Report - redwhatsapp.com/virbo/download/

Report Overview

Visited public
2025-04-19 14:56:03
Tags
URL
redwhatsapp.com/virbo/download/
Finishing URL
redwhatsapp.com/virbo/download/
IP / ASN
172.67.148.4
#13335 CLOUDFLARENET
Title
Virbo-AI Video & AI Generator v1.9.17 MOD APK (Premium Unlocked) - RedWhatsApp

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
redwhatsapp.com	unknown	2023-05-21	2017-12-26	2025-02-11	10 kB	932 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-18	medium	redwhatsapp.com/virbo/download/	WhatsApp

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed
2025-04-19	medium	redwhatsapp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	data:text/javascript;base64,d2luZG93Lmdvb2dsZXRhZz13aW5kb3cuZ29vZ2xldGFnfHx7Y21kOltdfTtnb29nbGV0YWcuY21kLnB1c2goZnVuY3Rpb24oKXtnb29nbGV0YWcuZGVmaW5lU2xvdCgnLzIyNzQ2Njc3OTc3L3JlZHdoYXRzYXBwLmNvbV8zMDB4MjUwXzMnLFtbMzAwLDI1MF0sWzMzNiwyODBdXSwnZ3B0LTMwMHgyNTBleHRyYV8zJykuYWRkU2VydmljZShnb29nbGV0YWcucHViYWRzKCkpO2dvb2dsZXRhZy5lbmFibGVTZXJ2aWNlcygpO2dvb2dsZXRhZy5wdWJhZHMoKS5zZXQoJ3BhZ2VfdXJsJywncmVkd2hhdHNhcHAuY29tJyk7Z29vZ2xldGFnLmRpc3BsYXkoImdwdC0zMDB4MjUwZXh0cmFfMyIpfSk=	ScriptElement	332 B	2025-04-19	2025-04-19
Pretty URL data:text/javascript;base64,d2luZG93Lmdvb2dsZXRhZz13aW5kb3cuZ29vZ2xldGFnfHx7Y21kOltdfTtnb29nbGV0YWcuY21kLnB1c2goZnVuY3Rpb24oKXtnb29nbGV0YWcuZGVmaW5lU2xvdCgnLzIyNzQ2Njc3OTc3L3JlZHdoYXRzYXBwLmNvbV8zMDB4MjUwXzMnLFtbMzAwLDI1MF0sWzMzNiwyODBdXSwnZ3B0LTMwMHgyNTBleHRyYV8zJykuYWRkU2VydmljZShnb29nbGV0YWcucHViYWRzKCkpO2dvb2dsZXRhZy5lbmFibGVTZXJ2aWNlcygpO2dvb2dsZXRhZy5wdWJhZHMoKS5zZXQoJ3BhZ2VfdXJsJywncmVkd2hhdHNhcHAuY29tJyk7Z29vZ2xldGFnLmRpc3BsYXkoImdwdC0zMDB4MjUwZXh0cmFfMyIpfSk= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 14:56 Last Seen2025-04-19 15:00 Times Seen2 Hash 634b3fb925fc52efbd81056eb1779634 4b67ef3c37aff2b2ea2c43c7c21e5f1fd8ae4cd1 1a204fd955a3883610bf37e2a0b3f7cf4d9b0a2552dc455806a60cbce774943e Loading...

	redwhatsapp.com/wp-content/litespeed/js/27557300b8e284b15ed8bd444aa84dc3.js?ver=6fe1c	ScriptElement	258 kB	2025-02-11	2025-04-19
Pretty URL redwhatsapp.com/wp-content/litespeed/js/27557300b8e284b15ed8bd444aa84dc3.js?ver=6fe1c IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-11 03:01 Last Seen2025-04-19 15:00 Times Seen4 Hash a9ede933f6b991ccacab50f862581da7 a5e3be2adae08f3de34b6daeafc92fc3fe6d7075 51fc3606a8ecab1f038a2e8650b68acadb1a2a8db3ac192fdd1d167f35f1662c Loading...

	redwhatsapp.com/virbo/download/	ScriptElement	215 B	2023-03-07	2025-05-25
Pretty URL redwhatsapp.com/virbo/download/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-25 04:02 Times Seen2991 Hash dc0923c33f2f758c84c52fbb61c834a3 b058be2d1733bff3d424d94ace699f13151e3df7 d37ef4938c8ae1d3621058c0b807b594bdff045977dab405590883e514289ac3 Loading...

