f000.backblazeb2.com
Open in
urlscan Pro
104.153.233.177
Malicious Activity!
Public Scan
Effective URL: https://f000.backblazeb2.com/file/dragons-provide-831e594e/index.html
Submission: On February 16 via api from US
Summary
TLS certificate: Issued by R3 on December 9th 2020. Valid for: 3 months.
This is the only time f000.backblazeb2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.118.28 167.89.118.28 | 11377 (SENDGRID) (SENDGRID) | |
3 | 104.153.233.177 104.153.233.177 | 32354 (UNWIRED) (UNWIRED) | |
8 | 2606:4700:303... 2606:4700:3033::ac43:82ba | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
2 | 23.79.147.199 23.79.147.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
20 | 5 |
ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net
u19996642.ct.sendgrid.net |
ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-199.deploy.static.akamaitechnologies.com
content.schwab.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
jupitersmt.com
jupitersmt.com |
223 KB |
3 |
backblazeb2.com
f000.backblazeb2.com |
84 KB |
2 |
schwab.com
content.schwab.com client.schwab.com Failed |
64 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com |
30 KB |
1 |
sendgrid.net
1 redirects
u19996642.ct.sendgrid.net |
272 B |
20 | 5 |
Domain | Requested by | |
---|---|---|
8 | jupitersmt.com |
f000.backblazeb2.com
jupitersmt.com |
3 | f000.backblazeb2.com |
f000.backblazeb2.com
|
2 | content.schwab.com |
jupitersmt.com
|
1 | ajax.aspnetcdn.com |
f000.backblazeb2.com
|
1 | u19996642.ct.sendgrid.net | 1 redirects |
0 | client.schwab.com Failed |
jupitersmt.com
|
20 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwab.com |
client.schwab.com |
lms-mgmt.schwab.com |
lms.schwab.com |
brokercheck.finra.org |
www.sipc.org |
www.schwab-global.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
backblazeb2.com R3 |
2020-12-09 - 2021-03-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-01 - 2021-10-31 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2020-11-16 - 2021-11-10 |
a year | crt.sh |
content.schwab.com DigiCert SHA2 Extended Validation Server CA |
2020-07-07 - 2021-07-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://f000.backblazeb2.com/file/dragons-provide-831e594e/index.html
Frame ID: 5242F67CCBF40759B5B18C03AC47FDBB
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u19996642.ct.sendgrid.net/ls/click?upn=fOMdKautWS5AZPRJxNodHNWO11pUX-2BRBoWv9cCL8lLktcHugzKsflmUvp-2FB...
HTTP 302
https://f000.backblazeb2.com/file/dragons-provide-831e594e/index.html Page URL
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: SchwabSafe®
Search URL Search Domain Scan URL
Title: The Schwab Security Guarantee
Search URL Search Domain Scan URL
Title: Schwab Homepage
Search URL Search Domain Scan URL
Title: Forgot login ID or password?
Search URL Search Domain Scan URL
Title: New user?
Search URL Search Domain Scan URL
Title: Log in to mobile
Search URL Search Domain Scan URL
Title: Web Browser Information
Search URL Search Domain Scan URL
Title: FINRA's BrokerCheck
Search URL Search Domain Scan URL
Title: member SIPC
Search URL Search Domain Scan URL
Title: non-U.S. residents
Search URL Search Domain Scan URL
Title: Learn more >
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u19996642.ct.sendgrid.net/ls/click?upn=fOMdKautWS5AZPRJxNodHNWO11pUX-2BRBoWv9cCL8lLktcHugzKsflmUvp-2FBa1pM5WH-2F4ABGARNIQ3u-2BeUf9oUdJOmhzN6nMoLyNXN35EOnk-3DT9cv_kfW53qwhHYQ17-2FAO-2Fz0b4O0ON1tNwEU0MpJYREPETeXeICUlnGZnH7uwBSABB6dCWWd1rMaEZnpJ09wxYTHLgXQ8sCML0bKEIynFUk-2Fd5GURTnVhU1sKN22cUbolB-2FwM2jmc40uMW1EWNdkAiWsZZ84ALViSscVxtMaKbgA7BNBkr6epVEosSUAfutyb-2FSxyUK6JODHj4KcaxvzEciW33-2Fics0C2rIK7uCZt3No-2B30w-3D
HTTP 302
https://f000.backblazeb2.com/file/dragons-provide-831e594e/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
f000.backblazeb2.com/file/dragons-provide-831e594e/ Redirect Chain
|
83 KB 84 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layoutf86f.css
jupitersmt.com/email-list/schwab/css/ |
121 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contentf86f.css
jupitersmt.com/email-list/schwab/css/ |
41 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
masterf86f.css
jupitersmt.com/email-list/schwab/css/ |
120 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ps.css
jupitersmt.com/email-list/schwab/css/ |
85 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
file68b6.css
jupitersmt.com/email-list/schwab/css/ |
26 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
jupitersmt.com/email-list/schwab/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-component-responsive-secondary
f000.backblazeb2.com/bundles/styles/lib/ |
0 0 |
Stylesheet
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SMART_BANNER_ICON_BACKGROUND_COLOR_Copy.png
jupitersmt.com/email-list/schwab/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginlogoutpsd7308.png
jupitersmt.com/email-list/schwab/images/ |
134 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Schwab-Icon-Font.ttf
f000.backblazeb2.com/fonts/ |
0 0 |
Font
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
schwabsafe_logo.svg
content.schwab.com/web/login/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background_image_exblur_dev2b.jpg
content.schwab.com/web/login/ |
61 KB 61 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Light.woff
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Regular.woff
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Light.ttf
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Regular.ttf
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Schwab-Icon-Font.woff
jupitersmt.com/email-list/schwab/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Schwab-Icon-Font.ttf
jupitersmt.com/email-list/schwab/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Light.woff?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Regular.woff?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Light.ttf?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Regular.ttf?v=1.0.0
- Domain
- jupitersmt.com
- URL
- https://jupitersmt.com/email-list/schwab/css/fonts/Schwab-Icon-Font.woff?51abjd
- Domain
- jupitersmt.com
- URL
- https://jupitersmt.com/email-list/schwab/css/fonts/Schwab-Icon-Font.ttf?51abjd
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x4532 function| _0x4a9c object| Zlib function| $ function| jQuery function| mg function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
client.schwab.com
content.schwab.com
f000.backblazeb2.com
jupitersmt.com
u19996642.ct.sendgrid.net
client.schwab.com
jupitersmt.com
104.153.233.177
152.199.19.160
167.89.118.28
23.79.147.199
2606:4700:3033::ac43:82ba
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
3519e15519d8d5907d23f987d4ee35366f6c50b201200d1db91f5db5902f1a80
4128f7e0469a7c17a238524efe6ef384aa36f303f662cd38ab6484806e738840
4f380d4dbff23ca3aa1acba5c7683e1541e9e7b7ba7028f45693d5f000e02738
689137464c584b5cc1afb209ecf7e0ef9b0ac8648b0d0945561edaf46f650c40
6ddbb8ef07ff58fb04bcab1ebfcd2a785eaedf80d706bcea2fb7b95559445b69
9735741384abae44bb29f9da6df9a3a285e68928c44e055dd431fef269c1cbb1
c43819a6148d57b994b8840eeb6ece04e8bfb19898771febb644a31e237b4074
d11d92322c0adc2bd5ba1acc1c26b4158fe89c90fa6544f8d998a569941d2f14
e87107962df2fa9db2bfb003dcb609f364cc8964242f1a7f8af98239e44ca472
f6253665cb203eb7b241ad30a4146d4692b3157649e634eba22c1daaedd57c25