urlscan.io logo urlscan.io
SecurityTrails logo

waa.nhbbuio.com Open in urlscan Pro
104.21.81.216  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjn4NOG7eiAAxXKxJYKHYAMBpEYABAGGgJ0bA&gclid=EAIaIQobChMI5-DThu3ogAMVys...
Effective URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Submission: On August 19 via manual from HK — Scanned from SE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 104.21.81.216, located in and belongs to CLOUDFLARENET, US. The main domain is waa.nhbbuio.com.
TLS certificate: Issued by GTS CA 1P5 on August 16th 2023. Valid for: 3 months.
This is the only time waa.nhbbuio.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 1 142.250.185.66 15169 (GOOGLE)
7 104.21.81.216 13335 (CLOUDFLAR...)
7 1
Apex Domain
Subdomains		 Transfer
7 nhbbuio.com
waa.nhbbuio.com
141 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 157
722 B
7 2
Domain Requested by
7 waa.nhbbuio.com waa.nhbbuio.com
1 www.googleadservices.com 1 redirects
7 2

This site contains no links.

Subject Issuer Validity Valid
nhbbuio.com
GTS CA 1P5		 2023-08-16 -
2023-11-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Frame ID: FC29D1847FB29CFEC2FEEB47B2A3AB3F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WhatsApp

Page URL History Show full URLs

  1. https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjn4NOG7eiAAxXKxJYKHYAMBpEYABAGGgJ0bA&gclid=EAIaIQ... HTTP 302
    https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

141 kB
Transfer

558 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjn4NOG7eiAAxXKxJYKHYAMBpEYABAGGgJ0bA&gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE&ohost=www.google.com&cid=CAASJeRopV8OcJrByG9TLSkR3VcwACp1wYUju06kflY2o4IP3ElQTdU&sig=AOD64_3sGXLBHMw74lH3OgNEbmY__p90Aw&q&adurl&ved=2ahUKEwiLwc2G7eiAAxWA1TQHHTgqDPEQ0Qx6BAgHEAE HTTP 302
    https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
waa.nhbbuio.com/
Redirect Chain
  • https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjn4NOG7eiAAxXKxJYKHYAMBpEYABAGGgJ0bA&gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE&ohost=www.google.com&cid=CAASJeRopV8Oc...
  • https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
14 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
546f8c18448e4ded14989f07c6291a90a26fd55baad8556fcf6b0fe0460bfe0e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7f9302b71e3928aa-AMS
content-encoding
br
content-type
text/html
date
Sat, 19 Aug 2023 14:15:47 GMT
last-modified
Wed, 16 Aug 2023 10:46:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FG36pyJUvqfBcgoRJN3bi4H2y%2FKYmdfPzyq%2Fund%2FJcuTXmy7ow%2BsaVPCUffUzmwwdw87SS3GLAqHhi6N3eKN3MZQUmPt749kF0VkCJaI%2BXsNSIGEzXwWA1cXUvEooveZoQU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-Full-Version Sec-CH-UA-Arch Sec-CH-UA-Model Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-WoW64
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 19 Aug 2023 14:15:46 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
p3p
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
adclick_server
x-content-type-options
nosniff
x-xss-protection
0
stylex-zcxetc4wtv56bv5.css
waa.nhbbuio.com/css/ 		114 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/css/stylex-zcxetc4wtv56bv5.css
Requested by
Host: waa.nhbbuio.com
URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 19 Aug 2023 14:15:48 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Aug 2023 15:48:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d7a9b0-1c673"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHuDcV75w4QEGhjfQNZT3Ah4r5yQTk1Hw4UF20vV850TG31iiEgArYy%2FWLSE0Ndjphsn%2BOnWPf62Z7%2BC3uX7ZOSAJBpofDM%2FRzxK6xCQ1P01jTr%2FZ7wyKQgVzrDL1o3ODUw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
7f9302b9e90728aa-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 20 Aug 2023 02:15:47 GMT
bootstrap_qr-czcer2c3233c2.css
waa.nhbbuio.com/css/ 		91 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/css/bootstrap_qr-czcer2c3233c2.css
Requested by
Host: waa.nhbbuio.com
URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
455f7bef247c7bd3cad535a636bfc25f89cb3371a728b14f048c21e4b9cc0580