	redwhatsapp.com/wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6	ScriptElement	1.0 kB	2025-04-19	2025-04-19
Pretty URL redwhatsapp.com/wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 14:56 Last Seen2025-04-19 14:56 Times Seen1 Hash 5514c5584f334ff3b2835f02bac54b3c 97fb4a50b62fea7f12274ac080c2cda4330aa187 6dffccc7bd85173f46dcae341425a32a6ce367fa3f78f7426274ad53cb5bf597 Loading...

	data:text/javascript;base64,d2luZG93Lmdvb2dsZXRhZz13aW5kb3cuZ29vZ2xldGFnfHx7Y21kOltdfTtnb29nbGV0YWcuY21kLnB1c2goZnVuY3Rpb24oKXtnb29nbGV0YWcuZGVmaW5lU2xvdCgnLzIyNzQ2Njc3OTc3L3JlZHdoYXRzYXBwLmNvbV8zMDB4MjUwXzQnLFtbMzAwLDI1MF0sWzMzNiwyODBdXSwnZ3B0LTMwMHgyNTBleHRyYV80JykuYWRkU2VydmljZShnb29nbGV0YWcucHViYWRzKCkpO2dvb2dsZXRhZy5lbmFibGVTZXJ2aWNlcygpO2dvb2dsZXRhZy5wdWJhZHMoKS5zZXQoJ3BhZ2VfdXJsJywncmVkd2hhdHNhcHAuY29tJyk7Z29vZ2xldGFnLmRpc3BsYXkoImdwdC0zMDB4MjUwZXh0cmFfNCIpfSk=	ScriptElement	332 B	2025-04-19	2025-04-19
Pretty URL data:text/javascript;base64,d2luZG93Lmdvb2dsZXRhZz13aW5kb3cuZ29vZ2xldGFnfHx7Y21kOltdfTtnb29nbGV0YWcuY21kLnB1c2goZnVuY3Rpb24oKXtnb29nbGV0YWcuZGVmaW5lU2xvdCgnLzIyNzQ2Njc3OTc3L3JlZHdoYXRzYXBwLmNvbV8zMDB4MjUwXzQnLFtbMzAwLDI1MF0sWzMzNiwyODBdXSwnZ3B0LTMwMHgyNTBleHRyYV80JykuYWRkU2VydmljZShnb29nbGV0YWcucHViYWRzKCkpO2dvb2dsZXRhZy5lbmFibGVTZXJ2aWNlcygpO2dvb2dsZXRhZy5wdWJhZHMoKS5zZXQoJ3BhZ2VfdXJsJywncmVkd2hhdHNhcHAuY29tJyk7Z29vZ2xldGFnLmRpc3BsYXkoImdwdC0zMDB4MjUwZXh0cmFfNCIpfSk= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 14:56 Last Seen2025-04-19 15:00 Times Seen2 Hash a3292077dd4fc9c5538b6ce77cb74021 a14712edd17559115e07e747fd7e81339b50209a 21eec0457dc756e72bc9528567d7b8e6f4ebf8c597cd4e625e34e98d053e6329 Loading...

HTTP Transactions (21)

URL IP Response Size

redwhatsapp.com/wp-content/plugins/litespeed-cache/assets/js/instant_click.min.js?ver=7.0.1

188.114.96.1

200 OK

4.6 kB

URL GET
redwhatsapp.com/wp-content/plugins/litespeed-cache/assets/js/instant_click.min.js?ver=7.0.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
JavaScript source, ASCII text, with very long lines (4623)
Size
4.6 kB (4624 bytes)
Hash
fb09040de1e36049114a1f4e6dd35f5c
8d36f99b17d88a7f6dac59fc7a02edd92a7f9662
ff3d0e8b3eeb7ba127f9a3fa28f85a045e502f1b3740740c8464ee70d65588e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/litespeed-cache/assets/js/instant_click.min.js?ver=7.0.1 HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:43 GMT
content-type: text/javascript
content-length: 1482
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 10:14:11 GMT
last-modified: Thu, 17 Apr 2025 16:16:40 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 124892
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 932d3e9b2bf65687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2023/02/Twitter-Pro-Red-Icon.png

188.114.96.1

200 OK

9.9 kB

URL GET
redwhatsapp.com/wp-content/uploads/2023/02/Twitter-Pro-Red-Icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
PNG image data, 217 x 217, 8-bit/color RGBA, non-interlaced
Size
9.9 kB (9882 bytes)
Hash
8cd8f6c1c50e405e0f34746f3bfd9a59
9a40063c9718dafd7cedb961180710359b255e87
e3ddf6fb34bce44afe34d0eadae7cd3ec510889b1d1c10b1f4ea83ca3ad91ba5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/02/Twitter-Pro-Red-Icon.png HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/png
content-length: 9882
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:57:06 GMT
last-modified: Fri, 04 Apr 2025 15:29:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147518
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea03c1c5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2022/11/KAYAN-TV-150x150.png

