{"report_id":"eee18569-f22c-4940-8724-629565d3f908","version":6,"status":"done","tags":[],"date":"2026-01-05T12:30:48Z","url":{"schema":"http","addr":"wjm-whatsapp.com.cn","fqdn":"wjm-whatsapp.com.cn","domain":"wjm-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.43.28","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"wjm-whatsapp.com.cn/","fqdn":"wjm-whatsapp.com.cn","domain":"wjm-whatsapp.com.cn","tld":"com.cn"},"title":"WhatsApp Web","dom":{"size":40084,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"a457544ae138717fb86e7401f46e51dd","sha1":"b8c4e46faea368e5ad1d7f5f0cc4a86ceb4267eb","sha256":"5f0af16ac8f39de0b79d455b607c13cedc7dc52b9ef47f49451253083e013813","sha512":"91315a19735e2861256ffa3f2d2e8f18ced7417ea56cbca25683a54993ea213a5066b432093981b7137aaf246d0ac0b8a37e57dc162002fa8477c37014a18cde","ssdeep":"768:6dYRPmSO+mC4SXms5O6kQFGGyw1tN2QoYRtCnx+92VzXVrJl6C2Ib2mmvpbmW90E:6dMPmSDmC4SXms5DxHoMtCnxa2VzlrJU","tlshash":"08030a6e00f3315a2617a1a01b5497176d84d22bc81bceb97bcd1ab9cfc5d51acb338e","dom_hash":"domhash113e591d1cb8d4925d2ace9183ffd519","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wjm-whatsapp.com.cn","fqdn":"wjm-whatsapp.com.cn","domain":"wjm-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.43.28","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-09T12:30:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wjm-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"wjm-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"wjm-whatsapp.com.cn","ip":{"addr":"156.252.43.28","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"domain_registered":"2026-01-05","domain_rank":0,"first_seen":"2026-01-05T12:30:48.753433Z","last_seen":"2026-01-05T12:30:48.753433Z","alert_count":4,"request_count":2,"received_data":42838,"sent_data":933,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"wjm-whatsapp.com.cn/","fqdn":"wjm-whatsapp.com.cn","domain":"wjm-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.43.28","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":true,"md5":"168b960c66fd83b3a9b5dc8d3b45275e","sha1":"99754f72c8b44169d6f68e1d4c97e85c306ffab2","sha256":"d18bc536da6b8f60e05fce29779a6152229eed9ceb303b8fb69524fe81b12a9b","sha512":"77ec5586cc1dd78b6118c7d6dcfbadad581e6ee86d0cb192cbe0efc47200e8736b200073fdb6d909d0186c35faa2c529eecfa1de90aa5505336555c4cac3930b","ssdeep":"","tlshash":"fa017d2a267964390c37926bd38ae2c6a11490c77081ec797eac5f0c1fc579569a11c3","size":842,"data":"","first_seen":"2026-01-05T04:46:58.708375Z","last_seen":"2026-01-06T04:13:31.738984Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"wjm-whatsapp.com.cn/","fqdn":"wjm-whatsapp.com.cn","domain":"wjm-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.43.28","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T12:30:27.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wjm-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 04 Jan 2026 16:48:00 GMT","end":"Sat, 04 Apr 2026 16:47:59 GMT"},"fingerprint":{"sha1":"20:BB:23:17:4F:E7:EE:5B:28:C4:44:F1:7F:23:32:E0:4C:4D:1E:F2","sha256":"F1:75:11:2A:A2:C1:FF:AD:08:C2:E2:57:D7:FA:AA:61:CE:10:E3:29:CD:E9:B7:FC:12:2B:AE:CC:23:BA:69:EC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: wjm-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 05 Jan 2026 12:30:28 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 04 Jan 2026 17:45:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695aa746-9e76\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40566,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"b7f6e5fe54c6c9f36c64662f4ef802d3","sha1":"bbb0dbd6efd0ea236a21dba77b8e0e3e9ca6ddfd","sha256":"516b489b0add9181f76aec23865538d7b5be9b14d6342e85b35784431750e960","sha512":"92c219935658673dcd0d12705f7cc7ea6a54cb631af98b24fdfd8dfc2389ab5f9bc4fe99e72ab71015748010f34fef3f950806c4a1d04e27f30fae1014593560","ssdeep":"768:mdYRPmSO+mC4SXmHO6kQFGGyw1tN2QoYRtCnx+92VzXVrJl6C2Ib2mmJpbmW90sK:mdMPmSDmC4SXmHDxHoMtCnxa2VzlrJlB","tlshash":"91030a6e00f3315a2617a1a01b5497176d84d22bc81bceb97bcd1ab9cfc5d51acb338e","first_seen":"2026-01-05T04:46:58.706771Z","last_seen":"2026-01-06T04:13:31.736202Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1904,"timings":{"blocked":841,"dns":385,"connect":222,"send":0,"wait":222,"receive":0,"ssl":231},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wjm-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"wjm-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wjm-whatsapp.com.cn/favicon.ico","fqdn":"wjm-whatsapp.com.cn","domain":"wjm-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"156.252.43.28","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wjm-whatsapp.com.cn/","date":"2026-01-05T12:30:28.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wjm-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 04 Jan 2026 16:48:00 GMT","end":"Sat, 04 Apr 2026 16:47:59 GMT"},"fingerprint":{"sha1":"20:BB:23:17:4F:E7:EE:5B:28:C4:44:F1:7F:23:32:E0:4C:4D:1E:F2","sha256":"F1:75:11:2A:A2:C1:FF:AD:08:C2:E2:57:D7:FA:AA:61:CE:10:E3:29:CD:E9:B7:FC:12:2B:AE:CC:23:BA:69:EC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: wjm-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wjm-whatsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 05 Jan 2026 12:30:28 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1385\r\nlast-modified: Sat, 15 Mar 2025 14:05:42 GMT\r\netag: \"67d58936-569\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-05-31T04:18:10.709028Z","times_seen":1903,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"wjm-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wjm-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}