# whatsapp.metadscredit.com — MALICIOUS > PhishDestroy identifies whatsapp.metadscredit.com as a WhatsApp credential phishing site targeting mobile users. ## Summary PhishDestroy identifies whatsApp.metadscredit.com as an active WhatsApp-themed phishing domain designed to harvest user credentials under the guise of a legitimate login portal. This malicious site masquerades as the official WhatsApp web interface to deceive victims into entering their account credentials, which are then exfiltrated to attacker-controlled infrastructure. The domain employs spoofed branding and a deceptive landing page (Index of /) to enhance authenticity, tricking users into believing they are accessing a trusted service. The threat posed by whatsapp.metadscredit.com is corroborated by multiple security vendors and threat intelligence platforms. VirusTotal confirms detection by 10 out of 95 security vendors, underscoring its malicious nature. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on August 19, 2025 — a recent registration indicative of opportunistic domain squatting. It resolves to IP address 188.114.97.3 and is flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category, confirming its use in deceptive impersonation campaigns. Despite utilizing a Google Trust Services SSL certificate, the site’s malicious intent is evident through its phishing infrastructure and lack of legitimate affiliation with WhatsApp. Users who have accessed this domain should immediately assess whether they entered any credentials or personal information. If credentials were submitted, rotate passwords for whatsapp.metadscredit.com and any other accounts using the same or similar passwords, including your actual WhatsApp account if the same credentials were reused. Enable multi-factor authentication on all critical accounts, especially WhatsApp, and scan devices for malware or unauthorized access. Report the incident to your IT or security team and refrain from interacting with the domain further. Organizations should consider blocking the domain at the firewall or DNS level and monitor for anomalous login attempts or credential stuffing attacks linked to this campaign. Proactive user education on recognizing phishing lures, particularly those mimicking popular messaging platforms, remains essential to mitigating credential theft and account takeover risks. ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP ?) - Page title: Index of / ## Domain Intelligence - Registered: 2025-08-19 21:59:03 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/66c92562-aa75-433b-b08b-1551c017f395 - PhishDestroy: https://phishdestroy.io/domain/whatsapp.metadscredit.com/ - LLM endpoint: https://phishdestroy.io/domain/whatsapp.metadscredit.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/whatsapp.metadscredit.com/ Last updated: 2026-04-13