![](/screenshots/25a9f587-cfcc-492c-988a-2503485fe15c.png)
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Submission: On May 29 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USAA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:303... 2606:4700:3031::ac43:806c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | () () | ||
15 | 2606:4700:310... 2606:4700:310c::ac42:2f35 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700:310... 2606:4700:310c::ac42:2ccb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
35 | 8 |
ASN13335 (CLOUDFLARENET, US)
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
pages.dev
1 redirects
sdsfsfsfs.pages.dev |
437 KB |
2 |
z0c3u.com
z0c3u.com |
114 KB |
2 |
r2.dev
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev |
862 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
5 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 2465 |
30 KB |
0 |
usaa.com
Failed
content.usaa.com Failed |
|
35 | 6 |
Domain | Requested by | |
---|---|---|
17 | sdsfsfsfs.pages.dev |
1 redirects
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
|
2 | z0c3u.com |
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
|
2 | pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev |
z0c3u.com
|
1 | cdnjs.cloudflare.com |
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
|
1 | ajax.aspnetcdn.com |
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
|
0 | content.usaa.com Failed |
sdsfsfsfs.pages.dev
|
35 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.usaa.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
z0c3u.com GTS CA 1P5 |
2024-04-18 - 2024-07-17 |
3 months | crt.sh |
sdsfsfsfs.pages.dev E1 |
2024-05-01 - 2024-07-30 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-01-30 - 2025-01-30 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/sawdaasa.html
Frame ID: 7186CC2F3CB31E9E01E16CE4122EE518
Requests: 36 HTTP requests in this frame
Frame:
https://sdsfsfsfs.pages.dev/files/a
Frame ID: 061BD2594C03718F263E16A73D58D21B
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/25a9f587-cfcc-492c-988a-2503485fe15c.png)
Page Title
Member Account Login | USAADetected technologies
![](/vendor/wappa/icons/React.png)
Detected patterns
- <[^>]+data-react
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: USAA logo. Redirects to USAA home. USAA logo
Search URL Search Domain Scan URL
Title: Join USAA
Search URL Search Domain Scan URL
Title: Register for access
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Privacy Center
Search URL Search Domain Scan URL
Title: Accessibility at USAA
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- https://sdsfsfsfs.pages.dev/files/a.html HTTP 308
- https://sdsfsfsfs.pages.dev/files/a
35 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
sawdaasa.html
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/ |
553 B 862 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.js
z0c3u.com/secure4/ |
284 KB 84 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
basic.js
z0c3u.com/secure4/ |
87 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/ |
65 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tag.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
linkid.js
sdsfsfsfs.pages.dev/files/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
analytics.js
sdsfsfsfs.pages.dev/files/ |
49 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.562afa512e4a38e235af.css
sdsfsfsfs.pages.dev/files/ |
105 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.js
sdsfsfsfs.pages.dev/files/ |
273 B 652 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.318.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.272.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.233.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.288.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.417.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.327.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
react!react-dom.min.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.ec39118119936b90266f.js
sdsfsfsfs.pages.dev/files/ |
925 KB 203 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
MfAjsB
sdsfsfsfs.pages.dev/files/ |
191 KB 192 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
a
sdsfsfsfs.pages.dev/files/ Frame 061B Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
155 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9C7F15704715916A9.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
E83D71A074DF776F4.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
F68DD4439278D0467.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
12C383965421BC56F.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9ECBC8FFB535D0532.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
C1B705B7AD8D5B4C6.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
E83D71A074DF776F4.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
F68DD4439278D0467.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9ECBC8FFB535D0532.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9C7F15704715916A9.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
12C383965421BC56F.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
C1B705B7AD8D5B4C6.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
- URL
- https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/favicon.ico
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USAA (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| USAA object| webpackJsonp object| gaplugins function| ga function| $ function| jQuery number| count number| counts object| google_tag_data0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
34 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
cdnjs.cloudflare.com
content.usaa.com
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
sdsfsfsfs.pages.dev
z0c3u.com
content.usaa.com
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
152.199.19.160
2606:4700:3031::ac43:806c
2606:4700:310c::ac42:2ccb
2606:4700:310c::ac42:2f35
2606:4700::6811:180e
2606:4700::6812:223
12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2a0f5f1981d6e4409272296f297b595391ffde956f398e008b3e8579a373c81e
4583fe18f2562ebedcde2df3cafcf399f5a6f309c7bb18e3cbebb5a5e5402a4b
6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d
774633a60a8f00ded010e1b905f7e1604afa60173b09001fd4f50adc50ea2f81
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c
ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2
ef0b9dd38994625b89c173b39924691ff6e38fd2dbd1b2f2f178db36a22a5577
f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f
f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0