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 19 Aug 2023 14:15:48 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Aug 2023 15:48:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d7a9b0-16d49"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJ9clsW86%2BDhtzkwrNSoJinYmNUSLHtc50fQ21%2Fvxg8MEPsonud4lbkGLb0oNTRrVIHVO7LmHrpeW51supf6ZQwdleXfYJdY%2B3aEnDrVCJw59MxLm2MbqnPHvHikGVuIl3A%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
7f9302b9e90928aa-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 20 Aug 2023 02:15:47 GMT
bootstrap_main.05bv4mu9ucnt.css
waa.nhbbuio.com/css/ 		226 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/css/bootstrap_main.05bv4mu9ucnt.css
Requested by
Host: waa.nhbbuio.com
URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 19 Aug 2023 14:15:48 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Aug 2023 15:48:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d7a9b0-38629"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6KmW7uLd3nVGnLaifnlduPgBZp2ew5AUtbghJCQwjB1tzYhANZKbkY%2BFWjS4YjJZQd8acEJqCHR60wjMmcYKPKdyHhbJBxURF4u82q4um%2B9qW9bmxaOrOl%2FJoKV7uUu0RfM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
7f9302b9e90a28aa-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 20 Aug 2023 02:15:47 GMT
v54t5b637c23r3.jquery.min.js
waa.nhbbuio.com/js/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/js/v54t5b637c23r3.jquery.min.js
Requested by
Host: waa.nhbbuio.com
URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 19 Aug 2023 14:15:48 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Aug 2023 15:48:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d7a9b0-16bab"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3IRwKgWaEphJtGvDu2luw%2BydBBqXUJo5IDbMMHlrzOg%2F%2BOUxZC3WsO8ehb0pnTlDCgbu4iHLGlfIZx%2B5CczhKTqwZtKMGWxP9WMOxe03JJBRXs5ERtLxwdyKxWDn74GrYUQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
7f9302b9e90b28aa-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 20 Aug 2023 02:15:47 GMT
094vihy4mowv.jquery.cookie.js
waa.nhbbuio.com/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/js/094vihy4mowv.jquery.cookie.js
Requested by
Host: waa.nhbbuio.com
URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 19 Aug 2023 14:15:47 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Aug 2023 15:48:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d7a9b0-c30"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tElPheFo9OzbB7KG4aIMAQ5zHEVtQIBp8l%2FBAKos%2B69m%2BqLxMGArWME%2BSLxmQW%2BhvDbmCeJ99UxR3tEXolBQf%2F0%2BnH6pdr5%2BwDPlsRMWjNA9z8Lp8m3WO1LMFCO1mK%2B1PTk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
7f9302b9e90c28aa-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 20 Aug 2023 02:15:47 GMT
65wevti874bu3.qrcode.min.js
waa.nhbbuio.com/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waa.nhbbuio.com/js/65wevti874bu3.qrcode.min.js
Requested by
Host: waa.nhbbuio.com
URL: https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.81.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://waa.nhbbuio.com/?gclid=EAIaIQobChMI5-DThu3ogAMVysSWCh2ADAaREAMYASAAEgKgovD_BwE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 19 Aug 2023 14:15:47 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Aug 2023 15:48:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d7a9b0-4dd7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHVclzEyqpGn2U5p8sMR63VGIFqZdvfg2kd%2FygJsefjpMUqyPwWFCjIvq%2FqmSOqY%2BpCIAU2UsUxLar9EixRqzBg9TVB4I2PkydVub%2B6%2BXc7j5hOjX5I8669ejJnFaQP1TYY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
7f9302b9e90f28aa-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 20 Aug 2023 02:15:47 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| QRCode function| guid function| sock function| qrcode function| qrcode2 function| refreshqrcode

1 Cookies

Domain/Path Name / Value
www.googleadservices.com/pagead/conversion/11303695543/ Name: Conversion
Value: EgwIABUAAAAAHQAAAAAYASCRt6zBpKLF9PkBSAFqN0VBSWFJUW9iQ2hNSTUtRFRodTNvZ0FNVnlzU1dDaDJBREFhUkVBTVlBU0FBRWdLZ292RF9Cd0VwzcCzr_TogAOQAZ3N35DqEZgBAA