f003.backblazeb2.com Open in urlscan Pro
45.11.36.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://santomikhael.ac.id/.drain
Effective URL:
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Submission: On February 02 via manual (February 2nd 2022, 10:58:31 am UTC) from CH — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 45.11.36.16, located in United States and belongs to BACKBLAZE, US. The main domain is f003.backblazeb2.com. The Cisco Umbrella rank of the primary domain is 663870.
TLS certificate: Issued by R3 on November 30th 2021. Valid for: 3 months.

This is the only time f003.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 2	103.16.198.153 103.16.198.153	131775 (IDNIC-JAL...) (IDNIC-JALANET-AS-ID PT. Jupiter Jala Arta)
2	45.11.36.16 45.11.36.16	40401 (BACKBLAZE) (BACKBLAZE)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
6	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	4

2 103.16.198.153 (Indonesia) 2 redirects

ASN131775 (IDNIC-JALANET-AS-ID PT. Jupiter Jala Arta, ID)
PTR: serverx1314share.extremhost.net

santomikhael.ac.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.11.36.16 (United States)

ASN40401 (BACKBLAZE, US)
PTR: f003.backblazeb2.com

f003.backblazeb2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

discoversmtp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	discoversmtp.com discoversmtp.com	1 MB
2	backblazeb2.com f003.backblazeb2.com — Cisco Umbrella Rank: 663870	80 KB
2	santomikhael.ac.id 2 redirects santomikhael.ac.id	507 B
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 740	38 KB
14	4

	Domain	Requested by
6	discoversmtp.com	f003.backblazeb2.com
2	f003.backblazeb2.com	f003.backblazeb2.com
2	santomikhael.ac.id	2 redirects
1	ajax.aspnetcdn.com	f003.backblazeb2.com
14	4

This site contains no links.

Subject Issuer	Validity	Valid
backblazeb2.com R3	`2021-11-30` - `2022-02-28`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-28` - `2023-01-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Frame ID: 00E19A7542D9CFA96ED199425F50AD9D
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Access secured document | Adobe

Page URL History Show full URLs

https://santomikhael.ac.id/.drain HTTP 301
https://santomikhael.ac.id/.drain/ HTTP 302
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.c... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

64 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1252 kB
Transfer

1295 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://santomikhael.ac.id/.drain HTTP 301
https://santomikhael.ac.id/.drain/ HTTP 302
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200

Primary Request index.html Show response
f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/
Redirect Chain

https://santomikhael.ac.id/.drain
https://santomikhael.ac.id/.drain/
https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za

79 KB
80 KB

105ms
29ms

Document
text/html

45.11.36.16
BACKBLAZE

General

Check archive.org

Show headers Download Go to

Full URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.11.36.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS: f003.backblazeb2.com
Software: /
Resource Hash: 69209043e61125d56d8b65b77ccabb9cee5d2f6dd307ddca36be6ee5cab45c7d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-bz-file-name: index.html
x-bz-file-id: 4_zc46daa3262c7b89073e70e1f_f112ff003f1f17643_d20220202_m075344_c003_v0312007_t0009
x-bz-content-sha1: 6d47d64e9988ff05fd413ad0f99324662f8d0256
X-Bz-Upload-Timestamp: 1643788424000
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 81122
Date: Wed, 02 Feb 2022 10:58:25 GMT
Keep-Alive: timeout=5
Connection: keep-alive

Redirect headers

x-powered-by: PHP/7.4.27
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
content-type: text/html; charset=UTF-8
content-length: 0
date: Wed, 02 Feb 2022 10:58:25 GMT
server: LiteSpeed

