instagramcontract.ml Open in urlscan Pro
2606:4700:30::681f:5b2d  Malicious Activity! Public Scan

URL: https://instagramcontract.ml/
Submission: On August 08 via automatic, source certstream-suspicious

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 24 HTTP transactions. The main IP is 2606:4700:30::681f:5b2d, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is instagramcontract.ml.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 8th 2019. Valid for: a year.
This is the only time instagramcontract.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
11 2606:4700:30:... 13335 (CLOUDFLAR...)
3 2a03:2880:f01... 32934 (FACEBOOK)
4 185.27.134.19 34119 (WILDCARD-...)
2 104.20.3.47 13335 (CLOUDFLAR...)
2 2a03:2880:f11... 32934 (FACEBOOK)
24 6
Domain Requested by
11 instagramcontract.ml instagramcontract.ml
4 404tutorial.com instagramcontract.ml
3 connect.facebook.net instagramcontract.ml
connect.facebook.net
2 www.facebook.com instagramcontract.ml
1 c.statcounter.com instagramcontract.ml
1 secure.statcounter.com instagramcontract.ml
24 6
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-08-08 -
2020-08-07
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-06-06 -
2019-09-04
3 months crt.sh

1970-01-01 -
1970-01-01
a few seconds crt.sh
*.statcounter.com
Go Daddy Secure Certificate Authority - G2
2018-11-18 -
2020-01-17
a year crt.sh

This page contains 2 frames:

Primary Page: https://instagramcontract.ml/
Frame ID: EC9D46E6F0D7CE9C94CCB7B6098443B3
Requests: 15 HTTP requests in this frame

Frame: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Frame ID: 67B8CF90347DE355FD47801733079A5C
Requests: 10 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Page Statistics

24
Requests

75 %
HTTPS

60 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

272 kB
Transfer

677 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
instagramcontract.ml/
110 KB
26 KB
Document
General
Full URL
https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
df488d9b1cf0172e7025ac2fa987f87ec88cc9ef090c4dab9c31976a16cd82ae

Request headers

:method
GET
:authority
instagramcontract.ml
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Thu, 08 Aug 2019 18:25:23 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfad1084b0f91211c44d9a580f08962391565288722; expires=Fri, 07-Aug-20 18:25:22 GMT; path=/; domain=.instagramcontract.ml; HttpOnly
vary
Accept-Encoding
cache-control
max-age=0
expires
Thu, 08 Aug 2019 18:25:38 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
50338854ecb36359-FRA
content-encoding
br
1425767024389221
instagramcontract.ml/files/
0
0
Script
General
Full URL
https://instagramcontract.ml/files/1425767024389221
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
content-encoding
br
last-modified
Sun, 16 Sep 2018 19:14:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
max-age=5, public, proxy-revalidate, public, proxy-revalidate
cf-ray
50338858b8c56359-FRA
fbevents.js
instagramcontract.ml/files/
0
0
Script
General
Full URL
https://instagramcontract.ml/files/fbevents.js
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 16 Sep 2018 19:14:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
public, max-age=14400
cf-ray
50338858b8c66359-FRA
expires
Thu, 08 Aug 2019 22:25:23 GMT
sdk.js
instagramcontract.ml/files/
0
0
Script
General
Full URL
https://instagramcontract.ml/files/sdk.js
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 16 Sep 2018 19:14:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
public, max-age=14400
cf-ray
50338858b8c76359-FRA
expires
Thu, 08 Aug 2019 22:25:23 GMT
aafd8c6b005d.jpg
instagramcontract.ml/accounts/login/files/
53 KB
53 KB
Image
General
Full URL
https://instagramcontract.ml/accounts/login/files/aafd8c6b005d.jpg
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
68c719b7e4f3e3a466b233fe9ccabf0e57c0b7539818c395ca1d2d50b3365961

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
cf-cache-status
MISS
last-modified
Thu, 08 Aug 2019 18:00:47 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5033885919166359-FRA
content-length
54212
expires
Sat, 07 Sep 2019 18:25:23 GMT
logo.png
instagramcontract.ml/accounts/login/logo/
5 KB
5 KB
Image
General
Full URL
https://instagramcontract.ml/accounts/login/logo/logo.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
14e874e255fbe26501740f41352625abdf09cec30d86c052b40070f276c63929

