{"report_id":"9c0b6321-d5da-4c90-853d-56352477d9b2","version":0,"status":"done","tags":["instagram","meta","social","phishing"],"date":"2026-06-20T01:38:54Z","url":{"schema":"https","addr":"org-007.github.io/instagram","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"ip":{"addr":"185.199.108.153","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"org-007.github.io/instagram/","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"title":"Instagram","dom":{"size":8858,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (336)","md5":"f040de4e9a5ba24d2853acc2e708936f","sha1":"bf52451c3a3211cb37e76a100f0c01d1dcc9cc5f","sha256":"6a9574a2880fee3d241a9534c7cf6a4163b6ac78dc57f43a31d323644a408866","sha512":"c04ff053f196cd96c8fea33167c9762074a0e5a7014eccdc03873e94646c7a360fe99f5620dd725ef053e2bb639e59397e7187b714d9197ac723f73e11bce4b5","ssdeep":"192:MIZfUV+4Ds+oNnrUCPXh96cKKOVYku7Huqpuv8KMueA3j:MICuxtQ7uPLu8Az","tlshash":"b902c8d779b7040a7503d6686bbb572a3224e043d50aca187fe8a25ccf86ac65d337cc","dom_hash":"domhashf6ddee8d8dca0c573e72710d95685ffa","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"org-007.github.io/instagram","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"ip":{"addr":"185.199.108.153","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-25T01:38:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"org-007.github.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]},"summary":[{"fqdn":"org-007.github.io","ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2013-03-08","domain_rank":0,"first_seen":"2026-06-20T01:34:54.988559Z","last_seen":"2026-06-20T01:34:54.988559Z","alert_count":6,"request_count":3,"received_data":19721,"sent_data":1511,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"org-007.github.io/instagram/","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9d6d36a02b1575f83d5fe0300936960b","sha1":"384916173c9941e91f47852ef19596f54bb81a97","sha256":"f01552cff5d9a9ac1e68b40d4a65baef705f17ffe0c9167be259a3fe897d7243","sha512":"afa6d6a72567472d29628ff2bc12cf5bee542dfed3dffe219df878daffad9ad7c0e9cfb3250afc082a1eae0da5bc694d1cf305580a5d4aeba4a8d7e6ff0dbc29","ssdeep":"","tlshash":"8d31f2e77cf604304b6f66b615be8749792411752906c7ca492cea2caca0d936837be4","size":1591,"data":"","first_seen":"2026-06-20T01:34:56.777691Z","last_seen":"2026-06-20T01:38:55.543117Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"org-007.github.io/instagram","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T01:38:32.048Z","timestamp":1781919512048,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 23:32:36 GMT","end":"Sun, 05 Jul 2026 23:32:35 GMT"},"fingerprint":{"sha1":"18:DE:96:E8:3D:99:B2:8A:0C:D1:0C:48:78:BD:6A:14:6A:05:25:60","sha256":"EA:69:BC:71:1C:B9:D4:56:98:D2:FD:AA:48:54:D7:DC:08:6A:CD:3A:9C:35:01:64:90:9B:68:8A:C7:C0:63:1F"}}},"request":{"raw":"GET /instagram HTTP/1.1\r\nHost: org-007.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\nserver: GitHub.com\r\ncontent-type: text/html\r\nlocation: https://org-007.github.io/instagram/\r\nx-github-request-id: EBF2:0657:9AE43:A86FD:6A35EF17\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Sat, 20 Jun 2026 01:38:32 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-bma-essb1270057-BMA\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1781919512.087689,VS0,VE109\r\nvary: Accept-Encoding\r\nx-fastly-request-id: 96f98a8e8056d31033f055d8d3d04a430d671036\r\ncontent-length: 162\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T04:29:44.336912Z","times_seen":16598908,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":4,"connect":9,"send":0,"wait":118,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"org-007.github.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"org-007.github.io/instagram/","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T01:38:32.209Z","timestamp":1781919512209,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 23:32:36 GMT","end":"Sun, 05 Jul 2026 23:32:35 GMT"},"fingerprint":{"sha1":"18:DE:96:E8:3D:99:B2:8A:0C:D1:0C:48:78:BD:6A:14:6A:05:25:60","sha256":"EA:69:BC:71:1C:B9:D4:56:98:D2:FD:AA:48:54:D7:DC:08:6A:CD:3A:9C:35:01:64:90:9B:68:8A:C7:C0:63:1F"}}},"request":{"raw":"GET /instagram/ HTTP/1.1\r\nHost: org-007.