allamericanfire.s3.us-east-005.backblazeb2.com
Open in
urlscan Pro
149.137.137.254
Malicious Activity!
Private Scan
Submission: On October 06 via api from DE — Scanned from US
Summary
TLS certificate: Issued by R3 on July 25th 2023. Valid for: 3 months.
This is the only time allamericanfire.s3.us-east-005.backblazeb2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online) Generic Email (Online) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 149.137.137.254 149.137.137.254 | 40401 (BACKBLAZE) (BACKBLAZE) | |
1 | 2607:f8b0:400... 2607:f8b0:4004:c07::5f | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 34.238.62.92 34.238.62.92 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 151.101.130.132 151.101.130.132 | 54113 (FASTLY) (FASTLY) | |
6 | 13.224.214.127 13.224.214.127 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:4700:440... 2606:4700:4400::6812:208a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.194.8.143 104.194.8.143 | 23470 (RELIABLESITE) (RELIABLESITE) | |
3 3 | 13.224.214.31 13.224.214.31 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2620:0:860:ed... 2620:0:860:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
17 | 10 |
ASN40401 (BACKBLAZE, US)
PTR: s3.us-east-005.backblazeb2.com
allamericanfire.s3.us-east-005.backblazeb2.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-62-92.compute-1.amazonaws.com
www.umassd.edu |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-127.phl50.r.cloudfront.net
cdn.glitch.me |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-31.phl50.r.cloudfront.net
cdn.glitch.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
glitch.me
cdn.glitch.me — Cisco Umbrella Rank: 71658 |
794 KB |
3 |
glitch.com
3 redirects
cdn.glitch.com — Cisco Umbrella Rank: 79831 |
1 KB |
2 |
glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 216640 |
27 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 925 |
108 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3099 |
66 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 10991 |
35 KB |
1 |
downdetector.com
cdn2.downdetector.com — Cisco Umbrella Rank: 133306 |
18 KB |
1 |
umassd.edu
www.umassd.edu — Cisco Umbrella Rank: 713381 |
25 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 250 |
7 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 405 |
30 KB |
1 |
backblazeb2.com
allamericanfire.s3.us-east-005.backblazeb2.com |
30 KB |
17 | 11 |
Domain | Requested by | |
---|---|---|
6 | cdn.glitch.me |
allamericanfire.s3.us-east-005.backblazeb2.com
|
3 | cdn.glitch.com | 3 redirects |
2 | cdn.glitch.global |
allamericanfire.s3.us-east-005.backblazeb2.com
|
2 | code.jquery.com |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | upload.wikimedia.org |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | i.ibb.co |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | cdn2.downdetector.com |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | www.umassd.edu |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | cdnjs.cloudflare.com |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | ajax.googleapis.com |
allamericanfire.s3.us-east-005.backblazeb2.com
|
1 | allamericanfire.s3.us-east-005.backblazeb2.com | |
17 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
backblazeb2.com R3 |
2023-07-25 - 2023-10-23 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-09-18 - 2023-12-11 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
www.umassd.edu InCommon RSA Server CA |
2022-10-07 - 2023-10-07 |
a year | crt.sh |
cdn.glitch.global R3 |
2023-10-03 - 2024-01-01 |
3 months | crt.sh |
glitch.com Amazon RSA 2048 M01 |
2023-02-22 - 2024-02-01 |
a year | crt.sh |
ibb.co R3 |
2023-08-10 - 2023-11-08 |
3 months | crt.sh |
*.wikipedia.org R3 |
2023-08-22 - 2023-11-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://allamericanfire.s3.us-east-005.backblazeb2.com/view.html
Frame ID: 8EB7D3E05DBECCED5A589498265A3006
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
OneDrive Business FileDetected technologies
Popper (Miscellaneous) ExpandDetected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- https://cdn.glitch.com/6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP 301