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
cf-cache-status
MISS
last-modified
Thu, 08 Aug 2019 18:00:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5033885929266359-FRA
content-length
4754
expires
Sat, 07 Sep 2019 18:25:23 GMT
iosdw.png
instagramcontract.ml/accounts/login/files/
4 KB
4 KB
Image
General
Full URL
https://instagramcontract.ml/accounts/login/files/iosdw.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
cf-cache-status
MISS
last-modified
Thu, 08 Aug 2019 18:00:48 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5033885929276359-FRA
content-length
3754
expires
Sat, 07 Sep 2019 18:25:23 GMT
gpdw.png
instagramcontract.ml/accounts/login/files/
10 KB
10 KB
Image
General
Full URL
https://instagramcontract.ml/accounts/login/files/gpdw.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
583714033cab0d76045a8d4bbfb2326983f40d5c2cfa239e9527da9617686e6b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
cf-cache-status
MISS
last-modified
Thu, 08 Aug 2019 18:00:47 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5033885929296359-FRA
content-length
10071
expires
Sat, 07 Sep 2019 18:25:23 GMT
38825c9d5aa2.png
instagramcontract.ml/static/images/homepage/home-phones.png/
12 KB
12 KB
Image
General
Full URL
https://instagramcontract.ml/static/images/homepage/home-phones.png/38825c9d5aa2.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d2fe9c96779a3b94d0fdec6f2d529b6c0d026fa9efe0e19713567ab1eee629f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 16 Sep 2018 19:14:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
public, max-age=14400
cf-ray
5033885929356359-FRA
expires
Thu, 08 Aug 2019 22:25:23 GMT
4e648d.png
instagramcontract.ml/static/sprites/core/
12 KB
12 KB
Image
General
Full URL
https://instagramcontract.ml/static/sprites/core/4e648d.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d2fe9c96779a3b94d0fdec6f2d529b6c0d026fa9efe0e19713567ab1eee629f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 16 Sep 2018 19:14:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
public, max-age=14400
cf-ray
5033885929366359-FRA
expires
Thu, 08 Aug 2019 22:25:23 GMT
fbevents.js
connect.facebook.net/en_US/
85 KB
22 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c7ffb5c7a2fcc93bf5553df1f27de7c5b2dbd4affcb74fd0bef82371e4e22caa
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
22680
x-xss-protection
0
pragma
public
x-fb-debug
KTgofAa2wEq/nPzW0X78bBB+wNSoKYXGbkpdXGvegsdd6ut4c/4/mXA8kRzhJ8+6c3BnBnCjIQMyWTmgmpxiDQ==
x-fb-trip-id
1970646000
x-frame-options
DENY
date
Thu, 08 Aug 2019 18:25:23 GMT
vary
Origin, Accept-Encoding
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
XBwzv5Yrm_1.html
instagramcontract.ml/files/ Frame 67B8
12 KB
3 KB
Document
General
Full URL
https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:5b2d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d2fe9c96779a3b94d0fdec6f2d529b6c0d026fa9efe0e19713567ab1eee629f

Request headers

:method
GET
:authority
instagramcontract.ml
:scheme
https
:path
/files/XBwzv5Yrm_1.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
referer
https://instagramcontract.ml/
accept-encoding
gzip, deflate, br
cookie
__cfduid=dfad1084b0f91211c44d9a580f08962391565288722
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://instagramcontract.ml/

Response headers

status
404
date
Thu, 08 Aug 2019 18:25:23 GMT
content-type
text/html
vary
Accept-Encoding
last-modified
Sun, 16 Sep 2018 19:14:37 GMT
cache-control
max-age=5, public, proxy-revalidate, public, proxy-revalidate
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
50338859394d6359-FRA
content-encoding
br
1425767024389221
connect.facebook.net/signals/config/
301 KB
72 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1425767024389221?v=2.9.2&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
191560ea3bcea8ef393a863dbac8e703f176805e514de66c4ce0bd48dc21dcaf
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-xss-protection
0
pragma
public
x-fb-debug
t6KX7MljMXJ05Itx6YTjcCaKMcvmUKTniYJV3rTrtsVu5EUGeacHxhVYafMJdQI1HQBCVSfxDZbr9OPVKfaybw==
x-fb-trip-id
1970646000
x-frame-options
DENY
date
Thu, 08 Aug 2019 18:25:23 GMT
vary
Origin, Accept-Encoding
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
kb.png
404tutorial.com/ Frame 67B8
12 KB
12 KB
Image
General
Full URL
http://404tutorial.com/kb.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Protocol
HTTP/1.1
Security
, ,
Server
185.27.134.19 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
1913427185.ifastnet.org
Software
nginx/1.0.15 /
Resource Hash
5b3c2e273856010009608c3810f94a40331b91dd916f84e32fdbe5aace87d873

