SafeMode - Analysis: whatsapp.gq.hl.cn

Visual Capture

Detection Info

http://whatsapp.gq.hl.cn

Detected Brand

Country

Unknown

Confidence

95%

HTTP Status

200

Report ID

102f2623-9c4…

Analyzed

2026-05-30 11:22

Final URL (after redirects)

http://whatsapp.gq.hl.cn/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T184523F202042FD7B41D397E46670936AB7C2E366EC671BAD52F0D35D9EC2D45CE22287
CONTENT ssdeep	192:970YDIbAqaAuhSAXUOliXlZUCrbUI5MTxQV8v+2aCwysCXfkzIBpHdzxsUae283q:970Y1v4XlGCrBMTKBVykzIBpjJae2sPC

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	ed12572d46166d17
VISUAL aHash	00ffffff8181ffff
VISUAL dHash	4c0d0bcc2b2b2a48
VISUAL wHash	00e7fff78181abc0
VISUAL colorHash	06030000080
VISUAL cropResistant	4c0d0bcc2b2b2a48

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

WhatsApp Phishing Landing Page

Target

WhatsApp users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Official Website

https://www.whatsapp.com

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Brand Impersonation Redirect

Impersonates WhatsApp to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.