Solved wa-whatsapp(dot)com Is it Phishing/Scam?

[RRlight]

I got this message (1st and 2nd picture) from WhatsApp this morning (should be WhatsApp since it's the same number it uses to send verification numbers for login). It says my account has been detected to be viewing/publishing sensitive content, and I have to verify my account at wa-whatsapp(dot)com, a link that looks somewhat suspicious (Virustotal 1/90+ though); otherwise, my account will be permanently banned. In fact, I haven't used WhatsApp for quite some weeks. I asked in the WhatsApp Help, and the AI just said my account is fine. Is it truly WhatsApp or just a scam with some techniques showing itself as WhatsApp in SMS app (like the 2nd picture)?

I also doubt if WhatsApp would send Chinese notification messages like this though I'm from China. There is no nationality setting in WhatsApp as far as I know, and the phone number is not Chinese either.

Tried with Anyrun sandbox but found nothing. Report: Analysis wa-whatsapp.com No threats detected - Interactive analysis ANY.RUN

 

[Moonhorse]

Mcafee scam detector says it seems to be scam, unknownn sender, suspicious link & unusual formatting

Its pretty much tricks you to join some channel/talk to person that will try to scam you ( no idea)

 

[Wrecker4923]

There was a post on Reddit somewhat like yours: . Their URL is even more suspicious than yours, although your URL's domain (wa-whatsapp.com) based on its domain info doesn't look like WhatsApp's domain at all, and being redirected to a legitimate URL is suspicious nonetheless.

Is the number that "WhatsApp" sent you the messages from a regular number or a short code? A regular number can be spoofed. If this is from a regular number, even if WhatsApp had used it before, I'd say this is a phishing scam.

 

[Parkinsond]

There is whatsapp and web dot whatsapp ; no such domains (v dot whatsapp or wa dash whatsapp).

 

[Parkinsond]

although your URL's domain (wa-whatsapp.com) based on its domain info doesn't look like WhatsApp's domain at all

This domain directed me to this page:

Share on WhatsApp

WhatsApp Messenger: More than 2 billion people in over 180 countries use WhatsApp to stay in touch with friends and family, anytime and anywhere. WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world.

api.whatsapp.com

It has a valid certificate, McAfee web advisor did not object, but I have noticed the open tabl lacks whatsapp logo.

 

[Wrecker4923]

This domain directed me to this page:...
It has a valid certificate, McAfee web advisor did not object, but I have noticed the open tabl lacks whatsapp logo.

That's interesting. It also redirected me to a URL with a US number, but different from yours; I thought it would have the same number always.

You clicked on the link, the server thought you didn't fit a set criterion, and sent you to a legitimate URL. Classic misdirection.

If you look in the registrant info on wa-whatsapp.com, it's a Chinese-registered domain. The whatapps.com domain uses a different registrar, with the registrant not masked with WhatsApp's address in Menlo Park.

 

[RRlight]

Is the number that "WhatsApp" sent you the messages from a regular number or a short code?

Well, no number. I click on the “avatar” of this WhatsApp then info, there’s nothing.

 

[Parkinsond]

Osprey detected one of them

 

[andytan]

Outside of whether or not the link is detected/reported as malicious the message has the elements of a scam/phishing attempt.

1. Sense of urgency is being created: Click this link to avoid being banned/locked out/deleted etc. often specifying a some short time frame -> This is often the most important & frequent indicator in my opinion
2. Non-traditional method of communication or we'll say an external contact: Using an external form of communication than the communication system it owns (sending you an SMS vs. even using whatsapp and not being the whatsapp corporate verified account)
3. Similar yet somewhat different website address: At first it looks fine seeing the word whatsapp but altered.


Also f-secure detected the link as malicious.

 

[Marko :)]

Domain is registered on 11/12/2024 and updated on 07/08/2025. Out of 94 vendors present on VirusTotal, only one of them detects phishing domain. URLVoid? 0/39.



From what I understand, the purpose of the website is to redirect you to legit WhatsApp page which is then supposed to launch WhatsApp and start texting the constantly changing phone number with message content "开始验证".

@Trident This is what I was talking about in the thread before. Phishing campaign that started long time ago and none of the vendors block it except few. I just reported domain to Google Safe Browsing team, we'll see how long it will take them to react.

 

[Trident]

This is what I was talking about in the thread before. Phishing campaign that started long time ago and none of the vendors block it except few. I just reported domain to Google Safe Browsing team, we'll see how long it will take them to react.

That’s impossible to detect via any other means because there is no brand impersonation. Norton SafeWeb already flags the website.

 

[Parkinsond]

That’s impossible to detect via any other means because there is no brand impersonation. Norton SafeWeb already flags the website.

However, Norton safeweb is very aggressive; it labelled three out of four media websites as malicious, which all were not detected by McAfee webadvisor.

 

[Parkinsond]

Symantec browser protection is also detecting

 

[Studynxx]

Don't listen to the message, it's phishing.

 

[Zero Knowledge]

WhatsApp is scammer central, it's become useless and full of garbage content with crypto scams and investment scams everywhere. I wouldn't trust any link or message to do with it these days.

 

[Trident]

WhatsApp is scammer central, it's become useless and full of garbage content with crypto scams and investment scams everywhere. I wouldn't trust any link or message to do with it these days.

These scams are everywhere, on every platform, be it communication, dating, or other forms of social media. They are also on video sharing sites.

 

[piquiteco]

These scams are everywhere, on every platform, be it communication, dating, or other forms of social media. They are also on video sharing sites.

SCAMMER

 

[Studynxx]

These scams are everywhere, on every platform, be it communication, dating, or other forms of social media. They are also on video sharing sites.

Moreso over at telegram tbh because it's actually encrypted. WhatsApp's encryption is questionable, I'm sure Meta would love to hand out data to authorities.