# web-whataspp.com — MALICIOUS

> Beware of web-whataspp.com, a crypto drainer impersonating WhatsApp. 14/95 VirusTotal detections flag this domain. Verify with PhishDestroy before clicking.

## Summary
PhishDestroy identifies web-whataspp.com as an active crypto drainer domain posing as WhatsApp, carrying an elevated risk level. This domain, registered through Gname.com Pte. Ltd., was created on August 19, 2025, and resolves to IP 134.122.169.21. Its SSL certificate is issued by Let’s Encrypt, and 14 out of 95 security vendors on VirusTotal have flagged it. While the domain itself is not widely present on major threat intelligence feeds, the use of a recently created domain coupled with a low trust score and partial detection coverage warrants heightened caution.  This domain was flagged due to its likely role in draining cryptocurrency wallets through fake WhatsApp login portals. The combination of an active SSL certificate, a newly registered domain (NRD) status, and moderate detection rates suggests a campaign that may be evolving or targeting specific regions. The low but significant detection ratio (14/95) indicates that detection signatures are still developing, which increases the window of opportunity for malicious actors to operate undetected.  Users are advised to avoid interacting with web-whataspp.com entirely. If the site prompts for login or crypto wallet connection, treat it as malicious. Validate any WhatsApp-related links via official channels (whatsapp.com or the app itself). Consider installing browser extensions like PhishDestroy to automatically scan and block known malicious domains. Organizations should block this domain at the network perimeter and update IDS/IPS rules using the IP and domain indicators. Crypto users should verify all wallet connection requests manually and never enter private keys or seed phrases on unverified sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-19 07:36:07
- Registrar: Gname.com Pte. Ltd.
- IP: 134.122.169.21

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bbacbfc5-82cd-49f0-a78b-87f7b9b60c34
- PhishDestroy: https://phishdestroy.io/domain/web-whataspp.com/
- LLM endpoint: https://phishdestroy.io/domain/web-whataspp.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web-whataspp.com/
Last updated: 2026-03-21