waa.nhbbuio.com
Open in
urlscan Pro
104.21.81.216
Malicious Activity!
Public Scan
Effective URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Submission: On August 19 via manual from HK — Scanned from SE
Summary
TLS certificate: Issued by GTS CA 1P5 on August 16th 2023. Valid for: 3 months.
This is the only time waa.nhbbuio.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 142.250.185.66 142.250.185.66 | 15169 (GOOGLE) (GOOGLE) | |
7 | 104.21.81.216 104.21.81.216 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 1 |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
nhbbuio.com
waa.nhbbuio.com |
141 KB |
1 |
googleadservices.com
1 redirects
www.googleadservices.com — Cisco Umbrella Rank: 157 |
722 B |
7 | 2 |
Domain | Requested by | |
---|---|---|
7 | waa.nhbbuio.com |
waa.nhbbuio.com
|
1 | www.googleadservices.com | 1 redirects |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nhbbuio.com GTS CA 1P5 |
2023-08-16 - 2023-11-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Frame ID: FC29D1847FB29CFEC2FEEB47B2A3AB3F
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
WhatsAppPage URL History Show full URLs
-
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjn4NOG7eiAAxXKxJYKHYAMBpEYABAGGgJ0bA&gclid=EAIaIQ...
HTTP 302
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjn4NOG7eiAAxXKxJYKHYAMBpEYABAGGgJ0bA&gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE&ohost=www.google.com&cid=CAASJeRopV8OcJrByG9TLSkR3VcwACp1wYUju06kflY2o4IP3ElQTdU&sig=AOD64_3sGXLBHMw74lH3OgNEbmY__p90Aw&q&adurl&ved=2ahUKEwiLwc2G7eiAAxWA1TQHHTgqDPEQ0Qx6BAgHEAE
HTTP 302
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
waa.nhbbuio.com/ Redirect Chain
|
14 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylex-zcxetc4wtv56bv5.css
waa.nhbbuio.com/css/ |
114 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap_qr-czcer2c3233c2.css
waa.nhbbuio.com/css/ |
91 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap_main.05bv4mu9ucnt.css
waa.nhbbuio.com/css/ |
226 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v54t5b637c23r3.jquery.min.js
waa.nhbbuio.com/js/ |
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
094vihy4mowv.jquery.cookie.js
waa.nhbbuio.com/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
65wevti874bu3.qrcode.min.js
waa.nhbbuio.com/js/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| QRCode function| guid function| sock function| qrcode function| qrcode2 function| refreshqrcode1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.googleadservices.com/pagead/conversion/11303695543/ | Name: Conversion Value: EgwIABUAAAAAHQAAAAAYASCRt6zBpKLF9PkBSAFqN0VBSWFJUW9iQ2hNSTUtRFRodTNvZ0FNVnlzU1dDaDJBREFhUkVBTVlBU0FBRWdLZ292RF9Cd0VwzcCzr_TogAOQAZ3N35DqEZgBAA |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
waa.nhbbuio.com
www.googleadservices.com
104.21.81.216
142.250.185.66
455f7bef247c7bd3cad535a636bfc25f89cb3371a728b14f048c21e4b9cc0580
546f8c18448e4ded14989f07c6291a90a26fd55baad8556fcf6b0fe0460bfe0e
55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af
9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240