{"report_id":"ec0154b0-36ac-4803-a37d-fa4e80d4c00c","version":6,"status":"done","tags":["instagram","meta","social","phishing"],"date":"2025-10-29T00:53:14Z","url":{"schema":"https","addr":"kkinstagram.com/reel/DLWfUsrI0gA/?igsh=ODM5OXpzMGVnNm1u","fqdn":"kkinstagram.com","domain":"kkinstagram.com","tld":"com"},"ip":{"addr":"172.66.0.96","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"title":"Instagram","dom":{"size":5740,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (693)","md5":"38b4990e56063105599cff2094409c45","sha1":"f6074625fcb4e3e17a1bb5ac6b86ad7a26b20e3a","sha256":"0b3f34e0c1806f5c0a3a102d463b5d6f4909aab9dbd96be557a7bde3c157eb94","sha512":"f1f083b88747c101874f04c6b1f2514bbfb501659fa1d2a277b8fb7df8940e84eefdf88a9bbe2b7fcc357416a3c44e247f46b484e610911f1736c8d14c1fa42a","ssdeep":"96:nIM5Siil7upaJKcbjfzJ6Y0yFNnzf5t1eE0qNboxnqMC:KvypaJKGfzJ90ChbeJqhoxnG","tlshash":"41c1f8825ceb482b3912e065ebf7770d3192903fa449cc15bddc63e46fc26294c6769c","dom_hash":"domhash238d585b4bc1b5867cc135482a2976d0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWwgbGFuZz0iZW4iPjxoZWFkPgogICAgPG1ldGEgY2hhcnNldD0iVVRGLTgiPgogICAgPHRpdGxlPkluc3RhZ3JhbTwvdGl0bGU+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CgogICAgPGxpbmsgcmVsPSJhcHBsZS10b3VjaC1pY29uIiBzaXplcz0iMTgweDE4MCIgaHJlZj0iaHR0cHM6Ly9ra3NjcmlwdC5mcmExLmNkbi5kaWdpdGFsb2NlYW5zcGFjZXMuY29tL3N0YXRpYy9mYXZpY29uL2FwcGxlLXRvdWNoLWljb24ucG5nIj4KICAgIDxsaW5rIHJlbD0iaWNvbiIgdHlwZT0iaW1hZ2UvcG5nIiBzaXplcz0iMzJ4MzIiIGhyZWY9Imh0dHBzOi8va2tzY3JpcHQuZnJhMS5jZG4uZGlnaXRhbG9jZWFuc3BhY2VzLmNvbS9zdGF0aWMvZmF2aWNvbi9mYXZpY29uLTMyeDMyLnBuZyI+CiAgICA8bGluayByZWw9Imljb24iIHR5cGU9ImltYWdlL3BuZyIgc2l6ZXM9IjE2eDE2IiBocmVmPSJodHRwczovL2trc2NyaXB0LmZyYTEuY2RuLmRpZ2l0YWxvY2VhbnNwYWNlcy5jb20vc3RhdGljL2Zhdmljb24vZmF2aWNvbi0xNngxNi5wbmciPgogICAgPGxpbmsgcmVsPSJtYW5pZmVzdCIgaHJlZj0iaHR0cHM6Ly9ra3NjcmlwdC5mcmExLmNkbi5kaWdpdGFsb2NlYW5zcGFjZXMuY29tL3N0YXRpYy9mYXZpY29uL3NpdGUud2VibWFuaWZlc3QiPgoKICAgIDxzdHlsZT4KICAgICAgYm9keSB7CiAgICAgICAgbWFyZ2luOiAwOwogICAgICAgIHBhZGRpbmc6IDA7CiAgICAgICAgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7CiAgICAgICAgYmFja2dyb3VuZDogI2Y5ZjlmOTsKICAgICAgICBkaXNwbGF5OiBmbGV4OwogICAgICAgIGZsZXgtZGlyZWN0aW9uOiBjb2x1bW47CiAgICAgICAgbWluLWhlaWdodDogMTAwdmg7CiAgICAgIH0KCiAgICAgIC5iYW5uZXIgewogICAgICAgIHdpZHRoOiAxMDAlOwogICAgICAgIGJhY2tncm91bmQ6ICNmZmNjMDA7CiAgICAgICAgcGFkZGluZzogMTJweDsKICAgICAgICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgICAgICAgZm9udC1zaXplOiAxNnB4OwogICAgICAgIGNvbG9yOiAjMDAwOwogICAgICB9CgogICAgICAuY29udGVudCB7CiAgICAgICAgZmxleDogMTsKICAgICAgICBkaXNwbGF5OiBmbGV4OwogICAgICAgIGZsZXgtZGlyZWN0aW9uOiBjb2x1bW47CiAgICAgICAgLyoganVzdGlmeS1jb250ZW50OiBjZW50ZXI7ICovCiAgICAgICAgYWxpZ24taXRlbXM6IGNlbnRlcjsKICAgICAgICBwYWRkaW5nOiAyMHB4OwogICAgICB9CgogICAgICBidXR0b24gewogICAgICAgIHBhZGRpbmc6IDE0cHggMjhweDsKICAgICAgICBmb250LXNpemU6IDE4cHg7CiAgICAgICAgYm9yZGVyOiBub25lOwogICAgICAgIGJvcmRlci1yYWRpdXM6IDhweDsKICAgICAgICBiYWNrZ3JvdW5kOiAjMDA3YWZmOwogICAgICAgIGNvbG9yOiAjZmZmOwogICAgICAgIGN1cnNvcjogcG9pbnRlcjsKICAgICAgICB3aWR0aDogOTAlOwogICAgICAgIG1heC13aWR0aDogMzIwcHg7CiAgICAgIH0KCiAgICAgIGJ1dHRvbjpob3ZlciB7CiAgICAgICAgYmFja2dyb3VuZDogIzAwNWJiYjsKICAgICAgfQoKICAgICAgQG1lZGlhIChtaW4td2lkdGg6IDc2OHB4KSB7CiAgICAgICAgYnV0dG9uIHsKICAgICAgICAgIGZvbnQtc2l6ZTogMjBweDsKICAgICAgICAgIHBhZGRpbmc6IDE2cHggMzJweDsKICAgICAgICAgIG1heC13aWR0aDogNDAwcHg7CiAgICAgICAgfQogICAgICB9CiAgICA8L3N0eWxlPgoKICAgIDwhLS0gWWFuZGV4Lk1ldHJpa2EgY291bnRlciAtLT4KICAgIDxzY3JpcHQgYXN5bmM9IiIgc3JjPSJodHRwczovL21jLnlhbmRleC5ydS9tZXRyaWthL3RhZy5qcyI+PC9zY3JpcHQ+PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgogICAgICAoZnVuY3Rpb24obSxlLHQscixpLGssYSl7bVtpXT1tW2ldfHxmdW5jdGlvbigpeyhtW2ldLmE9bVtpXS5hfHxbXSkucHVzaChhcmd1bWVudHMpfTsKICAgICAgbVtpXS5sPTEqbmV3IERhdGUoKTsKICAgICAgZm9yICh2YXIgaiA9IDA7IGogPCBkb2N1bWVudC5zY3JpcHRzLmxlbmd0aDsgaisrKSB7aWYgKGRvY3VtZW50LnNjcmlwdHNbal0uc3JjID09PSByKSB7IHJldHVybjsgfX0KICAgICAgaz1lLmNyZWF0ZUVsZW1lbnQodCksYT1lLmdldEVsZW1lbnRzQnlUYWdOYW1lKHQpWzBdLGsuYXN5bmM9MSxrLnNyYz1yLGEucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUoayxhKX0pCiAgICAgICh3aW5kb3csIGRvY3VtZW50LCAic2NyaXB0IiwgImh0dHBzOi8vbWMueWFuZGV4LnJ1L21ldHJpa2EvdGFnLmpzIiwgInltIik7CiAgICAgIHltKDEwMzIxMTM3NCwgImluaXQiLCB7CiAgICAgICAgICBjbGlja21hcDp0cnVlLAogICAgICAgICAgdHJhY2tMaW5rczp0cnVlLAogICAgICAgICAgYWNjdXJhdGVUcmFja0JvdW5jZTp0cnVlLAogICAgICAgICAgd2Vidmlzb3I6dHJ1ZQogICAgICB9KTsKICAgIDwvc2NyaXB0PgogICAgPG5vc2NyaXB0PjxkaXY+PGltZyBzcmM9Imh0dHBzOi8vbWMueWFuZGV4LnJ1L3dhdGNoLzEwMzIxMTM3NCIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0Oi05OTk5cHg7IiBhbHQ9IiIgLz48L2Rpdj48L25vc2NyaXB0PgogICAgPCEtLSAvWWFuZGV4Lk1ldHJpa2EgY291bnRlciAtLT4KCiAgICA8IS0tIEdvb2dsZSB0YWcgKGd0YWcuanMpIC0tPgogICAgPHNjcmlwdCBhc3luYz0iIiBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM/aWQ9Ry1XTFpMVk5aQllLIj48L3NjcmlwdD4KICAgIDxzY3JpcHQ+CiAgICAgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOwogICAgICBmdW5jdGlvbiBndGFnKCl7ZGF0YUxheWVyLnB1c2goYXJndW1lbnRzKTt9CiAgICAgIGd0YWcoJ2pzJywgbmV3IERhdGUoKSk7CgogICAgICBndGFnKCdjb25maWcnLCAnRy1XTFpMVk5aQllLJyk7CiAgICA8L3NjcmlwdD4KPC9oZWFkPgo8Ym9keT4KICAgIDwhLS0gIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiAjZmZjYzAwOyIgLS0+CgogIDwhLS0gPGRpdiBjbGFzcz0iYmFubmVyIj4KICAgIEFkdmVydGlzZW1lbnQgQmFubmVyCiAgPC9kaXY+IC0tPgoKICA8IS0tIDxkaXYgY2xhc3M9IiI+CiAgICA8aW1nIHN0eWxlPSJ3aWR0aDogMjAlOyBib3JkZXI6IDFweCBzb2xpZCBibGFjazsgYm9yZGVyLXJhZGl1czogMTVweDsiIHNyYz0iaHR0cDovL2trc2NyaXB0LmNvbS9hcGkvdjEvcHJveHk/dXJsPWFIUjBjSE02THk5elkyOXVkR1Z1ZEMxb1lXMHpMVEV1WTJSdWFXNXpkR0ZuY21GdExtTnZiUzkyTDNRMU1TNHlPRGcxTFRFMUx6VXdNak0wT1RjNU9GOHhNalF4TXpVd016Y3dPREkxTVRBeVh6Y3lOVGMzTmpRd05UVXdOalV4T0RrMk16RmZiaTVxY0djL2MzUndQV1J6ZEMxcWNHZGZaVEUxWDNSME5pWmZibU5mYUhROWMyTnZiblJsYm5RdGFHRnRNeTB4TG1Oa2JtbHVjM1JoWjNKaGJTNWpiMjBtWDI1algyTmhkRDB4TURJbVgyNWpYMjlqUFZFMlkxb3lVVWQ2VWs5TWVscHRSa3hyYlVGS09IRmxablo1TUhSb1owdDBORXBUT0hWd1JVUmhTRGxRY0hKM1EyeGZUbVJFTW01NExWRm1XV2QzZUhOdmJrbzRhQzEzSmw5dVkxOXZhR005TW1SaE1sTnJaVEp0V1UxUk4ydE9kbmRGTVhCbmMwc21YMjVqWDJkcFpEMVJRMjVWVTBFM1drMXdUM0JIZDNwelgwWnZZbmxuSm1Wa2JUMUJUbFJMU1VsdlFrRkJRVUVtWTJOaVBUY3ROU1p2YUQwd01GOUJaazFaTWxsemNteEVTWFk1YmtGaGNqbFBNV1YyYm05alNESkhVRTU1WDJaMVRHVXROa0ZSWWtGUlowOW5KbTlsUFRZNE5rUkJNVFl3Smw5dVkxOXphV1E5WkRnNE5XRXlDZz09IiAvPgogIDwvZGl2PiAtLT4KCiAgPGRpdiBjbGFzcz0iY29udGVudCI+CiAgICA8YnV0dG9uIG9uY2xpY2s9InBvcEFuZFJlZGlyZWN0KCkiIHN0eWxlPSJwYWRkaW5nLXRvcDogMzBweDsgcGFkZGluZy1ib3R0b206IDMwcHg7IHBvc2l0aW9uOiByZWxhdGl2ZTsgdG9wOiAxNzBweDsgYm94LXNoYWRvdzogMCA0cHggMTBweCByZ2JhKDAsIDAsIDAsIDAuMjUpOyBib3JkZXItcmFkaXVzOiAyNXB4OyBmb250LXdlaWdodDogNzAwOyBiYWNrZ3JvdW5kOiBsaW5lYXItZ3JhZGllbnQoNDVkZWcsICNGNTg1MjksICNERDJBN0IsICM4MTM0QUYpOyBjb2xvcjogI2ZmZmZmZjsiPk9wZW4gaW4gSW5zdGFncmFtIEFwcDwvYnV0dG9uPgogIDwvZGl2PgoKICA8c2NyaXB0PgogICAgZnVuY3Rpb24gaXNNb2JpbGUoKSB7CiAgICAgIHZhciB1YSA9IG5hdmlnYXRvci51c2VyQWdlbnQgfHwgbmF2aWdhdG9yLnZlbmRvciB8fCB3aW5kb3cub3BlcmE7CiAgICAgIGNvbnNvbGUubG9nKCd1c2VyLWFnZW50JywgdWEpCiAgICAgIHJldHVybiAvYW5kcm9pZHxpcGhvbmV8aXBhZHxpcG9kL2kudGVzdCh1YSk7CiAgICB9CgogICAgZnVuY3Rpb24gcG9wQW5kUmVkaXJlY3QoKSB7CiAgICAgIHZhciBkZWVwbGluayA9ICJpbnN0YWdyYW06Ly9tZWRpYT9pZD0zNjYzMjUzMTA4NzEyMjI4ODY0IjsgICAgICAgLy8g0L3QsNC/0YDQuNC80LXRgCB0aWt0b2s6Ly92L3h4eCDQuNC70LggaW5zdGFncmFtOi8vYXBwCiAgICAgIHZhciBmYWxsYmFja1VybCA9ICJodHRwczovL3d3dy5pbnN0YWdyYW0uY29tL3JlZWwvRExXZlVzckkwZ0EvIjsgICAgICAgIC8vINGB0YHRi9C70LrQsCDQvdCwINCy0LXQsS3Qv9C+0YHRggogICAgICB2YXIgcG9wdW5kZXJVcmwgPSAiaHR0cHM6Ly9vdGlldS5jb20vNC85NDYxNjg2IjsgICAgLy8g0L/QvtC/0LDQvdC00LXRgCDRgdGB0YvQu9C60LAKCiAgICAgIGlmIChpc01vYmlsZSgpKSB7CiAgICAgICAgLy8g0JXRgdC70Lgg0LzQvtCx0LjQu9GM0L3QvtC1INGD0YHRgtGA0L7QudGB0YLQstC+IOKAlCDQv9GA0L7QsdGD0LXQvCBkZWVwbGluayDQsiDQvdC+0LLQvtC5INCy0LrQu9Cw0LTQutC1CiAgICAgICAgdmFyIG5ld1dpbmRvdyA9IHdpbmRvdy5vcGVuKGRlZXBsaW5rLCAnX2JsYW5rJyk7CgogICAgICAgIC8vINCn0LXRgNC10LcgMS410YEg4oCUIGZhbGxiYWNrINCyINC90L7QstGD0Y4g0LLQutC70LDQtNC60YMsINC10YHQu9C4IGRlZXBsaW5rINC90LUg0YHRgNCw0LHQvtGC0LDQuwogICAgICAgIHNldFRpbWVvdXQoZnVuY3Rpb24oKSB7CiAgICAgICAgICBpZiAobmV3V2luZG93KSB7CiAgICAgICAgICAgIG5ld1dpbmRvdy5sb2NhdGlvbiA9IGZhbGxiYWNrVXJsOwogICAgICAgICAgfQogICAgICAgIH0sIDE1MDApOwoKICAgICAgICAvLyDQotC10LrRg9GJ0YPRjiDQstC60LvQsNC00LrRgyDQvdCwIHBvcHVuZGVyCiAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSBwb3B1bmRlclVybDsKICAgICAgfSBlbHNlIHsKICAgICAgICAvLyDQldGB0LvQuCDQtNC10YHQutGC0L7QvyDQuNC70Lgg0L3QtdC40LfQstC10YHRgtC90L7QtSDRg9GB0YLRgNC+0LnRgdGC0LLQviDigJQg0YHRgNCw0LfRgyDQvdCwIGZhbGxiYWNrINC/0L7RgdGCINCyINC90L7QstC+0Lkg0LLQutC70LDQtNC60LUKICAgICAgICB3aW5kb3cub3BlbihmYWxsYmFja1VybCwgJ19ibGFuaycpOwoKICAgICAgICAvLyDQotC10LrRg9GJ0YPRjiDQstC60LvQsNC00LrRgyDQvdCwIHBvcHVuZGVyCiAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSBwb3B1bmRlclVybDsKICAgICAgfQogICAgfQoKICAgIGNvbnNvbGUubG9nKCdtb2JpbGUnLCBpc01vYmlsZSgpKQogIDwvc2NyaXB0PgoKICAKCiAgCgogIAoKICAKCiAgICAKCiAgICAKCiAgICAKCiAgICAKCiAgICAKCiAgICAKCiAgICAKCgo8L2JvZHk+PC9odG1sPg=="}},"submit":{"url":{"schema":"https","addr":"kkinstagram.com/reel/DLWfUsrI0gA/?igsh=ODM5OXpzMGVnNm1u","fqdn":"kkinstagram.com","domain":"kkinstagram.com","tld":"com"},"ip":{"addr":"172.66.0.96","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-03T00:53:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":11}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-29","alert":"Phishing Block","trigger":"kkinstagram.