Hacker News · Feb 13, 2026 · Collected from RSS
Article URL: https://medium.com/@shredlife/instagrams-url-blackhole-c1733e081664 Comments URL: https://news.ycombinator.com/item?id=47004689 Points: 278 # Comments: 44
2 min read1 day ago--While exploring the file system on a jailbroken iPhone 6s, I stumbled upon an interesting folder:/var/mobile/Containers/Data/Application/5FEABFA4–7F9E-4DB7–9254-CB4C6C3F9A3A/Library/Application Support/{{InstagramUserId}}/com.instagram.IGDWellBeingDatabase/Inside of this folder there was an SQLite database that included a “url_blackhole” table with 4629 entries.There are were a total of 4629 unique url_chunks classified under 4 violation types:CYBERSECURITY_PHISHING_FOA (likely Foreign Origin Actor) — 4370 url_chunksCYBERSECURITY_GREYWARE_OR_SPYWARE — 239 url_chunksCYBERSECURITY_UNCATEGORIZED — 13 url_chunksPHISHING — 7 url_chunksAttempting to visit any of these urls inside of Instagram, such as by clicking on the link in a direct message, presented multiple warnings:The most common top level domain used for these urls is t.co, the url shortener created by Twitter, and still used by X.Top Domains by Volumet.co — 1571tinyurl.com — 179is.gd — 170tr.ee — 108linktr.ee — 101shorten.is — 71shorturl.at — 64shorten.ee — 56bit.ly — 52cutt.ly — 48goo.su — 45s.mkswft.com.storage.googleapis.com — 41pagina.pro — 31bom.so — 28cdn.videy.co — 26Most were url redirectors, but for some reason s.mkswft.com.storage.googleapis.com stuck out to me.Most of the links using that route were no longer working, but at least one was currently active:hxxps://s.mkswft.com.storage.googleapis.com/RmlsZTplNmVlMGEzNy0zOGM5LTRjNzAtOWM4Zi1kNjJiN2NkYTBlYTA=/vvvvcccccc.XMLTrying to visit this link inside Instagram failed as the site’s security certificate was invalid. The webview browser and the external phone browser both threw certificate errors. I did the safe thing of bypassing those errors and landed at a fake virus page with a Google logo (hence the use of storage.googleapis.com).Clicking repair will then take you to a live app in the Apple App store.The next step would be downloading that app and reverse engineering it on a completely wiped jailbroken device that is running on a guest wifi network. I’ll have to save that research for another day.