If you believe you have a legitimate penetration testing contract, please refer to Instagram’s official bug bounty program (through Meta Whitehat).