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-29","alert":"Phishing - Instagram","trigger":"kkinstagram.com/reel/DLWfUsrI0gA/?igsh=ODM5OXpzMGVnNm1u","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-28","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-28","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-29","alert":"Phishing - Instagram","trigger":"kkscript.com","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]},"summary":[{"fqdn":"kkscript.com","ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-15","domain_rank":4478855,"first_seen":"2025-07-06T21:39:57.975307Z","last_seen":"2025-10-28T13:11:04.864882Z","alert_count":5,"request_count":1,"received_data":6343,"sent_data":553,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"kkscript.fra1.cdn.digitaloceanspaces.com","ip":{"addr":"172.64.145.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-23","domain_rank":0,"first_seen":"2025-07-09T23:10:00.285204Z","last_seen":"2025-10-28T13:11:04.845109Z","alert_count":0,"request_count":2,"received_data":7867,"sent_data":961,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-10-26T22:13:34.663946Z","alert_count":0,"request_count":1,"received_data":427786,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kkinstagram.com","ip":{"addr":"172.66.0.96","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-10-06","domain_rank":3558963,"first_seen":"2025-06-06T23:52:17.548763Z","last_seen":"2025-10-27T12:52:19.020109Z","alert_count":7,"request_count":1,"received_data":6424,"sent_data":523,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"362b8ba5e02bac96cbe438fa67f2ccf9","sha1":"311d4dbe0b69893968816549c3614dec40255152","sha256":"7a327d23c171004b02195dbc0c3689b32d57d4304bf2466a65db3ab348cd1527","sha512":"128a53e63ab62a4822b64a4352012e13def6a5c5327dd1ce103175a69595f1915ce8af787101d0398306c2c254a5b456ff5b9c1b959c2db00457e577a775d73c","ssdeep":"","tlshash":"50f005953cdd44248377112927fb91497439652f2c4afc15f94c84812f59ead14fb94c","size":570,"data":"","first_seen":"2025-07-06T21:40:04.264616Z","last_seen":"2026-04-06T22:28:58.168972Z","times_seen":840,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"453c011289650bb49182249b9a0085db","sha1":"ed096c55cf970a1ee9adc33edadd6f7dac45a2c1","sha256":"c7647ede44aa4958ca5a8fbb51b58e61488686afa162e05cd610831ed362a350","sha512":"6b42bd2fb9f3b2c5c07434102219c24020d06456d97d5ef1278fb9a996bbff2dcb3d2fb6f6cdc3d0196e90af3e02e0e5968445319041d2c4c57ffe6d519cf1ad","ssdeep":"","tlshash":"00c08c88220b0c7081ab2e010bbfb204b0063213949199223a4e63044f30e03d78cc14","size":173,"data":"","first_seen":"2025-07-06T21:40:04.265735Z","last_seen":"2026-04-06T22:28:58.169613Z","times_seen":840,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-WLZLVNZBYK","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ee7eaae01ccd4006d9b4e9dd3f68c62f","sha1":"e93f18e9660af5f7cabe24668c8c945db93094ee","sha256":"35d15c891efca253b119e3eaa9df6b9915d821550f6230d32b45d4245befb693","sha512":"96c2b74cd83d37dc2fb51b2bb24e6f352bcb41f63813c742f9b0ad80e38f0cc64809178e5881800084ff309ada5e285e5bc43137e93c2cb464f5db7983dd0429","ssdeep":"6144:hBARJkp15842di5FGqXAC8T36i074GWWB0kiIZ0hQE8oqQfETs:PIJkHf2di5FGqXFK3+7cIZV7A","tlshash":"14941a8e73d674269396f078503f118ba47b29e2b45cc896f189cce42d34a9a4277f7c","size":427182,"data":"","first_seen":"2025-10-29T00:41:04.585697Z","last_seen":"2025-10-29T01:33:21.47275Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0940e350fa1f8fb50a6f1e11ac8f1dff","sha1":"b7f6fa79979e5d9fb7dd0b7bfa64cc49a83002f2","sha256":"c52d0773aef856b5e585a966cababec173cee9e5f6f5a65dcec6072a78167ce2","sha512":"2bdc0fa78ae892cf9acf33164bc4380aa35ec0d909097cd817bc36b7174d3091ed94ab29adf70027613bf2f932ca9c9b761100069b85827977d79c433bca3d98","ssdeep":"","tlshash":"d2311104c8f6083a2d127863eb4b330578e7407f744cc602b55d6b9a2ff2029462d7ed","size":1473,"data":"","first_seen":"2025-10-29T00:53:15.374327Z","last_seen":"2025-10-29T00:53:15.374327Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kkinstagram.com/reel/DLWfUsrI0gA/?igsh=ODM5OXpzMGVnNm1u","fqdn":"kkinstagram.com","domain":"kkinstagram.com","tld":"com"},"ip":{"addr":"172.66.0.96","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-29T00:52:51.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkinstagram.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 09:20:13 GMT","end":"Mon, 05 Jan 2026 10:20:03 GMT"},"fingerprint":{"sha1":"4A:80:7A:EC:C6:E4:BF:96:E4:36:98:B8:36:70:ED:C0:0D:85:FB:45","sha256":"5D:66:FC:51:18:A0:9A:08:C0:60:E0:7D:11:5E:63:91:5D:14:F5:C4:88:F6:72:48:51:4F:17:E2:66:AE:D2:09"}}},"request":{"raw":"GET /reel/DLWfUsrI0gA/?igsh=ODM5OXpzMGVnNm1u HTTP/1.1\r\nHost: kkinstagram.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ndate: Wed, 29 Oct 2025 00:52:51 GMT\r\ncontent-length: 0\r\nlocation: https://kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864\r\ncf-ray: 995eb14fec414c11-OSL\r\nx-do-app-origin: 30abaed5-098b-4f5c-af78-c2864a3dc6bc\r\ncache-control: private\r\nx-do-orig-status: 307\r\ncf-cache-status: MISS\r\nset-cookie: __cf_bm=tv6iG37TCpftaECs10CCnSesZ48raHll_g_rEE9NZFw-1761699171-1.0.1.1-17HecTVV7U803fjc8D9uQVN0wngxCWO__1bOz1u0NKcuxr77lXQqFALCgN91BF4S4PVYh_2S6Rq3p2SN3hPpnFYcRgcBoNsRRLQZkYyR0Ww; path=/; expires=Wed, 29-Oct-25 01:22:51 GMT; domain=.kkinstagram.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":5687,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T05:11:38.109434Z","times_seen":13449631,"resource_available":true,"data":null}},"time_used":171,"timings":{"blocked":45,"dns":21,"connect":1,"send":0,"wait":79,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-29","alert":"Phishing Block","trigger":"kkinstagram.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-29","alert":"Phishing - Instagram","trigger":"kkinstagram.com/reel/DLWfUsrI0gA/?igsh=ODM5OXpzMGVnNm1u","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkinstagram.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","fqdn":"kkscript.com","domain":"kkscript.com","tld":"com"},"ip":{"addr":"162.159.140.98","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-29T00:52:51.