Looking inside the message and the link, they were able to isolate a signature quirk in the way the domain and server were configured. This WhatsApp message and link were painstakingly engineered to hide any information about the attack and any information about the identity of the attacker. The link and the final server were configured in a particularly locked-down manner. Any attempt to open a nonexistent page on the server did not return the typical “Not Found” message; the server simply did not reply to the request at all, so as not to alert the victim. This already suggested to Claudio
...more