188.114.96.1

200 OK

2.1 kB

URL GET
redwhatsapp.com/wp-content/uploads/2022/11/KAYAN-TV-150x150.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Size
2.1 kB (2143 bytes)
Hash
08037cfac94961965d5d9ddd012448ed
cd3b516a2874d9e1ea9add1931a2cc6b47c82846
5754fa75538a49531b97672095108e855a35f78305a10a5720b0eff2bd42e27d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/11/KAYAN-TV-150x150.png HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/png
content-length: 2143
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:29:52 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea08c825687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/TikTok-Plus-Rezvan.png.webp

188.114.96.1

200 OK

9.0 kB

URL GET
redwhatsapp.com/wp-content/uploads/TikTok-Plus-Rezvan.png.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.0 kB (8996 bytes)
Hash
eb15a91d4d36f564d9f6386d0100400a
8f0d661a31ae6fd8b8a8f94e6bc47e70bc08d7d7
b6fc9cb9b058cae6d40343699e9f63aea48bb93a186e7d814c3b4f9eb16b861d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/TikTok-Plus-Rezvan.png.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 8996
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:57:06 GMT
last-modified: Fri, 04 Apr 2025 15:31:10 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147518
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea13d845687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-192x192.png

188.114.96.1

200 OK

18 kB

URL GET
redwhatsapp.com/wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-192x192.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
18 kB (18053 bytes)
Hash
7fcb7ca2bd7227480b5cdca1e651103b
4802db62b939d30a3c55217950a918593c60cd6f
93354e435a9cf2aa23ea5b5f54deb3f9af6eb1b5fb7d4322bcc89081c35c0ab4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-192x192.png HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:45 GMT
content-type: image/png
content-length: 18053
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:56:56 GMT
last-modified: Fri, 04 Apr 2025 15:31:47 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147529
priority: u=6,i=?0
accept-ranges: bytes
cf-ray: 932d3ea55ac85687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/03/ML-Manager-Pro-APK-Extractor-icon.webp

188.114.96.1

200 OK

1.7 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/03/ML-Manager-Pro-APK-Extractor-icon.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 217x217, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.7 kB (1738 bytes)
Hash
881b9c280275ad1c5db5b52859d3abc6
740b3ed33bead41552711a8f8bb516c19c839bc2
6f02d61998f4b942d8b0c36c31affc064c56c1b68f9866a479bf9894515794a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/03/ML-Manager-Pro-APK-Extractor-icon.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 1738
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:28 GMT
last-modified: Fri, 04 Apr 2025 15:30:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18436
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea15da85687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/07/pdf-editor-pdf-fill-amp-sign-150x150-1.webp

188.114.96.1

200 OK

3.0 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/07/pdf-editor-pdf-fill-amp-sign-150x150-1.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.0 kB (2954 bytes)
Hash
02eeaec71fdb572ee4fef593bf8861ac
05f050a154a7746d7e1203d334a5b6bca7ce51d7
3f6b233adf8976e173222b8cb649f60747ebefb37c6c248994c10b5a03a1e79a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/07/pdf-editor-pdf-fill-amp-sign-150x150-1.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 2954
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:55 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea16dc45687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6

188.114.96.1

200 OK

109 kB

URL GET
redwhatsapp.com/wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (109258 bytes)
Hash
ccebc81ba5dcafa679cc1083023e6d14
85063f1a7af3db994b484357e066b80aa9a9616b
80bf28d1787348ec241840ac2a4748b4e561143b45748647456ea45deac3e34f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6 HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:43 GMT
content-type: text/javascript
content-length: 33623
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:57:21 GMT
last-modified: Thu, 17 Apr 2025 21:57:19 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147502
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 932d3e9b2bef5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6

188.114.96.1

200 OK

109 kB

URL GET
redwhatsapp.com/wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (109258 bytes)
Hash
ccebc81ba5dcafa679cc1083023e6d14
85063f1a7af3db994b484357e066b80aa9a9616b
80bf28d1787348ec241840ac2a4748b4e561143b45748647456ea45deac3e34f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/litespeed/js/5cbd058a2d0dd2be4390164d6d0acca6.js?ver=acca6 HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:43 GMT
content-type: text/javascript
content-length: 33623
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:57:21 GMT
last-modified: Thu, 17 Apr 2025 21:57:19 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147502
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 932d3e9b3c115687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/08/virbo-ai-video-ai-generator-150x150-1.webp

