Known malicious kitcriticalphishing

Chinese WhatsApp Impersonation — main.js

family: whatsapp-cn-bf71

5-host Chinese WhatsApp brand impersonation: it-web-whatsapp.hl.cn, llg-whatsapp.com.cn, etc. Third-region sister of whatsapp-bd-771c (Bangladesh) and whatsapp-pk-96b1 (Pakistan) — same kit-as-a-service operator targeting more countries.

Fingerprint anchors

content sha2567dd85aca2c29abbe85ca1f14cb376ed30e3a9e64a6cb35f9b3f726b1a8784e82

canonical ASTbf712e0fcf12f9674f71b5fa9bd568cf489de821f64a6017e75036b60dc658b6

TLSHT168241AE83955F5516EB343F710AF1807737C2A2B280D4DA0A211FD9DB4B809EB17BE99

Provenance

Added by: analyst

Added: 2026-05-27 07:09

5 hosts. WhatsApp impersonation, China cohort. Sister of bd-771c + pk-96b1.

Sightings (5)

Host	Scan	Script	Match	When
whatsapp-web.xyz	65a92f77…	https://whatsapp-web.xyz/static/js/main.6c724e39.js	byte	2026-05-24 10:11
it-web-whatsapp.hl.cn	c19b3ebe…	https://it-web-whatsapp.hl.cn/static/js/main.6c724e39.js	byte	2026-05-24 09:11
llg-whatsapp.com.cn	3bdff214…	https://llg-whatsapp.com.cn/static/js/main.6c724e39.js	byte	2026-05-23 23:07
web.i-whatsapp.com.cn	ddc59d87…	https://web.i-whatsapp.com.cn/static/js/main.6c724e39.js	byte	2026-05-23 21:39
whatsappwt.com.cn	e79735c8…	https://whatsappwt.com.cn/static/js/main.6c724e39.js	byte	2026-05-23 05:34