[Debunking] Want to know how and how far does IG Crawl?

In an effort to find out how, and how far does IG crawl, I was utterly surprised. Even though IG is supposedly using FB as backbone, i thought just plugging it to /debugger will solve my so called trick to redirect the users and leave the bot in place.

Here’s what it did :

So what happened was, we know that FB does not parse javascript and there is absolutely no need to do that. I’ve used the debugger many times to confirm. So i set up a javascript redirect for an IG landing page, and in the middle i put a website that can log useragent and IP. https://grabify.link

To my surprise, they used a bot that’s a PC that visits the links and since it’s a real browser emulation, it can read javascript as well. (F**k Me, because i used my actual LP at the end of the redir chain.)

Prior to that, I mentioned a few times elsewhere that they are using a real browser to crawl, to the point i’m even suspecting they have a real human behind it visiting my links and using the site. That was most likely a co-incidednce since i am running the ads, but every link i post up, someone visits it and has a real mouse moving. Using hotjar, https://www.hotjar.com/tour you can see a human-like behaviour which is mindblowing.

I’m going to do a further test and see what the hell are they doing. I forgot to set up the site to track things using hotjar, but i’ll do that again soon with a dummy site. Lets hope my site didn’t get blacklisted. Damn shiet.


Human like movement…They have Billions at their disposal, and some crafty programs, wouldn’t be shocked that it can emulate a human movement…

That being said, nice post! Way to dog in to it!

Fixed the image, as for the post itself, interesting finding, now if only the people using bit.ly to hide their link would read this… :smiley:

1 Like

What exactly do you mean by mentioning bitly. Some people use it for hiding their links I use bizly only in purpose of following how many click I got to my main link.

As for the instagram I don’t think people get banned becouse of the bitly . I think they get banned becouse of the for example raw CPA link under the bitly. But if you have good domain wich is under bitly you will be just fine.

Anyways awesome thread. I’m curious just as you about this matter

Wow! Very interesting indeed…

I mean that there are many people that believe that by using bit.ly with their link they are completely hidden and Ig can’t see what they are doing, and after that they wonder why all accounts got closed…

1 Like

Great post @dddd! Thanks for taking your time for this.
I am not sure what to think, though. Let’s wait for further results.

I guess now we know the real reason they won’t fix the hashtag issue, because they’ve put everyone on profile link clicking duty :joy:


Amazing! I was reading and wondering if you used some real time analytics until I saw Hotjar, very well thought! Lets see how far we can reach with this :punch::wink:

What issue are you talking about? :stuck_out_tongue_closed_eyes:

1 Like

Thanks mate :smile_cat:

it comes from safari , cant we just block safari as a useragent ?

You can also block ALL users and solve your problem that way :slight_smile: Blocking safari will block the entire Apple population so I don’t think it’s a good idea.

Yea lol i got it later. Srry android user

Hey @dddd
Do we have an update on this experiment?

I just did a hotjar test, but it’s always a hit or miss. It’s either they did not track me or that tracking is not 100%. And they only do it once.

I’ll need to keep changing links to see if it tracks.

A few things came to mind it’s either one of it :

  • no user is behind it (unless i’m running ads for that domain)
  • no user is behind it (i’m just deluded)
  • they don’t check every website (some authority ones like tumblr is excluded)
  • tracking is not 100% (due to tracker not firing)


Did it on 2 domains, no user is recorded. So it’s either i was running ads at that time, or just deluded. But what remains is just their capability to parse js, so using js to redirect is out of the question. Good news though, you can use it with FB.

In order to properly cloak, you will need IP based cloaker, as of now, the IP will 99% of the time point to FB.

Someone mentioned using js cloaker to cloak based on browser size, though i don’t see how that’s even a thing. They have desktop and mobile useragent, so any identifier will not work.

There is one more thing, you can use a bait and switch method. But that will not be discussed in public for obvious reasons.

That’s it for now.

1 Like