https://instagarm.kesug.com/?i=1 HTTP 301
    http://instagarm.kesug.com/?i=1 HTTP 307
    http://instagarm.kesug.com/?i=1 Page URL

Page Statistics

9
Requests

22 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

359 kB
Transfer

366 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://instagarm.kesug.com/ HTTP 307
    https://instagarm.kesug.com/ Page URL
  2. https://instagarm.kesug.com/?i=1 HTTP 301
    http://instagarm.kesug.com/?i=1 HTTP 307
    https://instagarm.kesug.com/?i=1 HTTP 301
    http://instagarm.kesug.com/?i=1 HTTP 307
    http://instagarm.kesug.com/?i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://instagarm.kesug.com/ HTTP 307
  • https://instagarm.kesug.com/

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
instagarm.kesug.com/
Redirect Chain
  • http://instagarm.kesug.com/
  • https://instagarm.kesug.com/
831 B
694 B 		Document
General
Check archive.org
Download Go to
Full URL
https://instagarm.kesug.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
b37fb90e7761c674143e7e44f79d4beedc6763521a645b496d4a1dbe80e55383

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
br
Content-Type
text/html
Date
Sat, 27 Jul 2024 01:02:19 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Location
https://instagarm.kesug.com/
Non-Authoritative-Reason
HttpsUpgrades
aes.js
instagarm.kesug.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://instagarm.kesug.com/aes.js
Requested by
Host: instagarm.kesug.com
URL: https://instagarm.kesug.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://instagarm.kesug.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 27 Jul 2024 01:02:19 GMT
Content-Encoding
br
Last-Modified
Sun, 15 Oct 2023 16:38:37 GMT
Server
nginx
ETag
W/"652c158d-35a5"
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
keep-alive
Primary Request /
instagarm.kesug.com/
Redirect Chain
  • https://instagarm.kesug.com/?i=1
  • http://instagarm.kesug.com/?i=1
  • https://instagarm.kesug.com/?i=1
  • http://instagarm.kesug.com/?i=1
  • http://instagarm.kesug.com/?i=1
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://instagarm.kesug.com/?i=1
Requested by
Host: instagarm.kesug.com
URL: https://instagarm.kesug.com/
Protocol
HTTP/1.1
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
8b8a639c8748b90cb8008b0790d430d36d027f089a1ebd7804c605ce7dde8b8d

Request headers

Referer
https://instagarm.kesug.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Jul 2024 01:02:19 GMT
Expires
Sat, 27 Jul 2024 01:02:19 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Location
http://instagarm.kesug.com/?i=1
Non-Authoritative-Reason
HttpsUpgrades
style.css
instagarm.kesug.com/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://instagarm.kesug.com/style.css
Requested by
Host: instagarm.kesug.com
URL: http://instagarm.kesug.com/?i=1
Protocol
HTTP/1.1
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
0aa1ed822b1006aa10f749a88751781159a7956989d0030ef9fee8f3a9b88e64

Request headers

Referer
http://instagarm.kesug.com/?i=1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 27 Jul 2024 01:02:19 GMT
Last-Modified
Wed, 20 Mar 2024 05:38:59 GMT
Server
nginx
ETag
"d57-6141101ea2e60"
Content-Type
text/css
Cache-Control
max-age=2592000, public, proxy-revalidate, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3415
Expires
Mon, 26 Aug 2024 01:02:19 GMT
meta.jpeg
instagarm.kesug.com/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://instagarm.kesug.com/img/meta.jpeg
Requested by
Host: instagarm.kesug.com
URL: http://instagarm.kesug.com/?i=1
Protocol
HTTP/1.1
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
d5a8df98866b7b674c32e894a885ca85e4d71fa70de66c0969710b4cd94cf885

Request headers

Referer
http://instagarm.kesug.com/?i=1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 27 Jul 2024 01:02:19 GMT
Last-Modified
Mon, 18 Mar 2024 07:48:36 GMT
Server
nginx
ETag
"2057-613ea95c97d88"
Content-Type
image/jpeg
Cache-Control
max-age=2592000, public, proxy-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8279
Expires
Mon, 26 Aug 2024 01:02:19 GMT
main.js
instagarm.kesug.com/ 		174 B
537 B 		Script
General
Check archive.org
Download Go to
Full URL
http://instagarm.kesug.com/main.js
Requested by
Host: instagarm.kesug.com
URL: http://instagarm.kesug.com/?i=1
Protocol
HTTP/1.1
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
599f0b3b7e54be5ba5842761c4054559783a45a85084bcb62db86567559280c3

Request headers

Referer
http://instagarm.kesug.com/?i=1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 27 Jul 2024 01:02:19 GMT
Last-Modified
Mon, 18 Mar 2024 07:25:35 GMT
Server
nginx
ETag
"ae-613ea43744018"
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, proxy-revalidate, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
174
Expires
Mon, 26 Aug 2024 01:02:19 GMT
195629.png
www.cursor.cc/cursor3d/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cursor.cc/cursor3d/195629.png
Requested by
Host: instagarm.kesug.com
URL: http://instagarm.kesug.com/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.109.146.249 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
server8.onemission.com
Software
Apache/2.4.61 /
Resource Hash
7006f335caf005e7624ce9bdee0d444fbd8c0bb78ee74941dcf82d3798d52f23
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Referer
http://instagarm.kesug.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 27 Jul 2024 01:02:21 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Security-Policy
frame-ancestors 'self';
Last-Modified
Tue, 12 Sep 2023 03:20:04 GMT
Server
Apache/2.4.61
ETag
"7af6-60520eb43391c"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=100
Content-Length
31478
b20f2a3cd7e4.png
www.instagram.com/static/bundles/es6/sprite_core_b20f2a3cd7e4.png/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.instagram.com/static/bundles/es6/sprite_core_b20f2a3cd7e4.png/b20f2a3cd7e4.png
Requested by
Host: instagarm.kesug.com
URL: http://instagarm.kesug.com/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f277:1e8:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
74493159aabfeba948158a6172bb5da0ed5e66a62f7182f32330bb5fde1ac1f2

Request headers

Referer
http://instagarm.kesug.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 27 Jul 2024 01:02:21 GMT
content-encoding
br
x-fb-load
413
etag
"b20f2a3cd7e4"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
74729
insta2.png
instagarm.kesug.com/img/ 		234 KB
235 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://instagarm.kesug.com/img/insta2.png
Protocol
HTTP/1.1
Server
185.27.134.115 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
6df6ca1f4473278c25691f352d1edb82d6c78b06d79ee123d25320126ba18434

Request headers

Referer
http://instagarm.kesug.com/?i=1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 27 Jul 2024 01:02:21 GMT
Last-Modified
Mon, 18 Mar 2024 07:52:18 GMT
Server
nginx
ETag
"3a9b4-613eaa303c058"
Content-Type
image/png
Cache-Control
max-age=2592000, public, proxy-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
240052
Expires
Mon, 26 Aug 2024 01:02:21 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
instagarm.kesug.com/ Name: __test
Value: 36183f2b9dceb351a51932d07a832e04

1 Console Messages

Source Level URL
Text
recommendation verbose URL: http://instagarm.kesug.com/?i=1
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o