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: GitHub.com\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Fri, 19 Jun 2026 06:16:18 GMT\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31556952\r\netag: W/\"6a34deb2-225f\"\r\nexpires: Sat, 20 Jun 2026 00:26:24 GMT\r\ncache-control: max-age=600\r\ncontent-encoding: gzip\r\nx-proxy-cache: MISS\r\nx-github-request-id: 264C:3372A1:830CE:8E015:6A35DBD7\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Sat, 20 Jun 2026 01:38:32 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-bma-essb1270057-BMA\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1781919512.213857,VS0,VE114\r\nvary: Accept-Encoding\r\nx-fastly-request-id: d01fb63e10c1b48768a59cb901d8d5a1f171f95d\r\ncontent-length: 3003\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]}],"data":{"size":8799,"size_decoded":3717,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (330)","md5":"cbe2a69a39df8882bc14685da9485ac1","sha1":"f8304763a8238f0a6140793c586b31e1609382cf","sha256":"f000634ba37b5dab9ba82c3efae2df1ccb5caa131aaf39e4765be78f4ef50606","sha512":"3ae11351c034091b418816b48383f30139f9d3e9675ae5924e5a471c8207d31beb96993a27479d8efcf84716d26d83ede707db8007aec83c46557b090ed5bb2f","ssdeep":"192:wIZfUV+4Ds+oNnrUCPX7h6iJDKOVNzu7Huqpuv8KMueAh:wICuxtT173SLu8Ah","tlshash":"b302d9d73aab04057503d6686bbb57293224e043d506ca183fe8a65ccfcaaca5d337cc","first_seen":"2026-06-20T01:34:56.775948Z","last_seen":"2026-06-20T01:38:55.539835Z","times_seen":2,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"org-007.github.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"org-007.github.io/favicon.ico","fqdn":"org-007.github.io","domain":"org-007.github.io","tld":"github.io"},"ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://org-007.github.io/instagram/","date":"2026-06-20T01:38:32.608Z","timestamp":1781919512608,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 23:32:36 GMT","end":"Sun, 05 Jul 2026 23:32:35 GMT"},"fingerprint":{"sha1":"18:DE:96:E8:3D:99:B2:8A:0C:D1:0C:48:78:BD:6A:14:6A:05:25:60","sha256":"EA:69:BC:71:1C:B9:D4:56:98:D2:FD:AA:48:54:D7:DC:08:6A:CD:3A:9C:35:01:64:90:9B:68:8A:C7:C0:63:1F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: org-007.github.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://org-007.github.io/instagram/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nserver: GitHub.com\r\ncontent-type: text/html; charset=utf-8\r\netag: W/\"6a332546-239b\"\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'\r\ncontent-encoding: gzip\r\nx-github-request-id: B152:2BE00B:9B0DF:A878D:6A35EE28\r\naccept-ranges: bytes\r\nage: 240\r\ndate: Sat, 20 Jun 2026 01:38:32 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-bma-essb1270057-BMA\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1781919513.613172,VS0,VE1\r\nvary: Accept-Encoding\r\nx-fastly-request-id: a2b5b9238772947e5cf12a5f4e510a0731c366f7\r\ncontent-length: 5142\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]}],"data":{"size":9115,"size_decoded":5751,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3909)","md5":"1eb970ce5a18bec7165f016df8238566","sha1":"9efd1514af80fe14db4ed28e9bc53975b9ee089c","sha256":"70d613e3acfba24fd2876fcbacaf639e1e111ef4d54baf70761c47673f37d6a3","sha512":"21b4d800cc282ca452f7394e95d5382340ac3481a002c21da681005a44f18ea6cf43959990cd715b4657f180e0e96d6087fe724f3200e909f9fd70ebcd5511bd","ssdeep":"192:Ywnb1iC9OA9XXMa9kukrALQDUnulGVopLAGCALQD6vnglET31iCLL3d:7B8H3DUulGmmv3D6vglETliCfN","tlshash":"e6126d7e19e93308d8028a1539f267993d65880f9e866e6fb5ad0351cf8fe10e1637cc","first_seen":"2023-04-05T03:08:51Z","last_seen":"2026-06-21T04:20:11.249495Z","times_seen":56071,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"org-007.github.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]}}]}