uaa.ojadjfdjkcn.top Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Submission: On November 09 via automatic, source openphish — Scanned from NL

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is uaa.ojadjfdjkcn.top.
TLS certificate: Issued by GTS CA 1P5 on November 8th 2023. Valid for: 3 months.
This is the only time uaa.ojadjfdjkcn.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
8 2a06:98c1:312... 13335 (CLOUDFLAR...)
8 2
Apex Domain
Subdomains
Transfer
8 ojadjfdjkcn.top
uaa.ojadjfdjkcn.top
142 KB
8 1
Domain Requested by
8 uaa.ojadjfdjkcn.top uaa.ojadjfdjkcn.top
8 1

This site contains no links.

Subject Issuer Validity Valid
ojadjfdjkcn.top
GTS CA 1P5
2023-11-08 -
2024-02-06
3 months crt.sh

This page contains 1 frames:

Primary Page: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Frame ID: 2B70E1F53C5DF31C2362A8E1BBE95C35
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

WhatsApp

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

142 kB
Transfer

567 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
uaa.ojadjfdjkcn.top/
10 KB
5 KB
Document
General
Full URL
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2387f96fe7aaf2261b5eb5845dd7b2c8410a006d9de81c5bb1764e93ad2e0b2b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8232517e19e76625-AMS
content-encoding
br
content-type
text/html
date
Thu, 09 Nov 2023 01:35:19 GMT
last-modified
Mon, 30 Oct 2023 10:59:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BR%2F92%2B%2FGB1RICeDTybfJLtEC%2F8hZiyVdKWXQgCvXjktAbwvWbgYS0hVa4l28GVv1R%2FpjTQHZKGMrE8ZI7D8xNVw3GJCURMxco6C8EDphKTrspR7mwRYzbIrVzjG81QxCGQ3SPz65vl%2F7QeBFJz3A8Hz"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
zcvdgha.css
uaa.ojadjfdjkcn.top/css/
114 KB
29 KB
Stylesheet
General
Full URL
https://uaa.ojadjfdjkcn.top/css/zcvdgha.css
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:19 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 11 Aug 2023 05:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d5ccad-1c673"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TR0X2kn5iFezEPRclSzWgIdXHxheDmZjmvOVW%2Fqtu6jbrcaPSWPu3R0bzKGlkI6Q3lGDdkxpe2OTgnOW4OpY3jYoQVfVnf31slnUKPN%2FNWw4jGNTYN%2FgIc8Hbzldl7DaTiIMquGMPnHEiWSJEh9FK6Ts"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
823251819b9d6625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
bo382.css
uaa.ojadjfdjkcn.top/css/
91 KB
20 KB
Stylesheet
General
Full URL
https://uaa.ojadjfdjkcn.top/css/bo382.css
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
455f7bef247c7bd3cad535a636bfc25f89cb3371a728b14f048c21e4b9cc0580

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:19 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 11 Aug 2023 05:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d5ccad-16d49"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7r0U%2FMXJdDoxR5Jy6kuhD941p%2BwXCI9mE%2BibzVTbt63CdlkKI2UDSfyjQYFMAJHmFcpu3mNXX2nDyad6aghx6EX8wOEnN7i9KclISIh%2B15nPcPK6pmI%2F%2BG8J2GUYQ4P%2BacluRlQydAIzQ8nhe1COyJP7"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
823251819b9f6625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
e1ufu.css
uaa.ojadjfdjkcn.top/css/
226 KB
44 KB
Stylesheet
General
Full URL
https://uaa.ojadjfdjkcn.top/css/e1ufu.css
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:19 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 11 Aug 2023 05:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d5ccad-38629"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDWki3ctVOzW3QxVV4cz4IlQUKrB12JlrmR9K7BiQdXHNnUwhK%2ByJnq5ikP2QlCYJ%2BlgMZuJeP6CE4y5ZBfqv3QX92FeEtRIf4GxX6dsYw47q5uGxg41ZaOhMhs9ElO5BU%2B6fzpG12zkhlPG6UqubHfq"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
823251819ba06625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
vio22.js
uaa.ojadjfdjkcn.top/js/
91 KB
33 KB
Script
General
Full URL
https://uaa.ojadjfdjkcn.top/js/vio22.js
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:20 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 11 Aug 2023 05:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d5ccad-16bab"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sw2M32%2FfptdQ4NCVw7gIJgG9z%2FOclurPml2c1nvO0ZJh55iTTWFklJewpmDBeFzU0V45SbaH3qdirFVbVdXItzYIsQ8Xp369D9l3aLBZRifMp4laREdPZI5h4Z%2FHtGJKYoc03K%2B2B6CwEYBXx8yewBGu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
823251819ba16625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
i6fre.js
uaa.ojadjfdjkcn.top/js/
3 KB
2 KB
Script
General
Full URL
https://uaa.ojadjfdjkcn.top/js/i6fre.js
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:19 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 11 Aug 2023 05:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d5ccad-c30"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVfDBLNerr1ubzwzBnsVzlXNGqCTyms8djmM3VeBbr6w4Ds45ZokUwzyyL%2FBqIRuPQoY%2Fo2M5Ild7KNLtAFRX6l8FtI8%2BNRfSC%2BXbBfoRkNi6jW%2BMhO0JdVx1KU9ELCoALfR0v3570aITktc1SIPzjDo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
823251819ba26625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
qoihv62.js
uaa.ojadjfdjkcn.top/js/
19 KB
7 KB
Script
General
Full URL
https://uaa.ojadjfdjkcn.top/js/qoihv62.js
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:19 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 11 Aug 2023 05:52:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64d5ccad-4dd7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VK8Eci7KBDKL%2FaCcx%2BRgy5jYUoGz7VqZo3EO1KxMjucZbZlDK122ybq4k30bQLAKCIP11BPZp8w1MJgjRZ%2BdmbpXRjOUwulqLREHz49pbVO06THVhzk4%2BTtpI2w5uzM6tK73ua9UqkR03xXMpz0gPrc0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
823251819ba36625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
bcagjq8.js
uaa.ojadjfdjkcn.top/js/
3 KB
2 KB
Script
General
Full URL
https://uaa.ojadjfdjkcn.top/js/bcagjq8.js
Requested by
Host: uaa.ojadjfdjkcn.top
URL: https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
144f9b1e972d0b908fee7dc4e93471b73033d05a20c40eb42d1ac879525331ce

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://uaa.ojadjfdjkcn.top/?gclid=EAIaIQobChMIi5zyyfyzggMVxKpmAh0p2Q0NEAMYASAAEgKy6fD_BwE/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 01:35:19 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 30 Oct 2023 10:57:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"653f8c17-dae"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yG85TSeN34OqrbXbtNB6gvzhRqpTXjo%2FXWxUXDjwO9MTmOk3T2dvfaJc%2FdPlUqJ8OvALlnl86Ix5xI%2BQphCsdwjMzAmG7ola3imf5QS1M1skOzFAc7RoK9YGwNiaHtpBhhIIPHI2M%2FEn5ttPIcH8oSmR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
823251819ba46625-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 Nov 2023 13:35:19 GMT
truncated
/
85 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e2d96116dfecaa1440e9ce61b47332b775f6043a0381777c6b820310c234c13c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| QRCode function| guid function| getLocation function| sock function| qrcode function| qrcode2 function| refreshqrcode

0 Cookies