bb-wa.me
Open in
urlscan Pro
2606:4700:3037::6815:57cf
Malicious Activity!
Public Scan
Submission: On March 23 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on March 22nd 2024. Valid for: 3 months.
This is the only time bb-wa.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco do Brasil (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3037::6815:57cf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:440... 2606:4700:4400::6812:2844 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42::485 2a04:4e42::485 | 54113 (FASTLY) (FASTLY) | |
1 | 170.66.14.84 170.66.14.84 | 11993 (BANCO DO ...) (BANCO DO BRASIL S.A.) | |
1 | 2a04:4e42:77:... 2a04:4e42:77::159 | 54113 (FASTLY) (FASTLY) | |
2 | 170.66.192.4 170.66.192.4 | 11993 (BANCO DO ...) (BANCO DO BRASIL S.A.) | |
6 | 2606:4700:e6:... 2606:4700:e6::ac40:cc14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 7 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3290 ka-f.fontawesome.com — Cisco Umbrella Rank: 7004 |
303 KB |
3 |
bb.com.br
www49.bb.com.br cdn.bb.com.br |
389 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 437 |
59 KB |
1 |
twimg.com
pbs.twimg.com — Cisco Umbrella Rank: 1060 |
244 KB |
1 |
bb-wa.me
bb-wa.me |
2 KB |
14 | 5 |
Domain | Requested by | |
---|---|---|
6 | ka-f.fontawesome.com |
kit.fontawesome.com
bb-wa.me |
2 | cdn.bb.com.br |
bb-wa.me
|
2 | cdn.jsdelivr.net |
bb-wa.me
|
1 | pbs.twimg.com |
bb-wa.me
|
1 | www49.bb.com.br |
bb-wa.me
|
1 | kit.fontawesome.com |
bb-wa.me
|
1 | bb-wa.me | |
14 | 7 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bb-wa.me GTS CA 1P5 |
2024-03-22 - 2024-06-20 |
3 months | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2025-01-03 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
www49.bb.com.br GeoTrust EV RSA CA G2 |
2023-07-05 - 2024-07-09 |
a year | crt.sh |
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-07-21 - 2024-08-20 |
a year | crt.sh |
cdn.bb.com.br GeoTrust EV RSA CA G2 |
2024-03-14 - 2025-03-13 |
a year | crt.sh |
ka-f.fontawesome.com GTS CA 1P5 |
2024-03-05 - 2024-06-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bb-wa.me/
Frame ID: C30F1641A0580C469234AD5A1BF61F1A
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
BB | ContestaçãoDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Whatsapp
Search URL Search Domain Scan URL
Title: Chat
Search URL Search Domain Scan URL
Title: Ligação
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
bb-wa.me/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9464b2a436.js
kit.fontawesome.com/ |
12 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/ |
227 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www49.bb.com.br/web-integrador/app/docs/comum/images/structure/header/ |
2 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-8XjMBt1
pbs.twimg.com/ad_img/1342204483774906380/ |
243 KB 244 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Prancheta-1-1.png
cdn.bb.com.br/wp-content/uploads/2022/11/ |
203 KB 204 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Prancheta-2-1.png
cdn.bb.com.br/wp-content/uploads/2022/11/ |
180 KB 181 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/ |
79 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.5.1/css/ |
101 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.5.1/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.5.1/css/ |
823 B 716 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.5.1/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.5.1/webfonts/ |
153 KB 153 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v6.5.1/webfonts/ |
115 KB 115 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco do Brasil (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig number| uidEvent object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bb-wa.me
cdn.bb.com.br
cdn.jsdelivr.net
ka-f.fontawesome.com
kit.fontawesome.com
pbs.twimg.com
www49.bb.com.br
170.66.14.84
170.66.192.4
2606:4700:3037::6815:57cf
2606:4700:4400::6812:2844
2606:4700:e6::ac40:cc14
2a04:4e42:77::159
2a04:4e42::485
26124185bb1a42bd0c3580911f7dc0a3a7eb7c342d686ddbd9039736214129ff
4e1ca022ca46fe7d3378e2ce64b4eec93ed05bab22a685e662095496afa7efd8
5031c11dd77875afefe4eeddfaa320af07fdccea327f7416a5ee8980674c9c76
58522c58cbb9b2231026ce7d65096807a3f97fffaf22cea6fb180590286fa53d
6530f32fa70a330cd76547497f20048ae081dcc897af26befc84600357ba06be
7f1d37f0d90b6385354c2ac10e2bb91563c46bd7a266ed351222ebcac8496c2a
a93f7f459e0dabc5d86e6b6e3936c07d2dd02b52369f26bb7e8c0005a5d26368
aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04
b2bfe99e2e78f71c88eb00c49e1392a15531fb6486d0d0c2ea71937dda34deab
c6c902cfe6773fe2d0046d2ad933e34f61da0ec24e84830aa3851a29cb4ad1c4
df1acffb65c1d7e22eb5b55a97cdc111b958b15606212193c180456e97848c7f
f581083ac72ae169a698cd0cb7f02d8bb2e079844bfad68cc98df5b3c4692408
f75d5b4d27d0b63d5aa94b32c3ce4b7adf9cf91b050e93d582e547a3f314bc6d
fc1c5d8c9aa750b035f80171038766b502616cd3f1b52abbff668a712c485274