SafeMode - Analysis: instagram-1ogin.duckdns.org

Visual Capture

Screenshot of instagram-1ogin.duckdns.org

Detection Info

https://instagram-1ogin.duckdns.org/

Detected Brand

Instagram

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

cb215277-7ef…

Analyzed

2026-05-22 22:21

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T149830810E10109381B7F4AF5F056979FE39A6D4EB72229B4F938A3E3558BB14DBBB410
CONTENT ssdeep	1536:esYMhAao7q6Huo5Uajisp74n3OXE+GnIWnIjiD99jifUAaiqgckkcEkDdanRsHDa:eSAao7q6HuRajispMn3OXE+GnIWnIjiN

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c7a638f1c41ec731
VISUAL aHash	0003377372320000
VISUAL dHash	4ee44cc6c6ce2d50
VISUAL wHash	0737377777770400
VISUAL colorHash	38600008080
VISUAL cropResistant	c9ccce8e19b1a4f0,4ee44cc6c6ce2d50

Code Analysis

Risk Score 50/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🎯 Kit Endpoints

/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=pt-br
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=sv
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=uk
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=si
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=bg
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ko
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=fi
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=sk
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=gu
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=mr
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ta
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ro
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=es
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=en-gb
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=sw-ke
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=he
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=it
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=cs
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=de
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ms
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=id
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=fr-ca
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=th
/api/cdn-proxy/https/about.instagram.com/blog/
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=fa
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=hu
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=zh-tw
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=om-et
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=zh-cn
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=te
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=tl
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=af
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=pa
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=nb
/api/cdn-proxy/https/www.instagram.com/accounts/login/
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=pt
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=fr
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ru
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=tr
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=hi
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=am-et
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=kn
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=el
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=zh-hk
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ha-ng
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ml
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=vi
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ur
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=nl
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=da
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=pl
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=en
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=sr
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ne
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=bn
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ar
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=ja
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=hr
/api/cdn-proxy/https/www.instagram.com/accounts/login/?hl=es-la

📡 API Calls Detected

/api/submit/

📊 Risk Score Breakdown

Total Risk Score

70/100

Contributing Factors

Active Phishing Kit

Detected kit types: Credential Harvester

Credential Harvesting

Credential harvesting detected with 1 form(s) capturing sensitive data

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

Instagram users

Attack Method

credential harvesting forms

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester

🏢 Brand Impersonation Analysis

Impersonated Brand

Instagram

Official Website

https://www.instagram.com

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: Client-Side Form Interception

JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.