ScamLens analyzed ig.do using 90+ threat intelligence sources and assigned a trust score of 80/100, classifying it as safe.
Trust Score: 80/100
Risk Level: Trusted
This result is still in the investigation range, so the domain alone is not enough for a decision. The next step is to cross-check the email, phone number, company identity, and scenario.
Quick Answer
This result is still in the investigation range, so the domain alone is not enough for a decision. The next step is to cross-check the email, phone number, company identity, and scenario.
Positive Signals
- + Google Safe Browsing: Safe
- + Valid SSL certificate
- + HTTPS encryption supported
Concerns
- - 2 security sources flagged as suspicious
- - Cross-domain redirect detected
Score Breakdown
Was this assessment accurate?
ig.do looks legitimate
No threat feeds have flagged this domain. Use standard online-safety habits.
- Bookmark the official URLScammers often clone legitimate brands at look-alike domains. A saved bookmark protects you from typos.
- Watch for unexpected payment requestsEven legitimate sites can be hijacked. Treat unsolicited 'urgent payment' prompts as suspicious.
- Verify HTTPS + the exact spellingConfirm the lock icon, and inspect the domain letter-by-letter before entering passwords or card details.
Trust but verify — open this domain on unrelated security services and compare the verdict.
AI Risk Assessment
SafeWhat matters right now
This is the easiest range to misread. Do not rely on the domain alone. Cross-check the email, phone number, company identity, and transaction context together.
ig.do presents a high-risk profile due to confirmed phishing activity. Two authoritative threat intelligence feeds—openphish and phishing_army—have flagged this domain as phishing 2, indicating active malicious use. While Google Safe Browsing is currently clean 1 and 25 of 27 threat feeds responded clean 3, the dual phishing designations from specialized anti-phishing services represent strong evidence of fraudulent intent. The .do TLD carries low abuse risk 4, which does not mitigate the direct phishing signals. No community reports are available yet 2, but the threat feed consensus strongly suggests this domain is actively used for phishing attacks, likely impersonating Instagram or another service given the 'ig' prefix. The presence of SSL and security headers does not override the phishing designation.
Recommendation
Avoid visiting or interacting with this domain. Do not enter credentials, personal information, or financial data. If you received this link in an email or message, report it to the platform and your email provider. Monitor accounts for unauthorized access. Consider this domain unsafe until phishing flags are cleared by authoritative sources 2.
Sources
- Threat intelligence feeds (2 flagged)Threat intel
openphish (phishing); phishing_army (phishing)
- 25/27 threat feeds responded cleanThreat intel
- TLD risk classification: .do (low risk)Analysis
Based on APWG / Spamhaus / Interisle 2024 abuse rankings
Powered by ScamLens AI· Check sources to verify important claims
Threat-intelligence sources
Checked across 27 sources — 2 flagged this domain
Show source breakdown
Threat-intelligence sources
Checked across 27 sources — 2 flagged this domain
- safe_browsing clean
- urlhaus clean
- cloudflare_radar clean
- cert_transparency clean
- alienvault_otx clean
- phishstats clean
- virustotal clean
- ipqs clean
- abuseipdb clean
- securitytrails clean
- phishdestroy clean
- threatfox clean
- shodan_internetdb clean
- phishtank clean
- urlscan clean
- rdap clean
- maltiverse clean
- dns_security clean
- wanted_domains clean
- darkweb clean
- openphish flagged
- phishing_army flagged
- scam_blocklist clean
- maltrail clean
- crypto_scam_feed clean
- hagezi_tif clean
- red_flag_domains clean
ScamLens aggregates real-time signals from 90+ commercial and open-source threat-intelligence providers including Google Safe Browsing, VirusTotal, PhishTank, URLhaus, ThreatFox, Cloudflare Radar, OTX, IPQS, GoPlus, Honeypot.is, and more. A flagged signal is evidence; the absence of flags is not proof of safety. Use the signals below alongside community reports to decide.
Advanced Scan
Comprehensive data lookup across premium sources
- Website history verification
- Detailed WHOIS information
- Reverse WHOIS association
- Traffic rank analysis
- Company registration check
AI Deep Investigation
Cross-check the story, claims, and supporting evidence before you decide
- Everything in Advanced Scan
- AI website content analysis
- AI cross-reference verification
- Claim authenticity validation
- Detailed report with evidence
Comprehensive Investigation
Full-spectrum investigation with company deep search & social intelligence
- Everything in Deep Investigation
- AI company background search
- Social media intelligence
- Detailed suspicious point analysis
- Event timeline & entity connections
This analysis is for informational purposes only and does not constitute a legal determination.
Security Sources
Domain Information
- DNSSEC
- Disabled
SSL/TLS Certificate
- Issuer
- C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA DV E36
- Valid From
- May 9, 2026
- Valid To
- August 7, 2026
- Status
- Valid
Redirect Chain
1 hopCross-domain redirect detected
This domain redirects to a different domain. This is commonly used by phishing sites to evade detection.
ig.do → like.do
ig.do
Status: 302Final destination
like.do
Server Information
- IP Address
- 216.198.79.1
- Hosting Provider
- Network Billing Systems
- ASN
- AS16509 Amazon.com, Inc.