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 08 Aug 2019 18:25:46 GMT
Last-Modified
Mon, 09 Aug 2010 17:00:42 GMT
Server
nginx/1.0.15
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12047
Content-Type
image/png
search.png
404tutorial.com/ Frame 67B8
13 KB
13 KB
Image
General
Full URL
http://404tutorial.com/search.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Protocol
HTTP/1.1
Security
, ,
Server
185.27.134.19 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
1913427185.ifastnet.org
Software
nginx/1.0.15 /
Resource Hash
2650f9a070fae914f0230bfd950cbf7b56682008f1f3aff3ed0c8b105c128746

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 08 Aug 2019 18:25:46 GMT
Last-Modified
Sat, 22 Mar 2014 11:23:59 GMT
Server
nginx/1.0.15
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13413
Content-Type
image/png
premium.png
404tutorial.com/ Frame 67B8
13 KB
13 KB
Image
General
Full URL
http://404tutorial.com/premium.png
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Protocol
HTTP/1.1
Security
, ,
Server
185.27.134.19 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
1913427185.ifastnet.org
Software
nginx/1.0.15 /
Resource Hash
90c91ea6f17630bd6eb96a8cbe723c2f2934aa7105e33acffc5313099861b6fd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 08 Aug 2019 18:25:46 GMT
Last-Modified
Sat, 22 Mar 2014 11:29:40 GMT
Server
nginx/1.0.15
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13020
Content-Type
image/png
cpanel_whm1.gif
404tutorial.com/ Frame 67B8
4 KB
4 KB
Image
General
Full URL
http://404tutorial.com/cpanel_whm1.gif
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Protocol
HTTP/1.1
Security
, ,
Server
185.27.134.19 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
1913427185.ifastnet.org
Software
nginx/1.0.15 /
Resource Hash
339d420b3f7e7d56a573e1709770d6db8b3d75d211d6f00d0f7e3324d118bb80

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 08 Aug 2019 18:25:46 GMT
Last-Modified
Wed, 30 Mar 2011 09:16:49 GMT
Server
nginx/1.0.15
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4069
Content-Type
image/gif
2.css
404tutorial.com/ Frame 67B8
0
0

1.css
404tutorial.com/ Frame 67B8
0
0

truncated
/ Frame 67B8
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5774ef81453ab3e2d1c5684c89c7b40dccb79d75d89ab4f63f31d75909be309b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
counter.js
secure.statcounter.com/counter/ Frame 67B8
30 KB
10 KB
Script
General
Full URL
https://secure.statcounter.com/counter/counter.js
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.3.47 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f5faf91537c9a3effadfaf97aa0214ac62da4c1be4b79946ed0975224c2ab84