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kkscript.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 09 Oct 2025 15:52:39 GMT","end":"Wed, 07 Jan 2026 16:52:33 GMT"},"fingerprint":{"sha1":"02:20:FE:FC:7B:ED:27:7A:9F:2C:78:49:86:27:C8:B3:4F:9E:45:9D","sha256":"01:29:F4:5E:70:90:42:2F:3C:E7:8D:24:C4:B0:4B:C4:E6:76:E2:4A:F4:50:37:9D:34:FC:6A:3C:98:E6:7D:6C"}}},"request":{"raw":"GET /post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864 HTTP/1.1\r\nHost: kkscript.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 29 Oct 2025 00:52:52 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: br\r\nx-do-app-origin: 30abaed5-098b-4f5c-af78-c2864a3dc6bc\r\ncache-control: private\r\nx-do-orig-status: 200\r\ncf-cache-status: MISS\r\nset-cookie: __cf_bm=EYvKc7EnCWnfbaFYnv.wztgsZhnS4caawgQbKEMosZI-1761699172-1.0.1.1-DbvvDNmiol4pjHjn0ruQhfiF2EzJPnFNT.f4WtlcKGlaVPHGaKj7Whnv3Uhozr7SJxPUiZN4d2no9kf7rf3NRIPjU_km.w.kd7vZ.Ql6aro; path=/; expires=Wed, 29-Oct-25 01:22:52 GMT; domain=.kkscript.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 995eb150a8600883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":5687,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (693)","md5":"5bc889e7b10039b44f2b2d4bef2bbe5d","sha1":"2fd951777f5443c757bc38c75b84dc853f856478","sha256":"759e882050d7c50acf90e9982120007ba1f3bedc637051263e1a10e1e970ac9a","sha512":"228c9019a0c3629872c01022886be36b0925c96a0b81990daac3193ece281592d0e4177d4a046c192336ad19f704fda063d07def20bc4766f6cca185e21e340c","ssdeep":"96:yM5Siil7upaJ2cbjfzJ6Y09FNnzf5t1eE0qNboxnqMQ:4vypaJ2GfzJ901hbeJqhoxnk","tlshash":"88c1f6825ceb48273912e065ebf7770d3192903fa409cc15b9ddb3e0afc2a294c6769c","first_seen":"2025-10-29T00:53:15.362622Z","last_seen":"2025-10-29T00:53:15.362622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":35,"dns":1,"connect":6,"send":0,"wait":115,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-28","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-28","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-29","alert":"Phishing - Instagram","trigger":"kkscript.com","verdict":"phishing","severity":"medium","comment":"Instagram","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-29","alert":"Sinkholed","trigger":"kkscript.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Instagram","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Instagram phishing","tags":["instagram","meta","social","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"kkscript.fra1.cdn.digitaloceanspaces.com/static/favicon/apple-touch-icon.png","fqdn":"kkscript.fra1.cdn.digitaloceanspaces.com","domain":"fra1.cdn.digitaloceanspaces.com","tld":"cdn.digitaloceanspaces.com"},"ip":{"addr":"172.64.145.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","date":"2025-10-29T00:52:52.