whatapp.com.njrkpg.sbs
Open in
urlscan Pro
2606:4700:3031::ac43:b983
Malicious Activity!
Public Scan
Submission: On March 20 via api from US — Scanned from US
Summary
This is the only time whatapp.com.njrkpg.sbs was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 2606:4700:303... 2606:4700:3031::ac43:b983 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
njrkpg.sbs
whatapp.com.njrkpg.sbs |
400 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
14 | whatapp.com.njrkpg.sbs |
whatapp.com.njrkpg.sbs
|
15 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://whatapp.com.njrkpg.sbs/index.html
Frame ID: CA891A116A3FEA46740A0E0DE8AD577A
Requests: 16 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
whatapp.com.njrkpg.sbs/ |
31 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylex.css
whatapp.com.njrkpg.sbs/ |
208 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
whatapp.com.njrkpg.sbs/ |
216 KB 69 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-ac19029f.js
whatapp.com.njrkpg.sbs/assets/ |
138 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-be4b5325.css
whatapp.com.njrkpg.sbs/assets/ |
16 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-632dff2c.js
whatapp.com.njrkpg.sbs/assets/ |
265 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-2ff15f7d.css
whatapp.com.njrkpg.sbs/assets/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
af.svg
whatapp.com.njrkpg.sbs/nation/ |
21 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-video.png
whatapp.com.njrkpg.sbs/img/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
whatsapp-webclient-login.mp4
whatapp.com.njrkpg.sbs/ |
46 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
en-50ec4f03.js
whatapp.com.njrkpg.sbs/assets/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
whatsapp-webclient-login.mp4
whatapp.com.njrkpg.sbs/ |
80 KB 80 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
whatsapp-webclient-login.mp4
whatapp.com.njrkpg.sbs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
whatsapp-webclient-login.mp4
whatapp.com.njrkpg.sbs/ |
16 KB 16 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
whatsapp-webclient-login.mp4
whatapp.com.njrkpg.sbs/ |
67 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- whatapp.com.njrkpg.sbs
- URL
- http://whatapp.com.njrkpg.sbs/whatsapp-webclient-login.mp4
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme object| __VUE_INSTANCE_SETTERS__ boolean| __INTLIFY_PROD_DEVTOOLS__ boolean| __VUE_I18N_FULL_INSTALL__ boolean| __VUE_I18N_LEGACY_API__ boolean| __VUE__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
whatapp.com.njrkpg.sbs
whatapp.com.njrkpg.sbs
2606:4700:3031::ac43:b983
0ab887cbc038205f00894e1c7857ececb10bd44fbda466b4244e1d8f44079173
11ef3e3f90a5990e6e32244ed29cb274931dc6580943ca4b9ddb598c09d1dae2
210dcafa9ad9ebf85185530919e6d85e90dd81ee91f54128699eac4d02f4e641
2b1b60640082e571b45072387440ec19f050929d1bf921d33a02a0eabdcc7e4e
4fbf4caf9fff6d1f2b6348950a8f5cfd9fbb52c95a85bd3b8986dd5dc5aa2633
5dc80e777bfc39e7c71879017fbca0a02c3093a2f58715ea81326d06b4b30b2e
63e98afaa5b17a6c1a424d998daef979ceab63de749d73af254bfd20776886db
68678188a607581e508a9435c4b75f1f3869bfafb91413a3108a72dee1b8ee6a
6942b66835801075044785492d7f01e6ca4ad85215cd53f8726aa68f37f00647
70c62d5b9e11c8ca76eba4a9abf98a21c11c2280826d6c3593716a8378977e22
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
f824c32de33d421e02bdae8a57064afb8c1d675c6ec552a9464457a8574203c4