{"report_id":"9afa8328-d296-4684-9d30-5cf8ed0bd45e","version":0,"status":"done","tags":[],"date":"2026-06-29T13:36:59Z","url":{"schema":"http","addr":"of-whatapp.top","fqdn":"of-whatapp.top","domain":"of-whatapp.top","tld":"top"},"ip":{"addr":"154.206.233.25","port":0,"asn":136950,"as":"Hong Kong FireLine Network LTD","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"of-whatapp.top/","fqdn":"of-whatapp.top","domain":"of-whatapp.top","tld":"top"},"title":"WhatsApp网页版 - 即时通讯,","dom":{"size":48209,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"fd85a8230896b7aa4aabf07161b8791b","sha1":"22119156dccce15b59c9cbe2071a2e8707414bfa","sha256":"ba58a84e098203252fdfc6ed8ba832ecdadfc3c9ee843bf9e4084d2f754e0cf7","sha512":"e4309bd62f47f61930bac50efc15bf528ea79ac783d37884a95c3a4ce457deef356a548a23536ef4513baa7df6f81ca010d7d44bfd404909a1bdc4b244610560","ssdeep":"768:qTIDlMgKBeFMkyFoGOKa2OJeFzYcPj8kNAbOBMQQ9DTT1ZwnOKzUocoNsTk:qTIDlzKMekyyGOKa2OJeFYcPj2bNQQ9Y","tlshash":"be23f83965f320950443908177d7931aab7ce6a3cc57cdafb7ec06869fc19e8488375a","dom_hash":"domhash1155cf74849c3b44913a7d8212233547","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"of-whatapp.top","fqdn":"of-whatapp.top","domain":"of-whatapp.top","tld":"top"},"ip":{"addr":"154.206.233.25","port":0,"asn":136950,"as":"Hong Kong FireLine Network LTD","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-03T13:36:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"of-whatapp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-29","alert":"Phishing Block","trigger":"of-whatapp.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"of-whatapp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"of-whatapp.top","ip":{"addr":"154.206.233.25","port":443,"asn":136950,"as":"Hong Kong FireLine Network LTD","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-06-28","domain_rank":0,"first_seen":"2026-06-29T13:36:59.174957Z","last_seen":"2026-06-29T13:36:59.174958Z","alert_count":6,"request_count":2,"received_data":47669,"sent_data":987,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"of-whatapp.top/","fqdn":"of-whatapp.top","domain":"of-whatapp.top","tld":"top"},"ip":{"addr":"154.206.233.25","port":443,"asn":136950,"as":"Hong Kong FireLine Network LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c425c29bf02cd86f570ecddfd5f14bd","sha1":"0e4285266418cd42f7353dd771f3635939c59261","sha256":"082b6d8dee407289ec2a12c584d14949ff3080ea41ab164032b26512fdf45964","sha512":"2f669dff2af612f80be9f4d464cec88a13c20e2455601d606d1ec0fb9563cad7e38b98d50c775341178157e7b329d9f52b090a12c0d02595dc0776eb5c3643c3","ssdeep":"","tlshash":"c061ff2a69b3103a8073a67b978b9344b23510437146ce4a3f6c47891fd1a295ef3adb","size":3268,"data":"","first_seen":"2026-06-29T06:43:37.88487Z","last_seen":"2026-06-29T13:37:04.140976Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"of-whatapp.top/","fqdn":"of-whatapp.top","domain":"of-whatapp.top","tld":"top"},"ip":{"addr":"154.206.233.25","port":443,"asn":136950,"as":"Hong Kong FireLine Network LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-29T13:36:34.295Z","timestamp":1782740194295,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ssl-whatapp.hl.cn","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 14:11:51 GMT","end":"Sat, 26 Sep 2026 14:11:50 GMT"},"fingerprint":{"sha1":"41:42:2D:CF:30:54:95:86:C0:66:40:65:EE:79:35:C7:D0:43:F0:A8","sha256":"7C:EA:9B:EE:B1:C6:27:52:82:3C:17:D7:59:25:15:A3:37:B3:5A:7F:03:DD:D0:85:BA:1C:2C:99:B3:09:9D:AC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: of-whatapp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 29 Jun 2026 13:36:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":45457,"size_decoded":11416,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"0ddba6956d1ceb6907d8d3ce90aa7941","sha1":"a9c3efb9ba14fc4fe9a110337ccbc0b20e9dbe1d","sha256":"8fa89a9794c6f02c78300835085ffc42681d88a898deb29d52aa9142bf19b528","sha512":"992ffad11d89831e608b41d05d4f1bd7dbe583a4a637677ec4f852e28c6da4f4a7363093ae32b7a38b839ecf0b89d27e7eff3caad624b2c6bafb4bdb39470cad","ssdeep":"768:IgP5qAKLwozdT5bdSmpVpbylN46aTPe3U7H2ybOL0kKOSvR/TYLl:IgP5qAKLhzdT5bdSmpVpb96ie3UD2ybM","tlshash":"9e13b63995c1746a0433d3999b62971fffa89167c403825e7bee17874ff29248843f8a","first_seen":"2026-06-29T06:43:37.883605Z","last_seen":"2026-06-29T13:37:04.136131Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2101,"timings":{"blocked":-1,"dns":881,"connect":242,"send":0,"wait":488,"receive":0,"ssl":490},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"of-whatapp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-29","alert":"Phishing Block","trigger":"of-whatapp.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"of-whatapp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"of-whatapp.top/favicon.ico","fqdn":"of-whatapp.top","domain":"of-whatapp.top","tld":"top"},"ip":{"addr":"154.206.233.25","port":443,"asn":136950,"as":"Hong Kong FireLine Network LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://of-whatapp.top/","date":"2026-06-29T13:36:36.682Z","timestamp":1782740196682,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ssl-whatapp.hl.cn","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Jun 2026 14:11:51 GMT","end":"Sat, 26 Sep 2026 14:11:50 GMT"},"fingerprint":{"sha1":"41:42:2D:CF:30:54:95:86:C0:66:40:65:EE:79:35:C7:D0:43:F0:A8","sha256":"7C:EA:9B:EE:B1:C6:27:52:82:3C:17:D7:59:25:15:A3:37:B3:5A:7F:03:DD:D0:85:BA:1C:2C:99:B3:09:9D:AC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: of-whatapp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://of-whatapp.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Mon, 29 Jun 2026 13:36:36 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1385\r\nlast-modified: Sun, 28 Jun 2026 15:11:07 GMT\r\netag: \"6a41398b-569\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1385,"size_decoded":1825,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-06-29T13:38:59.647265Z","times_seen":1931,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"of-whatapp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-29","alert":"Phishing Block","trigger":"of-whatapp.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"of-whatapp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}