f003.backblazeb2.com
Open in
urlscan Pro
45.11.36.16
Malicious Activity!
Public Scan
Effective URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Submission: On February 02 via manual from CH — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 30th 2021. Valid for: 3 months.
This is the only time f003.backblazeb2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 103.16.198.153 103.16.198.153 | 131775 (IDNIC-JAL...) (IDNIC-JALANET-AS-ID PT. Jupiter Jala Arta) | |
2 | 45.11.36.16 45.11.36.16 | 40401 (BACKBLAZE) (BACKBLAZE) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
6 | 2a06:98c1:312... 2a06:98c1:3121::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 4 |
ASN131775 (IDNIC-JALANET-AS-ID PT. Jupiter Jala Arta, ID)
PTR: serverx1314share.extremhost.net
santomikhael.ac.id |
ASN40401 (BACKBLAZE, US)
PTR: f003.backblazeb2.com
f003.backblazeb2.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
discoversmtp.com
discoversmtp.com |
1 MB |
2 |
backblazeb2.com
f003.backblazeb2.com — Cisco Umbrella Rank: 663870 |
80 KB |
2 |
santomikhael.ac.id
2 redirects
santomikhael.ac.id |
507 B |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 740 |
38 KB |
14 | 4 |
Domain | Requested by | |
---|---|---|
6 | discoversmtp.com |
f003.backblazeb2.com
|
2 | f003.backblazeb2.com |
f003.backblazeb2.com
|
2 | santomikhael.ac.id | 2 redirects |
1 | ajax.aspnetcdn.com |
f003.backblazeb2.com
|
14 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
backblazeb2.com R3 |
2021-11-30 - 2022-02-28 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2021-08-06 - 2022-08-06 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-28 - 2023-01-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Frame ID: 00E19A7542D9CFA96ED199425F50AD9D
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Access secured document | AdobePage URL History Show full URLs
-
https://santomikhael.ac.id/.drain
HTTP 301
https://santomikhael.ac.id/.drain/ HTTP 302
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.c... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://santomikhael.ac.id/.drain
HTTP 301
https://santomikhael.ac.id/.drain/ HTTP 302
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/ Redirect Chain
|
79 KB 80 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-white.png
discoversmtp.com/email-list/aadobe02/fonts/ |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adobe-black.png
discoversmtp.com/email-list/aadobe02/fonts/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adobe-logo.png
discoversmtp.com/email-list/aadobe02/fonts/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.png
discoversmtp.com/email-list/aadobe02/fonts/ |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-1.png
discoversmtp.com/email-list/aadobe02/fonts/ |
786 KB 787 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-2.png
discoversmtp.com/email-list/aadobe02/fonts/ |
254 KB 255 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AdobeClean-Bold.woff2
f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/fonts/ |
0 0 |
Font
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AdobeClean-Regular.woff2
discoversmtp.com/email-list/aadobe02/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AdobeClean-Bold.woff
discoversmtp.com/email-list/aadobe02/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AdobeClean-Regular.woff
discoversmtp.com/email-list/aadobe02/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AdobeClean-Regular.ttf
discoversmtp.com/email-list/aadobe02/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AdobeClean-Bold.ttf
discoversmtp.com/email-list/aadobe02/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- discoversmtp.com
- URL
- https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff2
- Domain
- discoversmtp.com
- URL
- https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.woff
- Domain
- discoversmtp.com
- URL
- https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff
- Domain
- discoversmtp.com
- URL
- https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.ttf
- Domain
- discoversmtp.com
- URL
- https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _0x4421 function| _0x1394 object| Zlib function| $ function| jQuery function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
santomikhael.ac.id/ | Name: PHPSESSID Value: 11000f4826120f768f054cae95683443 |
13 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
discoversmtp.com
f003.backblazeb2.com
santomikhael.ac.id
discoversmtp.com
103.16.198.153
152.199.19.160
2a06:98c1:3121::7
45.11.36.16
039ba9f72d4d2f7114b3d99b44f10806709bbbc9f7e4f9ac04d5daeacab32cb6
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
62b03da2caff8939d912916e5db8b678c4c5d6fe012387bf254a302dbfd5611a
69209043e61125d56d8b65b77ccabb9cee5d2f6dd307ddca36be6ee5cab45c7d
991bdf033695889b792d8fb90926290fbc598d500277880fb914a9b2d74531ef
c299c56a135a2ae2659ca472b7d913d15fe4da8cb36cce82fac52ae96aa441b3
c4e04a3270e4c58110581aafa4753efe3abe9a64c234c240b9ddd85f6ab7f93e
ca68736d1bb10b4b93fbb568bbc39690acd71f5bf9c9a5d55b9822f08359f015