188.114.96.1

200 OK

2.9 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/08/virbo-ai-video-ai-generator-150x150-1.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 150x150, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.9 kB (2926 bytes)
Hash
b8e09eef3bf95fe5664224f85d666256
796c7378268d6f09bdaa31f7d291741127770b10
17eb95bdc3df60078928be217fe02a53002043e8178201f9d4f7545af50aaf13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/virbo-ai-video-ai-generator-150x150-1.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 2926
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:58 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea03bfa5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/06/Mobile-Scanner-PDF-Scanner-App-Scan-to-PDF-1.webp

188.114.96.1

200 OK

8.2 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/06/Mobile-Scanner-PDF-Scanner-App-Scan-to-PDF-1.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.2 kB (8166 bytes)
Hash
48c40e96114ef833bb38ab79f83eaba0
998b4946e055544293fb0a34d0f26fbe0212309e
7f67321dbe3bf24ed4528c802647947a9fcafbdbb3582e475a04136dbfbbe836

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/06/Mobile-Scanner-PDF-Scanner-App-Scan-to-PDF-1.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 8166
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:46 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea03c0f5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/08/Focus-Logo.webp

188.114.96.1

200 OK

5.6 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/08/Focus-Logo.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp
Size
5.6 kB (5640 bytes)
Hash
90cfa4467aaa9d18d18508d055b268ec
56acb5ac604d71f548f2bc519714a2065bd1e034
481fab61abd2f93e0d9a5267824cd26b0b1212b6ff48570310a7e289d4f443c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/Focus-Logo.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 5640
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:56 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea07c6b5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2023/01/Discord-Ultra-v1.00-150x150.jpg.webp

188.114.96.1

200 OK

2.1 kB

URL GET
redwhatsapp.com/wp-content/uploads/2023/01/Discord-Ultra-v1.00-150x150.jpg.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 150x150, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.1 kB (2096 bytes)
Hash
eebd603eeb2a9a6cef6f561b8be8c566
af907008da5aa9f3b8ad2b5606d4efe303c09415
efc29830a0550b47f232dcd373c1632a731260ee0b8c33eb891fcd93771fecd6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/01/Discord-Ultra-v1.00-150x150.jpg.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 2096
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:57:06 GMT
last-modified: Fri, 04 Apr 2025 15:29:53 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147518
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea1be1b5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-32x32.png

188.114.96.1

200 OK

1.3 kB

URL GET
redwhatsapp.com/wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-32x32.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1258 bytes)
Hash
5074681b082c2c6d779868645380cfc3
e7435401a8737c25b9db8cce6e527afcba326efd
8b1528ef61b985ca1632f672d483e0790f2de0b7937de60e2759788b546887c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-32x32.png HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:45 GMT
content-type: image/png
content-length: 1258
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:56:56 GMT
last-modified: Fri, 04 Apr 2025 15:31:47 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147529
priority: u=6,i=?0
accept-ranges: bytes
cf-ray: 932d3ea55ad85687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/litespeed/css/f4df4668bf5331c1ed0b57e4e759c7e2.css?ver=bf8cf

188.114.96.1

200 OK

306 kB

URL GET
redwhatsapp.com/wp-content/litespeed/css/f4df4668bf5331c1ed0b57e4e759c7e2.css?ver=bf8cf
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
306 kB (306441 bytes)
Hash
f4df4668bf5331c1ed0b57e4e759c7e2
2b3510ffd5049f1117f7a7ab0db870d77a80a8dd
15213f427f0e756994670ad68b73365bf4d51fb9314e994b47b2a11b65c34b85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/litespeed/css/f4df4668bf5331c1ed0b57e4e759c7e2.css?ver=bf8cf HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:43 GMT
content-type: text/css
content-length: 41559
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:27 GMT
last-modified: Sat, 19 Apr 2025 09:01:56 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=2,i=?0
accept-ranges: bytes
cf-ray: 932d3e9b2be85687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/08/Bundle-Breaking-News.webp

188.114.96.1

200 OK

540 B

URL GET
redwhatsapp.com/wp-content/uploads/2024/08/Bundle-Breaking-News.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp
Size
540 B (540 bytes)
Hash
b7572ed3ba7ba159c2ba29b707779a9a
f941152a434ee80030023f961a2f5fd761491e2c
b502f63b45d9286d64a98ce6495336b4154bcf1744f23475b76f6e5280d4522c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/Bundle-Breaking-News.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 540
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:56 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea04c2b5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/07/status-saver-wa-business-wa-150x150-1.webp

