{
  "website": "*.instagram.com",
  "tags": [
    "Phishing",
    "C&C"
  ],
  "service_provider": "Facebook",
  "phishing": "Attackers can use the l.instagram.com subdomain to redirect users to an external URL. Although Instagram scans the URL (which can be bypassed by using a URL shortening service) and includes a time-based token to reduce the chances of abuse.",
  "command_and_control": "The Instagram API can be used to make Instagram a C&C server. An open source tool \"Social-media-c2\" uses the like functionality on Instagram to send commands to infected machines.",
  "exfiltration": "None",
  "download": "None",
  "sample_url": "",
  "created": "2021-11-13",
  "last_update": "2021-11-13",
  "credits": "@TalenceSecurity, @mattnotmax",
  "detail_path": "/site/2a2e696e7374616772616d2e636f6d",
  "detail_slug": "2a2e696e7374616772616d2e636f6d",
  "detail_url": "https://lots-project.com/site/2a2e696e7374616772616d2e636f6d",
  "scraped_at": "2026-06-16T11:57:59Z"
}