- Server Location
- Atlanta, United States
- Organization
- Lefkoff Industries
Related Intelligence
Technical Details (DNS / Headers / Subdomains)
DNS Records
Email Security
SPF Configured DMARC Configured| Type | Value |
|---|---|
| A | 216.198.79.1 |
| MX | 52 route1.mx.cloudflare.net |
| MX | 54 route2.mx.cloudflare.net |
| MX | 93 route3.mx.cloudflare.net |
| NS | harleigh.ns.cloudflare.com |
| NS | newt.ns.cloudflare.com |
| TXT | brevo-code:b078a9d61dc0e4e37cd2711c90626d6b |
| TXT | v=spf1 include:_spf.mx.cloudflare.net ~all |
HTTP Security Headers
1/6max-age=63072000
Channels / Subdomains
23 subdomains found| Subdomain | Title |
|---|---|
| chart.ig.do | - |
| visual.ig.do | - |
| metric.ig.do | - |
| bi.ig.do | - |
| reports.ig.do | - |
| reporting.ig.do | - |
| www.admin.ig.do | - |
| analytic.ig.do | - |
| o.ig.do | - |
| report.ig.do | - |
| m.ig.do | - |
| www.ig.do | - |
| www.localhost.chat.login.ig.do | - |
| localhost.chat.login.ig.do | - |
| ns2.chat.login.ig.do | - |
| bhejeodo.ig.do | - |
| do.ig.do | - |
| www1.ig.do | - |
| www.www1.ig.do | - |
| admin.ig.do | - |
| chat.login.ig.do | - |
| login.ig.do | - |
| saladin-odoo.ig.do | - |
Community Reports
Log in to report and share your experience
Continue Investigating
The result is still in the investigation range. Cross-check the email, phone, and entity data next
Medium-risk domains are easiest to misread when you only check one signal. The decision gets more reliable once you cross-check the email, phone number, company identity, and business scenario together.
Recommended First
Analyze the related email or invoice
Confirm whether the billing notice, restriction alert, or support email actually matches the site.
Check the company or seller identity
Compare the domain against the company identity, merchant profile, or hiring details.
Check the related phone number
If the actor wants a callback, phone verification, or one-time code readout, verify that number next.
Open the matching scenario guide
If the case involves investing, shopping, or recovery services, verify it through the matching scenario guide.
The results are based on multiple third-party data sources and AI models. False positives or negatives may occur. This report should not be used as the sole basis for any decision. Please verify with additional sources.
Verify the related evidence objects first
Medium-risk cases are easiest to misread when you only check one signal. Verify the email, phone, and entity before deciding whether to report or stop the transaction.
If you already paid or exposed account access, skip the investigation loop and move into the action plan.
Related Security Guides
Learn more about how to protect yourself from this type of threat.
Understanding this threat
FAQ
Is ig.do safe to visit?
ig.do received a trust score of 80/100 from ScamLens, based on analysis of 30+ threat intelligence sources. No significant threats were detected. The site appears safe and trustworthy.
Was ig.do flagged by any threat databases?
ig.do was flagged by 2 out of 30+ threat intelligence sources. Specifically flagged by: openphish, phishing_army. The detected threat categories include: general threat.
How old is ig.do?
Registration date information for ig.do is not publicly available through WHOIS records, which can itself be a risk indicator.
Does ig.do use HTTPS and have a valid SSL certificate?
ig.do uses an SSL certificate issued by C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA DV E36, valid until August 7, 2026. The certificate is from a commercial certificate authority, which provides a higher level of validation.
What security headers does ig.do implement?
ig.do is missing important security headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, Referrer-Policy, Permissions-Policy. Missing security headers can leave visitors vulnerable to cross-site scripting (XSS) and other web-based attacks.
What does the ScamLens community think about ig.do?
No community votes or reports have been submitted for ig.do yet. You can be the first to share your experience.
Where is ig.do hosted?
ig.do is hosted by Network Billing Systems in Atlanta, United States (ASN: ASAS16509 Amazon.com, Inc.).
What should I do about ig.do?
Avoid visiting or interacting with this domain. Do not enter credentials, personal information, or financial data. If you received this link in an email or message, report it to the platform and your email provider. Monitor accounts for unauthorized access. Consider this domain unsafe until phishing flags are cleared by authoritative sources [2].
Is this report useful?
Use this report to prompt others to keep cross-checking the email, phone number, and entity details instead of clearing it too early.
Forward to your parents — they deserve to browse safely too.
About this analysis
This report is generated from real-time data across 90+ threat intelligence sources, combined with AI analysis and community feedback.
Learn about our scoring methodology | Last analyzed: June 23, 2026