What Is WhatsApp.com?

WhatsApp (whatsapp.com) is an available freeware, multi-platform messaging service that allows users to send text messages, make voice and video calls, and share statuses and media content such as voice memos, images, documents, and more. Whatsapp.com is compatible with many mobile phones and computer operating systems making it accessible across different devices. Its user-friendly interface is key to this site’s success as it facilitates a good user experience for people of all ages. As of January 2023, the site whatsapp.com gets an estimated 2.9 billion monthly views, according to SimilarWeb. The Wayback Machine estimates whatsapp.com was founded on January 24, 2009. Whatsapp.com started being crawled by the Wayback Machine in 2009. To date, whatsapp.com has been crawled 98,402 times showing its rate has been increasing steadily with an upsurge between 2015 and 2016 and traffic has not dropped off. As illustrated on SimilarWeb, the site whatsapp.com gets 85% of its traffic directly from the domain and 9% from search engines.

Website: https://www.whatsapp.com/

Is WhatsApp.com Safe?

I conducted a series of malware tests to find out if whatsapp.com is safe and legit. Here are the results:

I installed the Malwarebytes Browser Guard on my Edge browser and was able to browse the site whatsapp.com without any issues.

To check this further I ran malware scans with Malwarebytes and Spybot on my computer after browsing the site whatsapp.com and they returned no malware detection. I also ran a system-wide scan with Microsoft Defender and no malware was found.

To try to confirm that the site is clean, I also checked the site whatsapp.com on the online malware scanner Sucuri and it returned as a medium security risk. You can see the same here: https://sitecheck.sucuri.net/results/whatsapp.com

WhatsApp.com Sucuri results

Sucuri found several issues with this domain. I will list them below.

Site issue 1.

http://whatsapp.com/

<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“ne+Ol4t”,”VbwjDnG”,”fWpW5wc”,”P5QVif6″,”xapIJIl”,”8TNZYzX”,”oCLtibS”]);});</script>

Redirects to https://www.whatsapp.com/?_fb_noscript=1

Site issue 2.

https://www.whatsapp.com/community

<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”8TNZYzX”,”\/fBFaxH”,”oCLtibS”]);});</script>

Redirects to https://www.whatsapp.com/community?_fb_noscript=1

Site issue 3.

https://www.whatsapp.com/download

HTTP redirect <301 Moved Permanently>
Redirects to itms-appss://apps.apple.com/us/app/whatsapp-messenger/id310633997

Site issue 4.

https://www.whatsapp.com/expressyourself

<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”8TNZYzX”,”\/fBFaxH”,”oCLtibS”]);});</script>

Redirects to https://www.whatsapp.com/expressyourself?_fb_noscript=1

Site issue 5.

https://www.whatsapp.com/stayconnected

<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”xapIJIl”,”8TNZYzX”,”oCLtibS”]);});</script>

Redirects to https://www.whatsapp.com/stayconnected?_fb_noscript=1

Site issue 6.

https://www.whatsapp.com/stories

<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”xYnbfih”,”R5w1rCJ”,”X9COSxX”,”xapIJIl”,”8TNZYzX”,”oCLtibS”]);});</script>

Redirects to https://www.whatsapp.com/stories?_fb_noscript=1

Sucuri says the site whatsapp.com is a medium security risk because a site issue was detected finding possible malware. However, it didn’t find any injected spam or defacements. Moreover, no associated security vendors have blacklisted the domain as malicious.

Some hardening improvements could be made such as adding a website firewall, obtaining a new TLS certificate and solving the missing security headers listed below:

Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

The ‘unsafe-inline’ keyword in Content-Security-Policy is not recommended. Consider using unsafe-hashes or nonces instead. Affected pages:
https://www.whatsapp.com/?_fb_noscript=1 for iPad’s UA
https://www.whatsapp.com/community?_fb_noscript=1
https://www.whatsapp.com/expressyourself?_fb_noscript=1
https://www.whatsapp.com/stayconnected?_fb_noscript=1
https://www.whatsapp.com/stories?_fb_noscript=1

Lastly, I ran a malware scan with VirusTotal on the domain whatsapp.com and no security vendor has flagged the domain as malicious. You can see the same here: https://www.virustotal.com/gui/domain/whatsapp.com

WhatsApp.com VirusTotal results

In conclusion, the site whatsapp.com is a medium security risk according to Sucuri. Sucuri found indication of possible malware but no associated security vendor has blacklisted the domain.  Furthermore, no security vendor associated with VirusTotal has flagged the domain as malicious.

Related