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.fra1.cdn.digitaloceanspaces.com","organization":"DigitalOcean, LLC"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Jun 2025 00:00:00 GMT","end":"Tue, 23 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"39:20:05:68:4C:6F:AB:62:96:2C:FD:44:12:DF:FC:CB:E9:C7:5E:85","sha256":"77:08:F4:2E:1B:90:B0:FF:B1:BD:EF:BB:DE:AA:58:75:EF:34:A5:86:6F:75:34:58:F0:C6:68:08:DE:FA:E4:8F"}}},"request":{"raw":"GET /static/favicon/apple-touch-icon.png HTTP/1.1\r\nHost: kkscript.fra1.cdn.digitaloceanspaces.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkscript.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 29 Oct 2025 00:52:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 5503\r\ncf-ray: 995eb153f87356c3-OSL\r\nlast-modified: Wed, 09 Jul 2025 18:25:19 GMT\r\nx-rgw-object-type: Normal\r\netag: \"d0aae417f6f63cca86cdd613299dab07\"\r\nx-amz-request-id: tx000001e5bbb4a375ba3d3-00687e1311-d6c65f2-fra1c\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-do-cdn-uuid: 228be3f8-843c-4d71-8527-3bacdc3a18c2\r\ncache-control: max-age=3600\r\ncf-cache-status: HIT\r\nage: 3239\r\naccept-ranges: bytes\r\nset-cookie: __cf_bm=rldiM1a2E56LNzgCdWlxS0SsZn4fTTOIthDbSfFgSv4-1761699172-1.0.1.1-CG9NrWZoS8Ixk66wefazgRWE4hIT4C1IaxHfy_nV7jBY4T5WZy2QPCSOeeHk45VIGm.ocq.AIP72wgpBVqQgDyd3YxXuqGXbnYc4wIhMEKw; path=/; expires=Wed, 29-Oct-25 01:22:52 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"d0aae417f6f63cca86cdd613299dab07","sha1":"e3d13c88c2a3ba7ee30527af2f480fab91473b72","sha256":"8267683e39ca97783c8792e6e58847e4ff8149e59c1bff6fd9fdeca9e56c3576","sha512":"457f539ad911c6a743d00e4c48211642e116d98b82c3f1e3b35f296d95274d07977f5aa46e2c7a2a2f9c1b3970c1190bbe3c444afb6af2b3a063fb865ef67a2f","ssdeep":"96:J/lp4Jw4geq4ZgV/EEVb2sB3cWgy6x+yn2AmrG5yGlR2JhrkTSwNKCDFIDz:JP4JKeZFMysBdgLx32Vyk4Sw8CDFIX","tlshash":"53b16d22c2578ccccf3361d4156587fd25456e395a87c1e4098dbb4480b6d2af498ffa","first_seen":"2025-07-06T21:40:04.258888Z","last_seen":"2026-04-06T22:28:58.164071Z","times_seen":845,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":24,"connect":1,"send":0,"wait":16,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-WLZLVNZBYK","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","date":"2025-10-29T00:52:52.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:32:12 GMT","end":"Wed, 24 Dec 2025 14:32:11 GMT"},"fingerprint":{"sha1":"C1:75:0D:E5:E8:4D:AC:7F:C9:7A:40:D5:6C:2B:22:CE:ED:8F:6D:BB","sha256":"63:AB:E3:89:62:5A:B4:D8:9D:D3:5C:77:AE:75:C5:DE:49:CE:BA:43:6B:22:49:EF:48:59:47:A7:0E:75:FF:C2"}}},"request":{"raw":"GET /gtag/js?id=G-WLZLVNZBYK HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkscript.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 29 Oct 2025 00:52:52 GMT\r\nexpires: Wed, 29 Oct 2025 00:52:52 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 