WhatsApp (whatsapp.com) is an available freeware, multi-platform messaging service that allows users to send text messages, make voice and video calls, and share statuses and media content such as voice memos, images, documents, and more. Whatsapp.com is compatible with many mobile phones and computer operating systems making it accessible across different devices. Its user-friendly interface is key to this site’s success as it facilitates a good user experience for people of all ages. As of January 2023, the site whatsapp.com has 2.9 billion monthly views, according to Similar Web. The Wayback Machine estimates that whatsapp.com was founded on January 24, 2009. Whatsapp.com started being crawled by the Wayback Machine in 2009. To date, whatsapp.com has been crawled 98,402 times showing its rate has been increasing steadily with an upsurge between 2015 and 2016 and traffic has not dropped off. As illustrated on SimilarWeb, the site whatsapp.com gets 85% of its traffic directly from the domain and 9% from search engines.
Is whatsapp.com Safe?
I analyzed whatsapp.com for malware and malicious content to check if it was legit or a scam. Here are the results:
I checked whatsapp.com on Sucuri, and it returned as a medium security risk. Results: Sucuri scan for the site whatsapp.com.
Sucuri found several issues with this domain. I will list them below.
Site issue 1 (anomaly behavior).
http://whatsapp.com/
<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“ne+Ol4t”,”VbwjDnG”,”fWpW5wc”,”P5QVif6″,”xapIJIl”,”8TNZYzX”,”oCLtibS”]);});</script>
Redirects to https://www.whatsapp.com/?_fb_noscript=1
Site issue 2 (anomaly behavior).
https://www.whatsapp.com/community
<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”8TNZYzX”,”\/fBFaxH”,”oCLtibS”]);});</script>
Redirects to https://www.whatsapp.com/community?_fb_noscript=1
Site issue 3 (unable to scan).
https://www.whatsapp.com/download
HTTP redirect <301 Moved Permanently>
Redirects to itms-appss://apps.apple.com/us/app/whatsapp-messenger/id310633997
Site issue 4 (anomaly behavior).
https://www.whatsapp.com/expressyourself
<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”8TNZYzX”,”\/fBFaxH”,”oCLtibS”]);});</script>
Redirects to https://www.whatsapp.com/expressyourself?_fb_noscript=1
Site issue 5.
https://www.whatsapp.com/stayconnected
<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”xapIJIl”,”8TNZYzX”,”oCLtibS”]);});</script>
Redirects to https://www.whatsapp.com/stayconnected?_fb_noscript=1
Site issue 6.
https://www.whatsapp.com/stories
<script>requireLazy([“InitialJSLoader”], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady([“VbwjDnG”,”fWpW5wc”,”P5QVif6″,”xYnbfih”,”R5w1rCJ”,”X9COSxX”,”xapIJIl”,”8TNZYzX”,”oCLtibS”]);});</script>
Redirects to https://www.whatsapp.com/stories?_fb_noscript=1
Sucuri says the site whatsapp.com is a medium security risk because a site issue was detected finding possible malware.
Security hardening flaws:
- The ‘unsafe-inline’ keyword in
Content-Security-Policyis not recommended. Consider using unsafe-hashes or nonces instead. Affected pages:
https://www.whatsapp.com/?_fb_noscript=1 for iPad’s UA
https://www.whatsapp.com/community?_fb_noscript=1
https://www.whatsapp.com/expressyourself?_fb_noscript=1
https://www.whatsapp.com/stayconnected?_fb_noscript=1
https://www.whatsapp.com/stories?_fb_noscript=1
I then ran a parasite scan with Unmask Parasites on whatsapp.com, and it is suspicious. Results: Unmask Parasites scan for the site whatsapp.com.
Unmask Parasites cites 9 hidden external links found:
https://www.facebook.com/brand/resources/whatsapp/whatsapp-brandhttps://www.facebook.com/profile.php?id=100064758844406https://www.instagram.com/whatsapp/?hl=enhttps://www.youtube.com/channel/UCAuerig2N-RZWJT8x75V9ywhttps://twitter.com/whatsapphttps://static.whatsapp.net/rsrc.php/v3/yY/r/1ItSdHKUFAF.js?_nc_x=Ij3Wp8lg5Kzhttps://business.whatsapp.com/https://faq.whatsapp.com/https://blog.whatsapp.com/https://web.whatsapp.com/
I also checked whatsapp.com on VirusTotal, and it is clean. Results: VirusTotal scan for the site whatsapp.com.
In conclusion, whatsapp.com is a medium security risk according to Sucuri. Sucuri found indication of possible malware but no associated security vendor has blacklisted whatsapp.com. Furthermore, no security vendor associated with VirusTotal has flagged whatsapp.com as malicious. OVERALL GRADE: Relatively Safe.
Links and Profiles
Website: whatsapp.com