pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Submission: On May 29 via manual from HU — Scanned from CH
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USAA (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.67.159.66 172.67.159.66 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | () () | ||
15 | 172.66.44.203 172.66.44.203 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 172.66.47.53 172.66.47.53 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
35 | 8 |
ASN13335 (CLOUDFLARENET, US)
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
pages.dev
1 redirects
sdsfsfsfs.pages.dev |
437 KB |
2 |
it3mak3.com
it3mak3.com |
114 KB |
2 |
r2.dev
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev |
866 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
5 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 2465 |
38 KB |
0 |
usaa.com
Failed
content.usaa.com Failed |
|
35 | 6 |
Domain | Requested by | |
---|---|---|
17 | sdsfsfsfs.pages.dev |
1 redirects
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
|
2 | it3mak3.com |
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
|
2 | pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev |
it3mak3.com
|
1 | cdnjs.cloudflare.com |
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
|
1 | ajax.aspnetcdn.com |
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
|
0 | content.usaa.com Failed |
sdsfsfsfs.pages.dev
|
35 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.usaa.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
it3mak3.com GTS CA 1P5 |
2024-04-15 - 2024-07-14 |
3 months | crt.sh |
sdsfsfsfs.pages.dev E1 |
2024-05-01 - 2024-07-30 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-01-30 - 2025-01-30 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/thoraasa.html
Frame ID: 779992B64A2238BD93201C63BBBA41CC
Requests: 36 HTTP requests in this frame
Frame:
https://sdsfsfsfs.pages.dev/files/a
Frame ID: CA3F017B8239770DE82515B4B9448B88
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Member Account Login | USAADetected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: USAA logo. Redirects to USAA home. USAA logo
Search URL Search Domain Scan URL
Title: Join USAA
Search URL Search Domain Scan URL
Title: Register for access
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Privacy Center
Search URL Search Domain Scan URL
Title: Accessibility at USAA
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- https://sdsfsfsfs.pages.dev/files/a.html HTTP 308
- https://sdsfsfsfs.pages.dev/files/a
35 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
thoraasa.html
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/ |
557 B 866 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.js
it3mak3.com/secure7/ |
284 KB 84 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
basic.js
it3mak3.com/secure7/ |
87 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
9607f7fb-ea3b-4b06-a409-1fa80d0f913a
https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/ |
65 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tag.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
linkid.js
sdsfsfsfs.pages.dev/files/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
analytics.js
sdsfsfsfs.pages.dev/files/ |
49 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.562afa512e4a38e235af.css
sdsfsfsfs.pages.dev/files/ |
105 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.js
sdsfsfsfs.pages.dev/files/ |
273 B 633 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.318.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.272.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.233.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.288.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.417.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
utag.327.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
react!react-dom.min.js
sdsfsfsfs.pages.dev/files/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ent-unified-logon-web.ec39118119936b90266f.js
sdsfsfsfs.pages.dev/files/ |
925 KB 203 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
MfAjsB
sdsfsfsfs.pages.dev/files/ |
191 KB 192 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
a
sdsfsfsfs.pages.dev/files/ Frame CA3F Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
155 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9C7F15704715916A9.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
E83D71A074DF776F4.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
F68DD4439278D0467.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
12C383965421BC56F.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9ECBC8FFB535D0532.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
C1B705B7AD8D5B4C6.woff2
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9ECBC8FFB535D0532.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
C1B705B7AD8D5B4C6.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
12C383965421BC56F.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
F68DD4439278D0467.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
E83D71A074DF776F4.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9C7F15704715916A9.woff
content.usaa.com/mcontent/static_assets/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
- URL
- https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/favicon.ico
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff
- Domain
- content.usaa.com
- URL
- https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USAA (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| USAA object| gaplugins function| ga object| google_tag_data object| webpackJsonp function| $ function| jQuery number| count number| counts0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
34 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
cdnjs.cloudflare.com
content.usaa.com
it3mak3.com
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
sdsfsfsfs.pages.dev
content.usaa.com
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
104.17.25.14
152.199.19.160
172.66.44.203
172.66.47.53
172.67.159.66
2606:4700::6812:223
12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d
8b5889431730aa313eea3401445ce0990e1db03ec784090fd999a1402a30557b
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bd957daca95a8fcbed22dd4cc14ccbc70404aab577c0ba25d21b037411508ecd
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c
d384a06075aec35eb7e7bb10f1beda8d8373514357ed8c1a618cd5839e63ef5d
ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2
ef0b9dd38994625b89c173b39924691ff6e38fd2dbd1b2f2f178db36a22a5577
f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f
f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0