188.114.96.1

200 OK

4.1 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/07/status-saver-wa-business-wa-150x150-1.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.1 kB (4130 bytes)
Hash
0993633ba408fbf24f5820424817b0d7
4faa3a1acfffe6aaf35afcf0d1cfe50c6c205c2c
21012680bb642c2fdfc3521ca3e447453aedc88ad99cefbe6798c671044a4320

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/07/status-saver-wa-business-wa-150x150-1.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 4130
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:55 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea1ae0e5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/virbo/download/

188.114.96.1

200 OK

58 kB

URL User Request GET
redwhatsapp.com/virbo/download/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6427)
Size
58 kB (57658 bytes)
Hash
281ad013b1e7adf0c663fde979c89690
27b82d62506bf69a8cfc3712d640db6dc460d473
61fa418e319efcf05440667b84cacb63be11c40e63a7b9154f2b6da70f5d9c1c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /virbo/download/ HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 14:55:43 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: on
x-litespeed-cache: miss
vary: Accept-Encoding
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932d3e910af1b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

redwhatsapp.com/wp-content/litespeed/js/27557300b8e284b15ed8bd444aa84dc3.js?ver=6fe1c

188.114.96.1

200 OK

258 kB

URL GET
redwhatsapp.com/wp-content/litespeed/js/27557300b8e284b15ed8bd444aa84dc3.js?ver=6fe1c
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
258 kB (258418 bytes)
Hash
a9ede933f6b991ccacab50f862581da7
a5e3be2adae08f3de34b6daeafc92fc3fe6d7075
51fc3606a8ecab1f038a2e8650b68acadb1a2a8db3ac192fdd1d167f35f1662c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/litespeed/js/27557300b8e284b15ed8bd444aa84dc3.js?ver=6fe1c HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:43 GMT
content-type: text/javascript
content-length: 78966
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:56:55 GMT
last-modified: Thu, 17 Apr 2025 21:56:54 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147528
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 932d3e9b2bf55687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2023/06/GA-YouTube-Icon-RedWhatsApp.png

188.114.96.1

200 OK

6.7 kB

URL GET
redwhatsapp.com/wp-content/uploads/2023/06/GA-YouTube-Icon-RedWhatsApp.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
PNG image data, 217 x 217, 8-bit/color RGBA, non-interlaced
Size
6.7 kB (6678 bytes)
Hash
4464e7a5c7d29bca4136e652a5dfbe8c
98fb6db1a0ce05ce40236a0b2cd626ddc6564e1c
1ee64f1cafd8620f328a683ab0560ef72584f2eb73d3c159e6c9353ef9dcde18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/06/GA-YouTube-Icon-RedWhatsApp.png HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/png
content-length: 6678
server: cloudflare
cache-control: public, max-age=31557600
expires: Sat, 18 Apr 2026 03:57:06 GMT
last-modified: Fri, 04 Apr 2025 15:30:16 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 147518
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea09c865687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

redwhatsapp.com/wp-content/uploads/2024/06/led-scroller-led-banner-150x150-1.webp

188.114.96.1

200 OK

2.3 kB

URL GET
redwhatsapp.com/wp-content/uploads/2024/06/led-scroller-led-banner-150x150-1.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://redwhatsapp.com/virbo/download/
Certificate
IssuerGoogle Trust Services
Subjectredwhatsapp.com
FingerprintD4:4A:30:1F:F2:42:DF:60:3D:F5:9B:A6:9A:0F:19:A0:09:4C:D0:B4
ValidityThu, 10 Apr 2025 05:35:39 GMT - Wed, 09 Jul 2025 06:34:08 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.3 kB (2260 bytes)
Hash
c20333acefdaed2d2a6946800edb9dfa
7ba9d0a071905342a5dcc32a7d225fedceec29d2
837892a280d6ef32dd4d134268391bf32906cb8e764d28787611fb50fef860a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/06/led-scroller-led-banner-150x150-1.webp HTTP/1.1
Host: redwhatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redwhatsapp.com/virbo/download/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 14:55:44 GMT
content-type: image/webp
content-length: 2260
server: cloudflare
cache-control: public, max-age=31557600
expires: Sun, 19 Apr 2026 15:48:29 GMT
last-modified: Fri, 04 Apr 2025 15:30:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 18435
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 932d3ea10d425687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP