{"report_id":"098f9444-453f-4f36-9501-2dfccee67da3","version":6,"status":"done","tags":[],"date":"2026-01-05T12:44:26Z","url":{"schema":"http","addr":"wis-whatsapp.com.cn","fqdn":"wis-whatsapp.com.cn","domain":"wis-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.44.5","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"wis-whatsapp.com.cn/","fqdn":"wis-whatsapp.com.cn","domain":"wis-whatsapp.com.cn","tld":"com.cn"},"title":"WhatsApp Web","dom":{"size":37807,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"29b1dd8d1b8a1af2a25ada14cc1128a5","sha1":"860bcd301082cc99547a4c375b25d18a0e26bcf1","sha256":"15ea3268843412f7353558d8622699dccf7387b5c4cd15af4e272cc68b95caae","sha512":"e2d2dac6ecadceef13e401078e3b053b371a9c5be0a88bf8d0e2558a62ff559d3f7ffed290a4aa88eef3fb6b849c7345474fe4396120a86b261a1f733c25afa3","ssdeep":"768:6dem0//i1bz7stw/0SWiFN7JZB25me5PkLDm2/fYzbAxG5S17D/N6fI/p1SsC0v+:6dem0/ubz7st+0SL5ZB25me5PkLDB/fi","tlshash":"6b03fbab80f338191a23a0b017a5c30b6d48d17b984ecee97b9c5568cfc0955acf378d","dom_hash":"domhash7fa28922cedcff75ef40eebb9879eb97","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wis-whatsapp.com.cn","fqdn":"wis-whatsapp.com.cn","domain":"wis-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.44.5","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-09T12:44:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"wis-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"wis-whatsapp.com.cn","ip":{"addr":"156.252.44.5","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"domain_registered":"2026-01-05","domain_rank":0,"first_seen":"2026-01-05T12:44:26.376031Z","last_seen":"2026-01-05T12:44:26.376031Z","alert_count":8,"request_count":2,"received_data":40574,"sent_data":933,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"wis-whatsapp.com.cn/","fqdn":"wis-whatsapp.com.cn","domain":"wis-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.44.5","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T12:44:03.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wis-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 02:26:58 GMT","end":"Sun, 05 Apr 2026 02:26:57 GMT"},"fingerprint":{"sha1":"D2:7C:69:2E:D3:8A:62:42:2C:F5:31:3A:CB:B4:99:52:3B:9B:84:1E","sha256":"1B:3D:A3:6D:61:7B:F5:61:25:60:4A:7E:00:37:B5:27:CB:C1:0D:64:7B:C4:25:E1:B0:B9:31:1D:05:B0:7A:B5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: wis-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 05 Jan 2026 12:44:06 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 05 Jan 2026 03:26:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695b2f5a-959e\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38302,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with LF, NEL line terminators","md5":"a2550bfcc76241723d2f0e535bb3659a","sha1":"0d4989454ad88b6bf51d0cd4f9eef8d544adc142","sha256":"a7acd2bbe09151d717d44c26228b0fce28b42783489931dd7a2e4a3e0186b246","sha512":"2e6d71eb916d6447a678aee251dd0850183c45fecf897099a83d554cd8b5fbbdaf103458f6cc9b8dfd5d7703092113c005bf5ded1b3548883a062537c84d1e07","ssdeep":"768:mdem0//i1bzWstw/0SWiFN7JZB25me5PkLDm2/fYzbAxG5S17D/N6fI/p1SsC0vt:mdem0/ubzWst+0SL5ZB25me5PkLDB/fx","tlshash":"6e03e85b81f3e7190ad360f01f90d31a6d68d1efc88ecaa6375d80e48fd09597ca7689","first_seen":"2026-01-05T12:44:30.36473Z","last_seen":"2026-01-05T16:36:37.721602Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4727,"timings":{"blocked":2249,"dns":1794,"connect":222,"send":0,"wait":229,"receive":0,"ssl":229},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"wis-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wis-whatsapp.com.cn/favicon.ico","fqdn":"wis-whatsapp.com.cn","domain":"wis-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.44.5","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wis-whatsapp.com.cn/","date":"2026-01-05T12:44:06.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wis-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 02:26:58 GMT","end":"Sun, 05 Apr 2026 02:26:57 GMT"},"fingerprint":{"sha1":"D2:7C:69:2E:D3:8A:62:42:2C:F5:31:3A:CB:B4:99:52:3B:9B:84:1E","sha256":"1B:3D:A3:6D:61:7B:F5:61:25:60:4A:7E:00:37:B5:27:CB:C1:0D:64:7B:C4:25:E1:B0:B9:31:1D:05:B0:7A:B5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: wis-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wis-whatsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 05 Jan 2026 12:44:06 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1385\r\nlast-modified: Sat, 15 Mar 2025 14:05:42 GMT\r\netag: \"67d58936-569\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-05-24T18:36:43.117173Z","times_seen":1881,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"wis-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wis-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}