- https://cdn.glitch.me/6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png
- https://cdn.glitch.com/6ca72b66-8609-4328-9f2e-521097041961%2Foutlook2.png HTTP 301
- https://cdn.glitch.me/6ca72b66-8609-4328-9f2e-521097041961%2Foutlook2.png
- https://cdn.glitch.com/6ca72b66-8609-4328-9f2e-521097041961%2Fothers2.png HTTP 301
- https://cdn.glitch.me/6ca72b66-8609-4328-9f2e-521097041961%2Fothers2.png
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
view.html
allamericanfire.s3.us-east-005.backblazeb2.com/ |
30 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
code.jquery.com/ |
265 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneDrive-Logo-1600x400.png
www.umassd.edu/media/umassdartmouth/cits/images/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onedrive-white.png
cdn.glitch.global/40e783f7-5e41-4d58-bd89-3dba9bc66481/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
office3651.png
cdn.glitch.me/a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
outlook.png
cdn.glitch.me/a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
other1.png
cdn.glitch.me/a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/ |
21 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol.png
cdn2.downdetector.com/static/uploads/logo/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
454-4543132-yahoo-black-yahoo-mail-icon-black.jpg
i.ibb.co/TTkHxsQ/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png
cdn.glitch.me/ Redirect Chain
|
63 KB 63 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6ca72b66-8609-4328-9f2e-521097041961%2Foutlook2.png
cdn.glitch.me/ Redirect Chain
|
90 KB 91 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6ca72b66-8609-4328-9f2e-521097041961%2Fothers2.png
cdn.glitch.me/ Redirect Chain
|
565 KB 565 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2560px-Yahoo%21_%282019%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/3/3a/Yahoo%21_%282019%29.svg/ |
66 KB 66 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video.mp4
cdn.glitch.global/8d5109a6-1873-4f95-9253-bd838b3669c7/ |
7 MB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online) Generic Email (Online) Generic (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Popper2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.downdetector.com/ | Name: __cf_bm Value: Tig651yGzBEZkJAjawy6Rv_XXwPSmMHUj0gSinmIm3M-1696613213-0-AZ1JTX1jsdaEvnzuUO8bFkzYD42A+Ge+Z4U1/ocpFstZ/lGnxtqLeW3dNZRUFQJk014ZvXKZl9jDmfHMqm9uDt0= |
|
www.umassd.edu/ | Name: AWSALBCORS Value: UvIFzu+dqiBzoHdm09ElXD9gUHfXi3i+bog+aZZIQLooPu7WstdT3DZkP/Drqp3wf0RLG1xSYkdfPIdJzlu6emCNSIXdnd0c5lpyWwNK3IqRu6GiyFzvCRaJwx8C |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
allamericanfire.s3.us-east-005.backblazeb2.com
cdn.glitch.com
cdn.glitch.global
cdn.glitch.me
cdn2.downdetector.com
cdnjs.cloudflare.com
code.jquery.com
i.ibb.co
upload.wikimedia.org
www.umassd.edu
104.194.8.143
13.224.214.127
13.224.214.31
149.137.137.254
151.101.130.132
2606:4700:4400::6812:208a
2606:4700::6811:190e
2607:f8b0:4004:c07::5f
2620:0:860:ed1a::2:b
2a04:4e42:600::649
34.238.62.92
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0c1ebf2bbc55550d5f3c379f178f308a1d45e4e885a623a118d3689b1be6c704
2f128c34e99f47c352178964fc87af68352b7395984d68313bba7a5b2647abaa
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f
4ae56ccde7c68a5338111aed732ead19b449c2aecbc2e94a374e0dbacbcfdc35
6a9935d6d50e144151e34c0b42b5222853231ee05f51533cc8f1de146e275f8d
71e729939e175f4ae9d3fcc645d6b7389ec341a47a84950e047197331fdc22f1
807f4bfba1a94d05c689db0713885aa5db3b5c5d1e08fa8dafb84974a3f92bf8
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
86b84a5512c4a5d4af354ca4978a018f17472e301b4ba7e86a178cdacb709bf3
94f584a17bcf5868513c7e0b8a7085df161aac6fc6deef8907d1579ed8312899
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a8da46efb9885a333c79db98acc8804ff79e7dce5239146a26aaec60b1f9ac35
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e68e39c2c6c68d87629f4c1c1dbcec7b84be93c9dddac4b98828b955e59bb967
f8b9a101a5414bf92e9184b6ca7d948505c7ff24b130f70ea45eb31dbeb92bda