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/files/XBwzv5Yrm_1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 07 Aug 2019 08:44:48 GMT
server
cloudflare
age
33970
etag
W/"5d4a8f80-796b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=43200
cf-ray
50338859dccb9d24-AMS
expires
Fri, 09 Aug 2019 06:25:23 GMT
t.php
c.statcounter.com/ Frame 67B8
49 B
313 B
Image
General
Full URL
https://c.statcounter.com/t.php?sc_project=9692532&java=1&security=0d8e2eaf&u1=4969F59EB1884F6E61BB818DB6CD932B&sc_rum_f_s=89&sc_rum_f_e=118&sc_rum_e_s=120&sc_rum_e_e=124&sc_random=0.8902751475867963&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1600&h=1200&camefrom=&u=https%3A//instagramcontract.ml/files/XBwzv5Yrm_1.html&t=&sc_snum=1&sess=e6f069&p=0&invisible=1
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/files/XBwzv5Yrm_1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.3.47 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/files/XBwzv5Yrm_1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:24 GMT
content-type
image/gif
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
status
200
cf-ray
5033885a0d079d24-AMS
content-length
49
expires
Mon, 26 Jul 1997 05:00:00 GMT
inferredEvents.js
connect.facebook.net/signals/plugins/
1 KB
898 B
Script
General
Full URL
https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.2
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
772
x-xss-protection
0
pragma
public
x-fb-debug
swN1rzwJwSLfNNMWvb4SSceYt9fPHy+Hvat0OqhFPXkxoTixolgK6BRpZ9MLKHrcJOhDXwLhcQ3bftS1xQn4gA==
x-fb-trip-id
1970646000
x-frame-options
DENY
date
Thu, 08 Aug 2019 18:25:23 GMT
vary
Origin, Accept-Encoding
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
248 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1425767024389221&ev=PageView&dl=https%3A%2F%2Finstagramcontract.ml%2F&rl=&if=false&ts=1565288723544&sw=1600&sh=1200&v=2.9.2&r=stable&ec=0&o=30&fbp=fb.1.1565288723543.95222856&it=1565288723406&coo=false&rqm=GET
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:23 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 08 Aug 2019 18:25:23 GMT
/
www.facebook.com/tr/
44 B
145 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1425767024389221&ev=Microdata&dl=https%3A%2F%2Finstagramcontract.ml%2F&rl=&if=false&ts=1565288724050&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Instagram%20Contract%22%2C%22meta%3Adescription%22%3A%22Sign%20up%20to%20see%20photos%20and%20videos%20from%20your%20friends.%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Instagram%22%2C%22og%3Atitle%22%3A%22Instagram%22%2C%22og%3Aimage%22%3A%22%2Fstatic%2Fimages%2Fico%2Ffavicon-200.png%2Fa0d593d4e9d5.png%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finstagram.com%2F%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.2&r=stable&ec=1&o=30&fbp=fb.1.1565288723543.95222856&it=1565288723406&coo=false&es=automatic&rqm=GET
Requested by
Host: instagramcontract.ml
URL: https://instagramcontract.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://instagramcontract.ml/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 18:25:24 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 08 Aug 2019 18:25:24 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
404tutorial.com
URL
http://404tutorial.com/2.css
Domain
404tutorial.com
URL
http://404tutorial.com/1.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| _sharedData function| fbq function| _fbq

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

404tutorial.com
c.statcounter.com
connect.facebook.net
instagramcontract.ml
secure.statcounter.com
www.facebook.com
404tutorial.com
104.20.3.47
185.27.134.19
2606:4700:30::681f:5b2d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
0d2fe9c96779a3b94d0fdec6f2d529b6c0d026fa9efe0e19713567ab1eee629f
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e
14e874e255fbe26501740f41352625abdf09cec30d86c052b40070f276c63929
191560ea3bcea8ef393a863dbac8e703f176805e514de66c4ce0bd48dc21dcaf
2650f9a070fae914f0230bfd950cbf7b56682008f1f3aff3ed0c8b105c128746
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
339d420b3f7e7d56a573e1709770d6db8b3d75d211d6f00d0f7e3324d118bb80
5774ef81453ab3e2d1c5684c89c7b40dccb79d75d89ab4f63f31d75909be309b
583714033cab0d76045a8d4bbfb2326983f40d5c2cfa239e9527da9617686e6b
5b3c2e273856010009608c3810f94a40331b91dd916f84e32fdbe5aace87d873
68c719b7e4f3e3a466b233fe9ccabf0e57c0b7539818c395ca1d2d50b3365961
90c91ea6f17630bd6eb96a8cbe723c2f2934aa7105e33acffc5313099861b6fd
9f5faf91537c9a3effadfaf97aa0214ac62da4c1be4b79946ed0975224c2ab84
c7ffb5c7a2fcc93bf5553df1f27de7c5b2dbd4affcb74fd0bef82371e4e22caa
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
df488d9b1cf0172e7025ac2fa987f87ec88cc9ef090c4dab9c31976a16cd82ae