Security researcher Travis Knapp-Prasek discovered Instagram's internal URL blacklist while examining a jailbroken iPhone 6s. The database contained 4,629 blocked URLs categorized under four cybersecurity violation types, with the majority flagged as phishing attempts from foreign origin actors. This finding reveals how Instagram actively monitors and blocks potentially harmful links shared within its platform.

Most blocked URLs used popular link shorteners, with Twitter's t.co domain appearing most frequently at 1,571 entries. Other common domains included tinyurl.com, is.gd, and bit.ly. The researcher noted that many blocked links redirected through these services, suggesting Instagram's system targets the redirect chain rather than just the final destination. This approach helps catch malicious links that might otherwise bypass basic domain blocking.

One particularly interesting finding was the domain s.mkswft.com.storage.googleapis.com, which led to a fake virus page using a Google logo. Attempting to visit these blocked URLs triggered multiple security warnings within Instagram's webview. The researcher demonstrated that bypassing these warnings could lead users to malicious content designed to appear legitimate, potentially tricking users into downloading harmful applications from the App Store. This discovery highlights the ongoing battle between social platforms and malicious actors who exploit link shorteners to distribute phishing content.