Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://whatsapp.gr.hl.cn/
Detected Brand
WhatsApp
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
2d31db70-df8âŚ
Analyzed
2026-05-29 10:17
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F86294302185FD7A418747E123A0936ABBC2D373EC631ABE96F0875D9EC5D44CE126A7 |
|
CONTENT
ssdeep
|
384:iR3RSIAJPWXNb6DVtQaxwEEF6uN2DMfQo1UdL31y28v8NdtO5cQclAI:O3ROJ+XNb6DVtQaxwEEF6uN2DMfQEUtv |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a2a218dcdcdc8af6 |
|
VISUAL
aHash
|
df072767e4fec001 |
|
VISUAL
dHash
|
3bcdcfcec8aaaa51 |
|
VISUAL
wHash
|
df07273fe4fac000 |
|
VISUAL
colorHash
|
07000000e00 |
|
VISUAL
cropResistant
|
3bcdcfcec8aaaa51 |
Code Analysis
Threat Level
ALTO
â ď¸ Phishing Confirmed
đ Risk Score Breakdown
Total Risk Score
40/100
đŹ Comprehensive Threat Analysis
Threat Type
WhatsApp Phishing Landing Page
Target
WhatsApp users
Attack Method
Phishing webpage
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
đ˘ Brand Impersonation Analysis
Impersonated Brand
WhatsApp
Official Website
https://www.whatsapp.com
Fake Service
Credential harvesting service
âď¸ Attack Methodology
Primary Method: SEO Poisoning Landing Page
Fake WhatsApp page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.
Secondary Method: Standard Phishing Techniques
Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.
đ Infrastructure Indicators of Compromise
Domain Information
Domain
whatsapp.gr.hl.cn
Registered
2026-02-28 22:17:14+00:00
Registrar
ćé˝ĺŚć´žç§ććéĺ
Źĺ¸
Status
Active (89 days old)
Hosting Information
Provider
ćé˝ĺŚć´žç§ććéĺ
Źĺ¸
ASN
đ¤ AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.