urlscan.io logo urlscan.io
SecurityTrails logo

logintoyahoo232.s3.us-west-004.backblazeb2.com Open in urlscan Pro
149.137.129.254  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Submission Tags: phishing
Submission: On February 01 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 149.137.129.254, located in United States and belongs to BACKBLAZE, US. The main domain is logintoyahoo232.s3.us-west-004.backblazeb2.com.
TLS certificate: Issued by R3 on December 5th 2023. Valid for: 3 months.
This is the only time logintoyahoo232.s3.us-west-004.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
3 149.137.129.254 40401 (BACKBLAZE)
1 104.18.40.68 13335 (CLOUDFLAR...)
1 104.26.7.17 13335 (CLOUDFLAR...)
5 3
Apex Domain
Subdomains		 Transfer
3 backblazeb2.com
logintoyahoo232.s3.us-west-004.backblazeb2.com
7 KB
1 logodownload.org
logodownload.org — Cisco Umbrella Rank: 147665
56 KB
1 fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 5289
29 KB
5 3
Domain Requested by
3 logintoyahoo232.s3.us-west-004.backblazeb2.com logintoyahoo232.s3.us-west-004.backblazeb2.com
1 logodownload.org logintoyahoo232.s3.us-west-004.backblazeb2.com
1 pro.fontawesome.com logintoyahoo232.s3.us-west-004.backblazeb2.com
5 3

This site contains no links.

Subject Issuer Validity Valid
backblazeb2.com
R3		 2023-12-05 -
2024-03-04		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-17 -
2024-04-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Frame ID: 4054C9CDF79C7288059FCDF2FC3093E5
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Yahoo Mail | Sign in

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

93 kB
Transfer

214 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request glogin.html
logintoyahoo232.s3.us-west-004.backblazeb2.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.137.129.254 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
s3.us-west-004.backblazeb2.com
Software
nginx /
Resource Hash
ba4e01b0241bb011c599d61ceca6042976a95d9f2c245d3492b73b93eb4ffc61
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
2911
Content-Type
text/html
Date
Thu, 01 Feb 2024 11:00:07 GMT
ETag
"c901979b1fa303efd1a5951ab290914a"
Last-Modified
Thu, 01 Feb 2024 09:49:19 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000
x-amz-id-2
aOIdkeDKyOXszejUlYbxlPDcQMNkyLDgl
x-amz-meta-src_last_modified_millis
1706657510712
x-amz-request-id
9f6924f1ffd1fcbf
x-amz-version-id
4_z48bdb21913056a4e87d00218_f10281abdf217a2b6_d20240201_m094919_c004_v0402016_t0050_u01706780959229
all.css
pro.fontawesome.com/releases/v5.10.0/css/ 		153 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by
Host: logintoyahoo232.s3.us-west-004.backblazeb2.com
URL: https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.40.68 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

Referer
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/
Origin
https://logintoyahoo232.s3.us-west-004.backblazeb2.com
accept-language
en-US,en;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Thu, 01 Feb 2024 11:00:07 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 28 Jun 2021 16:54:32 GMT
server
cloudflare
x-amz-request-id
2N9VPVSKTTNYNDPH
etag
W/"aa1272633e7e552395d147a499bad186"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
text/css
cache-control
max-age=31556926
cf-ray
84e9b05b3d9f6c7a-DFW
x-amz-id-2
RPKFRGuF7Xmy4LMJYzaN+NcLDBAuWgGy8aSkUbX/QEEYf68Hwn4LpGf4KMBcCk4M8CiCRrAEFSs=
gform.css
logintoyahoo232.s3.us-west-004.backblazeb2.com/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/gform.css
Requested by
Host: logintoyahoo232.s3.us-west-004.backblazeb2.com
URL: https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.137.129.254 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
s3.us-west-004.backblazeb2.com
Software
nginx /
Resource Hash
0f549ec9f7abaaf6409bf193a6156746c92df5ff979c66a378f2e73e616c8533
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Thu, 01 Feb 2024 11:00:07 GMT
x-amz-version-id
4_z48bdb21913056a4e87d00218_f1060bd4a9e22691a_d20240201_m094906_c004_v0402023_t0019_u01706780946690
Strict-Transport-Security
max-age=63072000
Last-Modified
Thu, 01 Feb 2024 09:49:06 GMT
Server
nginx
x-amz-request-id
558dde97c797e1b1
ETag
"726ef0647391ed5efc9076bcdb91c606"
x-amz-meta-src_last_modified_millis
1706657514749
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1218
x-amz-id-2
aOO1kBDLKOdozmzVoYSVltzeTMMsyVzi9
gstyles.css
logintoyahoo232.s3.us-west-004.backblazeb2.com/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/gstyles.css
Requested by
Host: logintoyahoo232.s3.us-west-004.backblazeb2.com
URL: https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.137.129.254 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
s3.us-west-004.backblazeb2.com
Software
nginx /
Resource Hash
b76cccd789fbc73288f948c24b4e2c311b8aa7fedfb026e20b76509f99193f4b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Thu, 01 Feb 2024 11:00:07 GMT
x-amz-version-id
4_z48bdb21913056a4e87d00218_f109805145f6f7856_d20240201_m094850_c004_v0402003_t0057_u01706780930196
Strict-Transport-Security
max-age=63072000
Last-Modified
Thu, 01 Feb 2024 09:48:50 GMT
Server
nginx
x-amz-request-id
df657471daab6808
ETag
"52ecf9bbf69e5bb6ea38c281c8de64df"
x-amz-meta-src_last_modified_millis
1706657522837
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1444
x-amz-id-2
aOEtkAzLGOWYzqTUVYXRl8DflMEYy9TjR
yahoo-logo-1.png
logodownload.org/wp-content/uploads/2019/09/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png
Requested by
Host: logintoyahoo232.s3.us-west-004.backblazeb2.com
URL: https://logintoyahoo232.s3.us-west-004.backblazeb2.com/glogin.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.7.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd5a09d5898d5480d063e1833c4d9bc3f509f3d7c672e0c0e973bb061a694ae2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://logintoyahoo232.s3.us-west-004.backblazeb2.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Thu, 01 Feb 2024 11:00:07 GMT
cf-cache-status
HIT
last-modified
Wed, 12 Aug 2020 20:27:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
59139
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbiiyLDAW9GFMXCqHrQa%2BcShWOOx9lMlUic3SdJRXh%2BucYG3grGM%2BhWARjnhYgQD9%2Bh4ZzNWJ2Z8QpFQ4q3QcRs9tHoG9sdJHxM6VS13E9tLtfpajsG15BGFOSL%2BqpP3FJM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
84e9b05b3a066bc2-DFW
content-length
57304

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000