# whatsappjako.pages.dev — SUSPICIOUS

> PhishDestroy tracks whatsappjako.pages.dev hosting a live WhatsApp login phishing page. VirusTotal score 0/95. Check the full report.

## Summary
PhishDestroy identifies whatsappjako.pages.dev as an active credential-phishing page masquerading as WhatsApp Web. The domain is classified under the specific threat type WhatsApp login phishing, designed to harvest user credentials under false pretenses. This campaign remains under formal investigation while analysts continue to profile its infrastructure and delivery vectors.


PhishDestroy’s initial scan of whatsappjako.pages.dev reveals zero detections on VirusTotal out of 95 engines, indicating bypass of current static signatures. The domain resolves to IP address 172.66.44.77 and is served over HTTPS with a certificate issued by Google Trust Services. Registration is obscured through Cloudflare, Inc., preventing transparent WHOIS attribution. No entries on major blocklists have been recorded to date. The seed identifier 9d421b was assigned to correlate feeds and telemetry from multiple honeypots.


Mitigation specific to WhatsApp credential phishing requires immediate blocking of whatsappjako.pages.dev at DNS and network layers. Users who may have entered credentials should rotate passwords immediately and enable two-factor authentication on their WhatsApp accounts. Security teams should inspect egress traffic for POST requests to this domain and correlate with any instances of m_login.php or similar phishing paths. Continuous monitoring of IP 172.66.44.77 and the seed 9d421b is recommended to detect lateral movement or expanded campaigns using the same infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.77

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d1eb9d72-4ff3-428a-9764-6fa112c8d62d
- PhishDestroy: https://phishdestroy.io/domain/whatsappjako.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/whatsappjako.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/whatsappjako.pages.dev/
Last updated: 2026-03-22