{"report_id":"52b6d357-5348-4c7f-b0a5-8889cc7cdf48","version":6,"status":"done","tags":["instagram","meta","social","phishing"],"date":"2025-10-03T10:39:40Z","url":{"schema":"https","addr":"www.kkinstagram.com/p/DOgPFq_CU74/","fqdn":"www.kkinstagram.com","domain":"kkinstagram.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"title":"Instagram"},"submit":{"url":{"schema":"https","addr":"www.kkinstagram.com/p/DOgPFq_CU74/","fqdn":"www.kkinstagram.com","domain":"kkinstagram.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T10:39:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":10}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-03","alert":"Phishing - Instagram","trigger":"www.kkinstagram.com/p/DOgPFq_CU74/","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-03","alert":"Phishing Block","trigger":"www.kkinstagram.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-03","alert":"Phishing - Instagram","trigger":"kkscript.com","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]},"summary":[{"fqdn":"kkscript.fra1.cdn.digitaloceanspaces.com","ip":{"addr":"104.18.42.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-23","domain_rank":0,"first_seen":"2025-07-09T23:10:00.285204Z","last_seen":"2025-09-30T06:24:47.10472Z","alert_count":0,"request_count":2,"received_data":7845,"sent_data":961,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.kkinstagram.com","ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-10-06","domain_rank":0,"first_seen":"2025-07-06T21:39:57.992337Z","last_seen":"2025-09-30T06:24:46.919468Z","alert_count":6,"request_count":1,"received_data":6428,"sent_data":502,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kkscript.com","ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-15","domain_rank":4478855,"first_seen":"2025-07-06T21:39:57.975307Z","last_seen":"2025-09-30T06:24:47.625792Z","alert_count":5,"request_count":1,"received_data":6389,"sent_data":553,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-28T22:11:36.689828Z","alert_count":0,"request_count":1,"received_data":422881,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"362b8ba5e02bac96cbe438fa67f2ccf9","sha1":"311d4dbe0b69893968816549c3614dec40255152","sha256":"7a327d23c171004b02195dbc0c3689b32d57d4304bf2466a65db3ab348cd1527","sha512":"128a53e63ab62a4822b64a4352012e13def6a5c5327dd1ce103175a69595f1915ce8af787101d0398306c2c254a5b456ff5b9c1b959c2db00457e577a775d73c","ssdeep":"","tlshash":"50f005953cdd44248377112927fb91497439652f2c4afc15f94c84812f59ead14fb94c","size":570,"data":"","first_seen":"2025-07-06T21:40:04.264616Z","last_seen":"2026-04-09T08:20:24.969039Z","times_seen":853,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-WLZLVNZBYK","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ef068c956c3e4ef56fa2596f2378adce","sha1":"45d511c5c73cc1eb287e0a336fd4712ef74b30aa","sha256":"b704ce9e1258364f553c36ec3a36f75130b97b38de7ba7c1ed47d01c665a4696","sha512":"8fc5a99b9a348abdc4522bbb52a995d6d3096c6a4d54b36618dc119c74ddeb2684e174d3cc6b01e9d04fbcffd5a8b7f693efba4b2015aa38366d60571dfa631d","ssdeep":"6144:hBDZTPtDyYvRC1cZwtgk6dSLd6gZg1X+6RVt:PtbptvIcZwhGt","tlshash":"91941ace73c674665396e478903f018ba5bb28a2f44cc899f189cce42d74a9a4177f7c","size":422277,"data":"","first_seen":"2025-10-03T10:39:42.404968Z","last_seen":"2025-10-03T10:39:42.404968Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"453c011289650bb49182249b9a0085db","sha1":"ed096c55cf970a1ee9adc33edadd6f7dac45a2c1","sha256":"c7647ede44aa4958ca5a8fbb51b58e61488686afa162e05cd610831ed362a350","sha512":"6b42bd2fb9f3b2c5c07434102219c24020d06456d97d5ef1278fb9a996bbff2dcb3d2fb6f6cdc3d0196e90af3e02e0e5968445319041d2c4c57ffe6d519cf1ad","ssdeep":"","tlshash":"00c08c88220b0c7081ab2e010bbfb204b0063213949199223a4e63044f30e03d78cc14","size":173,"data":"","first_seen":"2025-07-06T21:40:04.265735Z","last_seen":"2026-04-09T08:20:24.969653Z","times_seen":853,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"be865377b303b39364022149f4f977ba","sha1":"17936f01b6abd7fd7de30e40c5e3f5593008f271","sha256":"06138c979032317e0f4b7268767b6936d25d78a01f3ac391462fd53ae8a1e2f7","sha512":"1c79815891f87052e47d75f20e849ae4705636b16fbd0f7491a64ca646b8c2209b84f3fe14a8c4e1dbef23d3e28557d0a603ee528a5c02675d66159c67895c1c","ssdeep":"","tlshash":"0b31f104d8f6083a2d237863eb4b331578d7507f745cc602b55d6b9a6ff2029462daed","size":1473,"data":"","first_seen":"2025-10-03T10:39:42.411913Z","last_seen":"2025-10-03T10:39:42.411913Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.kkinstagram.com/p/DOgPFq_CU74/","fqdn":"www.kkinstagram.com","domain":"kkinstagram.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-03T10:39:15.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.kkinstagram.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 08 Aug 2025 13:25:09 GMT","end":"Thu, 06 Nov 2025 14:25:06 GMT"},"fingerprint":{"sha1":"03:E5:06:EC:2B:E2:54:78:4F:A6:B7:37:8B:6D:D1:C2:FE:15:A1:61","sha256":"B5:F5:49:38:61:DA:F1:F4:4D:FF:5F:F5:7A:14:2C:73:DF:C7:B7:B8:44:D7:94:BF:C9:6F:AB:47:2F:A1:01:E0"}}},"request":{"raw":"GET /p/DOgPFq_CU74/ HTTP/1.1\r\nHost: www.kkinstagram.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ndate: Fri, 03 Oct 2025 10:39:15 GMT\r\ncontent-length: 0\r\nlocation: https://kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192\r\ncf-ray: 988bd08c5942712d-OSL\r\nx-do-app-origin: 30abaed5-098b-4f5c-af78-c2864a3dc6bc\r\ncache-control: private\r\nx-do-orig-status: 307\r\ncf-cache-status: MISS\r\nset-cookie: __cf_bm=BML_S0b0XeewF.CscFTeyo2FuFpLquULSU_LcSQeXB0-1759487955-1.0.1.1-80Iotuy64.PiE1th1MkMACghICh2QzlEt1LAvTEH5f4n7ML0SOL7kaMRMqlds_WPQ49VzOpokEcoNQfeZJ5Dn5lJjR1J0CfrTS0ch51Z6k4; path=/; expires=Fri, 03-Oct-25 11:09:15 GMT; domain=.www.kkinstagram.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5687,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T09:28:02.4502Z","times_seen":13534720,"resource_available":true,"data":null}},"time_used":442,"timings":{"blocked":187,"dns":1,"connect":2,"send":0,"wait":67,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-03","alert":"Phishing - Instagram","trigger":"www.kkinstagram.com/p/DOgPFq_CU74/","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-03","alert":"Phishing Block","trigger":"www.kkinstagram.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"www.kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-03T10:39:15.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkscript.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 15:24:31 GMT","end":"Sun, 09 Nov 2025 16:24:26 GMT"},"fingerprint":{"sha1":"82:ED:BC:07:01:98:12:1E:4A:B3:2C:AF:13:D4:62:76:0E:7A:CB:03","sha256":"9D:75:06:96:9D:F6:D6:AB:A5:2D:7F:D1:73:E2:7A:6D:BF:29:2F:68:0F:7B:3D:C9:82:48:59:A8:49:C3:45:D7"}}},"request":{"raw":"GET /post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192 HTTP/1.1\r\nHost: kkscript.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 03 Oct 2025 10:39:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: br\r\nx-do-app-origin: 30abaed5-098b-4f5c-af78-c2864a3dc6bc\r\ncache-control: private\r\nx-do-orig-status: 200\r\nlast-modified: Fri, 03 Oct 2025 10:39:16 GMT\r\ncf-cache-status: MISS\r\nset-cookie: __cf_bm=6KfQdO.Q7WdFrJ0aB77x7A4RjeOaVByA2q5eXV4U8Eo-1759487956-1.0.1.1-qLF3VLKmmgXbsUWnPD5eAl2uFZA1aYC3ReBHvz4iN9Jq3qy9v6U67jUvPOceQoHS2rqcF.7GOntMYlooBijegEexfQfUjZv0bOX.Ry.NQZ0; path=/; expires=Fri, 03-Oct-25 11:09:16 GMT; domain=.kkscript.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 988bd08de8048be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5687,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (693)","md5":"b5656006872df7d258a9034ff459b6ad","sha1":"6a3928dc25ba09761d69ee9571ff0ba5998c13a2","sha256":"9ce71172209915de4445d8c1271e9d8ad9fb6a573b3dd25e800450d5d791067f","sha512":"459973ec83cc27beb56c325a9cbeb42ff89dd6bf439b473b6757f77a6988cff8e3b1e92571f215ae0b0255021a249cbcdf185380e4df9fbacf1aaf74418260c1","ssdeep":"96:yM5Siil7upaJ2cbjfzJ6Y09FNnzf5t1eEfqNboxnqMQ:4vypaJ2GfzJ901hbeyqhoxnk","tlshash":"8ec1f6825ceb48273912e065ebf7770d3182903fa409cc16b9cdb3e0afc2a254c6769c","first_seen":"2025-10-03T10:39:42.402031Z","last_seen":"2025-10-03T10:39:42.402031Z","times_seen":1,"resource_available":false,"data":null}},"time_used":486,"timings":{"blocked":184,"dns":3,"connect":2,"send":0,"wait":118,"receive":0,"ssl":178},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-03","alert":"Phishing - Instagram","trigger":"kkscript.com","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-WLZLVNZBYK","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","date":"2025-10-03T10:39:16.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /gtag/js?id=G-WLZLVNZBYK HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkscript.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 03 Oct 2025 10:39:16 GMT\r\nexpires: Fri, 03 Oct 2025 10:39:16 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 140657\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":422277,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"ef068c956c3e4ef56fa2596f2378adce","sha1":"45d511c5c73cc1eb287e0a336fd4712ef74b30aa","sha256":"b704ce9e1258364f553c36ec3a36f75130b97b38de7ba7c1ed47d01c665a4696","sha512":"8fc5a99b9a348abdc4522bbb52a995d6d3096c6a4d54b36618dc119c74ddeb2684e174d3cc6b01e9d04fbcffd5a8b7f693efba4b2015aa38366d60571dfa631d","ssdeep":"6144:hBDZTPtDyYvRC1cZwtgk6dSLd6gZg1X+6RVt:PtbptvIcZwhGt","tlshash":"91941ace73c674665396e478903f018ba5bb28a2f44cc899f189cce42d74a9a4177f7c","first_seen":"2025-10-03T10:39:42.404968Z","last_seen":"2025-10-03T10:39:42.404968Z","times_seen":1,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":42,"dns":0,"connect":9,"send":0,"wait":38,"receive":24,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.fra1.cdn.digitaloceanspaces.com/static/favicon/apple-touch-icon.png","fqdn":"kkscript.fra1.cdn.digitaloceanspaces.com","domain":"fra1.cdn.digitaloceanspaces.com","tld":"cdn.digitaloceanspaces.com"},"ip":{"addr":"104.18.42.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","date":"2025-10-03T10:39:16.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.fra1.cdn.digitaloceanspaces.com","organization":"DigitalOcean, LLC"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Jun 2025 00:00:00 GMT","end":"Tue, 23 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"39:20:05:68:4C:6F:AB:62:96:2C:FD:44:12:DF:FC:CB:E9:C7:5E:85","sha256":"77:08:F4:2E:1B:90:B0:FF:B1:BD:EF:BB:DE:AA:58:75:EF:34:A5:86:6F:75:34:58:F0:C6:68:08:DE:FA:E4:8F"}}},"request":{"raw":"GET /static/favicon/apple-touch-icon.png HTTP/1.1\r\nHost: kkscript.fra1.cdn.digitaloceanspaces.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkscript.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 03 Oct 2025 10:39:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 5503\r\nlast-modified: Wed, 09 Jul 2025 18:25:19 GMT\r\nx-rgw-object-type: Normal\r\netag: \"d0aae417f6f63cca86cdd613299dab07\"\r\nx-amz-request-id: tx000001e5bbb4a375ba3d3-00687e1311-d6c65f2-fra1c\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-do-cdn-uuid: 228be3f8-843c-4d71-8527-3bacdc3a18c2\r\ncache-control: max-age=3600\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nset-cookie: __cf_bm=04cNdAsE3xrIz4wZ4DoxOsffvf_LVTUij86cI42RjFQ-1759487956-1.0.1.1-KQeJl.rT9BDMEAGuRFqrv2PeVPHG7Cz.P64SgUuqhHXytzzzsdaxTnyfvA3qEqwGmqq2KlrqrMlK9RXKc2FDdjylQyKFfs8EsvIaAA6.ba4; path=/; expires=Fri, 03-Oct-25 11:09:16 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 988bd08fcb391a30-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"d0aae417f6f63cca86cdd613299dab07","sha1":"e3d13c88c2a3ba7ee30527af2f480fab91473b72","sha256":"8267683e39ca97783c8792e6e58847e4ff8149e59c1bff6fd9fdeca9e56c3576","sha512":"457f539ad911c6a743d00e4c48211642e116d98b82c3f1e3b35f296d95274d07977f5aa46e2c7a2a2f9c1b3970c1190bbe3c444afb6af2b3a063fb865ef67a2f","ssdeep":"96:J/lp4Jw4geq4ZgV/EEVb2sB3cWgy6x+yn2AmrG5yGlR2JhrkTSwNKCDFIDz:JP4JKeZFMysBdgLx32Vyk4Sw8CDFIX","tlshash":"53b16d22c2578ccccf3361d4156587fd25456e395a87c1e4098dbb4480b6d2af498ffa","first_seen":"2025-07-06T21:40:04.258888Z","last_seen":"2026-04-09T08:20:24.964876Z","times_seen":860,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":0,"dns":3,"connect":2,"send":0,"wait":75,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.fra1.cdn.digitaloceanspaces.com/static/favicon/favicon-16x16.png","fqdn":"kkscript.fra1.cdn.digitaloceanspaces.com","domain":"fra1.cdn.digitaloceanspaces.com","tld":"cdn.digitaloceanspaces.com"},"ip":{"addr":"104.18.42.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkscript.com/post?target=instagram\u0026shortcode=DOgPFq_CU74\u0026media_id=3720039652657811192","date":"2025-10-03T10:39:16.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.fra1.cdn.digitaloceanspaces.com","organization":"DigitalOcean, LLC"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Jun 2025 00:00:00 GMT","end":"Tue, 23 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"39:20:05:68:4C:6F:AB:62:96:2C:FD:44:12:DF:FC:CB:E9:C7:5E:85","sha256":"77:08:F4:2E:1B:90:B0:FF:B1:BD:EF:BB:DE:AA:58:75:EF:34:A5:86:6F:75:34:58:F0:C6:68:08:DE:FA:E4:8F"}}},"request":{"raw":"GET /static/favicon/favicon-16x16.png HTTP/1.1\r\nHost: kkscript.fra1.cdn.digitaloceanspaces.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkscript.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 03 Oct 2025 10:39:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 445\r\nlast-modified: Wed, 09 Jul 2025 18:25:19 GMT\r\nx-rgw-object-type: Normal\r\netag: \"ae61a0713a6268d01012e1600f97d91e\"\r\nx-amz-request-id: tx000009a6db15ac5793f40-00687e1313-d6c65f2-fra1c\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-do-cdn-uuid: 228be3f8-843c-4d71-8527-3bacdc3a18c2\r\ncache-control: max-age=3600\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nset-cookie: __cf_bm=8fZM7UEvu5JaHGSWhptRJafwOPyXk7EuAWzx9pLaHE8-1759487956-1.0.1.1-HE9xcVkZuBLms9mzo.m8oplsj468Aq09yADwCNxo.KiuDKuRuSSFXTGcaIGra4HsmFoLanO94U0h3n9TYRTvKS.jxeo.cuNR99OulIunozw; path=/; expires=Fri, 03-Oct-25 11:09:16 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 988bd08fbb361a30-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"ae61a0713a6268d01012e1600f97d91e","sha1":"f45ba85e2da45d1b3079766521a8aa33bdf13685","sha256":"2506454af56045f30aa025926e1cddf664264779d8565a1ea93bc7141452c3be","sha512":"02e2854b1cbe7d7a1ce89f2c607fc6f958f1ae33ac449d45d23edf3ddcd08b672c4d3a1a4e96184afd7a54179cb4370f166f9285725903636541f53a31587e9d","ssdeep":"","tlshash":"78f02be2f695087e4d1950d79c91d10af557041ca4c16098104bf3973d5f76345788c5","first_seen":"2025-07-06T21:40:04.247775Z","last_seen":"2026-04-09T08:20:24.968418Z","times_seen":860,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":3,"connect":2,"send":0,"wait":64,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}