142050\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":427182,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"ee7eaae01ccd4006d9b4e9dd3f68c62f","sha1":"e93f18e9660af5f7cabe24668c8c945db93094ee","sha256":"35d15c891efca253b119e3eaa9df6b9915d821550f6230d32b45d4245befb693","sha512":"96c2b74cd83d37dc2fb51b2bb24e6f352bcb41f63813c742f9b0ad80e38f0cc64809178e5881800084ff309ada5e285e5bc43137e93c2cb464f5db7983dd0429","ssdeep":"6144:hBARJkp15842di5FGqXAC8T36i074GWWB0kiIZ0hQE8oqQfETs:PIJkHf2di5FGqXFK3+7cIZV7A","tlshash":"14941a8e73d674269396f078503f118ba47b29e2b45cc896f189cce42d34a9a4277f7c","first_seen":"2025-10-29T00:41:04.585697Z","last_seen":"2025-10-29T01:33:21.47275Z","times_seen":5,"resource_available":true,"data":null}},"time_used":660,"timings":{"blocked":259,"dns":2,"connect":15,"send":0,"wait":52,"receive":68,"ssl":259},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kkscript.fra1.cdn.digitaloceanspaces.com/static/favicon/favicon-16x16.png","fqdn":"kkscript.fra1.cdn.digitaloceanspaces.com","domain":"fra1.cdn.digitaloceanspaces.com","tld":"cdn.digitaloceanspaces.com"},"ip":{"addr":"172.64.145.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kkscript.com/post?target=instagram\u0026shortcode=DLWfUsrI0gA\u0026media_id=3663253108712228864","date":"2025-10-29T00:52:52.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.fra1.cdn.digitaloceanspaces.com","organization":"DigitalOcean, LLC"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Jun 2025 00:00:00 GMT","end":"Tue, 23 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"39:20:05:68:4C:6F:AB:62:96:2C:FD:44:12:DF:FC:CB:E9:C7:5E:85","sha256":"77:08:F4:2E:1B:90:B0:FF:B1:BD:EF:BB:DE:AA:58:75:EF:34:A5:86:6F:75:34:58:F0:C6:68:08:DE:FA:E4:8F"}}},"request":{"raw":"GET /static/favicon/favicon-16x16.png HTTP/1.1\r\nHost: kkscript.fra1.cdn.digitaloceanspaces.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kkscript.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 29 Oct 2025 00:52:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 445\r\ncf-ray: 995eb153f87456c3-OSL\r\nlast-modified: Wed, 09 Jul 2025 18:25:19 GMT\r\nx-rgw-object-type: Normal\r\netag: \"ae61a0713a6268d01012e1600f97d91e\"\r\nx-amz-request-id: tx000009a6db15ac5793f40-00687e1313-d6c65f2-fra1c\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-do-cdn-uuid: 228be3f8-843c-4d71-8527-3bacdc3a18c2\r\ncache-control: max-age=3600\r\ncf-cache-status: HIT\r\nage: 3297\r\naccept-ranges: bytes\r\nset-cookie: __cf_bm=HdjIfS.LcfB5aTUdLaK8mcr3fcxwF5JGfyGZGcx273Y-1761699172-1.0.1.1-pMOFtjA3pDk_4rTp8AwGiwaevnIGxH.iVn9J2SkIkg.EHr4KK8hxuk2mxMVlEbCZXyphKJHcpKpyJ2euG4ASkY1WrdgmjDeGmc98BdS9hwo; path=/; expires=Wed, 29-Oct-25 01:22:52 GMT; domain=.digitaloceanspaces.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"ae61a0713a6268d01012e1600f97d91e","sha1":"f45ba85e2da45d1b3079766521a8aa33bdf13685","sha256":"2506454af56045f30aa025926e1cddf664264779d8565a1ea93bc7141452c3be","sha512":"02e2854b1cbe7d7a1ce89f2c607fc6f958f1ae33ac449d45d23edf3ddcd08b672c4d3a1a4e96184afd7a54179cb4370f166f9285725903636541f53a31587e9d","ssdeep":"","tlshash":"78f02be2f695087e4d1950d79c91d10af557041ca4c16098104bf3973d5f76345788c5","first_seen":"2025-07-06T21:40:04.247775Z","last_seen":"2026-04-06T22:28:58.165725Z","times_seen":845,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":21,"connect":3,"send":0,"wait":14,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}