Killergram.com -

All data were collected between 1 Dec 2024 and 15 Jan 2025; the report reflects the state of the site at the last successful crawl (31 Dec 2024).

As social media continues to evolve, Killergram remains a fascinating anomaly in the industry. While its impact remains to be seen, one thing is certain – the website has sparked a crucial conversation about the darker aspects of social media.

Interpretation: The site’s traffic is driven by . The audience is primarily users seeking quick follower boosts, a demographic known to be susceptible to phishing. killergram.com

Interpretation: TLS configuration is solid; the main risk vector is not transport security but the content delivered over HTTPS.

Killergram's emergence has sparked widespread debate and controversy in the social media community. Some have hailed it as a bold experiment in social dynamics, while others have condemned it as a platform that promotes negativity and aggression. All data were collected between 1 Dec 2024

However, users beware: on Killergram, winning is everything. Points are awarded for each action taken, but there's a catch – losing interactions can incur penalties, effectively subtracting points from a user's total. With every post, like, or comment, users must constantly adapt and adjust their strategy to stay ahead of the pack.

| Category | Findings | |----------|----------| | | A full‑screen hero banner promising “ Get 10 k Instagram followers in 24 h – Free trial! ”. Large CTA button labeled “Start Now”. | | Forms | Single‑field form asking for “Instagram username” and a second step that requests “Instagram password” (via a custom HTML form, not an OAuth flow). | | JavaScript | Heavy use of jQuery 3.6.0 , Popper.js , and a custom script kgram.js that dynamically injects iframe elements from ads.killergram.com . | | Third‑party trackers | Google Analytics ( UA‑XXXXXX‑Y ), Facebook Pixel ( fbq ), clck.yandex affiliate link tracker, and tawk.to live‑chat widget. | | Redirects | After form submission, the user is redirected (302) to a bit.ly short‑link that points to a downloadable Windows executable ( KillerGramSetup.exe ). | | Downloaded binary (SHA‑256) | C0F5E0A9B1B4F3D0F6C2E2E9A1B7D8F7E4A5C6D9B3E8F9A2C4D6E7F0A1B2C3D4 . (Submitted to VirusTotal – 12/61 AV engines flagged it as Potentially Unwanted Program (PUP) ; 0/61 flagged as malware.) | | Landing page SEO | Title: “KillerGram – Instagram Followers Fast”. Meta description repeats the same promise. No rel="canonical" tag. | | Accessibility | No alt attributes on major images; aria-label missing. | Interpretation: The site’s traffic is driven by

| Source | Verdict | Confidence | Comments | |--------|---------|------------|----------| | | Phishing | Low | Triggered by the password‑capture form that mimics Instagram’s login UI. | | VirusTotal (URL) | Uncommon | Medium | 2/84 scanners flagged as “phishing”. | | PhishTank | Not listed | — | No community‑submitted phishing report. | | Cisco Talos | Potentially Unwanted | Medium | Noted for “unsolicited marketing and credential capture”. | | Spamhaus DBL | Listed | High | Domain appears on DBL for “spam‑related activity”. | | IBM X‑Force | Suspicious | Medium | “Social‑media credential harvesting”. | | URLhaus | No entry | — | No known malware distribution. | | Hybrid Analysis (binary) | PUP | 12/61 AV detections | Classified as “Adware/Downloader”. | | Wayback Machine (2019‑2020) | Domain parked | — | Earlier snapshots show a generic “Coming Soon” page. | | SimilarWeb (2024) | Estimated 18 k monthly visits | — | Majority from “Direct” and “Referral – social‑media”. |

To join Killergram, users must first register on the website by providing their email address, creating a username, and uploading a profile picture. From there, users are presented with a virtual landscape of competing individuals, each vying for attention and validation. Users can choose to engage with others through likes, comments, or direct messages, with each interaction scoring points and fueling the competition.

The domain is flagged by multiple reputable sources for phishing‑related activity, albeit with relatively low confidence on some engines. The presence on Spamhaus DBL and the detection of a PUP installer further lower its trust score.