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
38 KB 72ms
18ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8E87) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://f003.backblazeb2.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11180658
x-cache: HIT
content-length: 38892
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (frc/8E87)
etag: "af301a17b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 logo-white.png
discoversmtp.com/email-list/aadobe02/fonts/ 35 KB
36 KB 118ms
58ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoversmtp.com/email-list/aadobe02/fonts/logo-white.png
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c299c56a135a2ae2659ca472b7d913d15fe4da8cb36cce82fac52ae96aa441b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34635
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36138
last-modified: Fri, 28 Jan 2022 02:03:30 GMT
server: cloudflare
etag: "61f34ef2-8d2a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dO3KJlcsQlUdsGPnZ6WQkjp8onbV7VsIkEce4FZ60YruxOkIqtY%2FHN5BXn%2B79Wo49jk0xhaqnC878cOW5CKPjWDlJCs458KKIfT9LpQiryDExMMH7d5iQge3oAvvhY3zx%2BR0O%2FIgqugy%2B9FjKrz2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d72e782482f699b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adobe-black.png
discoversmtp.com/email-list/aadobe02/fonts/ 7 KB
8 KB 117ms
58ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoversmtp.com/email-list/aadobe02/fonts/adobe-black.png
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 991bdf033695889b792d8fb90926290fbc598d500277880fb914a9b2d74531ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34635
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7489
last-modified: Fri, 28 Jan 2022 02:03:22 GMT
server: cloudflare
etag: "61f34eea-1d41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBgA54H%2BgqNmeWvs%2BEMhMlqFoGcg1FbT9Sthy3CPHujTG6bFmbblGt%2BCtn0zS3vrjuQ0oxlNRg7NlvTOfj9EDlJzjsoyLrzvMXvaWOCxy%2BtYAwNJ2R%2FZqLmoFbhEG5lrQkEwYECkcjrkjBYO%2Fw%2F6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d72e7824833699b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adobe-logo.png
discoversmtp.com/email-list/aadobe02/fonts/ 17 KB
18 KB 118ms
59ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoversmtp.com/email-list/aadobe02/fonts/adobe-logo.png
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62b03da2caff8939d912916e5db8b678c4c5d6fe012387bf254a302dbfd5611a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 174532
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17754
last-modified: Fri, 28 Jan 2022 02:03:23 GMT
server: cloudflare
etag: "61f34eeb-455a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2FuC3fgHD8shK5cHDRwY%2FixSIJ1n%2BzuBt1IIQv%2BnhChKLolvCA9Dbq4%2FpGl7EJNfuN0L4Axuh4JnnEgh1g8efbmi%2BgsqwnzNZbqyWOYdyb3nTgAKKmNY9X9hm1Ztz1PWyYpJKa796VOXFpOmfEBm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d72e7824838699b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bg.png
discoversmtp.com/email-list/aadobe02/fonts/ 31 KB
31 KB 115ms
59ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoversmtp.com/email-list/aadobe02/fonts/bg.png
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039ba9f72d4d2f7114b3d99b44f10806709bbbc9f7e4f9ac04d5daeacab32cb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34635
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31376
last-modified: Fri, 28 Jan 2022 02:03:30 GMT
server: cloudflare
etag: "61f34ef2-7a90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbFU%2FWm0k9V7ESkKOR%2B7kNIMpJMIMfEazIPTqUS174CfkVSjpFCOO8dvVXvdEMG98U57dmqkIj4WXEyGJN7WIx0tPXlyQLlAG4CwmVtv%2B%2BKR%2FwjkJ17xoHI1echwZri1vie8ilQLr8JbfwdVpXKP"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d72e7824840699b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bg-1.png
discoversmtp.com/email-list/aadobe02/fonts/ 786 KB
787 KB 115ms
59ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoversmtp.com/email-list/aadobe02/fonts/bg-1.png
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4e04a3270e4c58110581aafa4753efe3abe9a64c234c240b9ddd85f6ab7f93e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34635
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 805130
last-modified: Fri, 28 Jan 2022 02:03:30 GMT
server: cloudflare
etag: "61f34ef2-c490a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5IvG102eiiKSa7qxjpPJQjO6OA35Byl4uxHKnOjnIYuc4pwEPW1YXWHfOyErA69LlSAk2CVs9eqWHM4FHqXv8rvlUwG898Dik5sL0ly98ifTVAXQtYjeH892wS5W2fttupNKqfPJHziZhG0FZB2R"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d72e782483d699b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bg-2.png
discoversmtp.com/email-list/aadobe02/fonts/ 254 KB
255 KB 93ms
37ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoversmtp.com/email-list/aadobe02/fonts/bg-2.png
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca68736d1bb10b4b93fbb568bbc39690acd71f5bf9c9a5d55b9822f08359f015

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 10:58:26 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34635
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 259925
last-modified: Fri, 28 Jan 2022 02:03:30 GMT
server: cloudflare
etag: "61f34ef2-3f755"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUvjPCA%2BMm44RyHAxemeEyNPoQmZcd2kupg%2BUrYhDWXOBBLiWccFIDZ3gdWJb%2BPknMObgth%2FUIW%2BUVc%2BJrPkqMUrYO%2BRZma5ZrHSJzFkxHe3ebma7rWLHfCg0MZ%2BiAPRJYTCXxb8TbcAR3iBO3tX"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d72e782483a699b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 404 AdobeClean-Bold.woff2
f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/fonts/ 0
0 220ms
220ms Font
application/json 45.11.36.16
BACKBLAZE

General

Check archive.org

Show headers Download Go to

Full URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/fonts/AdobeClean-Bold.woff2
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.11.36.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS: f003.backblazeb2.com
Software: /
Resource Hash

Request headers

Referer: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za
Origin: https://f003.backblazeb2.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 10:58:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 94
Content-Type: application/json;charset=utf-8

GET AdobeClean-Regular.woff2
discoversmtp.com/email-list/aadobe02/fonts/ 0
0

GET AdobeClean-Bold.woff
discoversmtp.com/email-list/aadobe02/fonts/ 0
0

GET AdobeClean-Regular.woff
discoversmtp.com/email-list/aadobe02/fonts/ 0
0

GET AdobeClean-Regular.ttf
discoversmtp.com/email-list/aadobe02/fonts/ 0
0

GET AdobeClean-Bold.ttf
discoversmtp.com/email-list/aadobe02/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: discoversmtp.com
URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff2

Domain: discoversmtp.com
URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.woff

Domain: discoversmtp.com
URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff

Domain: discoversmtp.com
URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.ttf

Domain: discoversmtp.com
URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			santomikhael.ac.id/	1969-12-31 23:59:59	Name: PHPSESSID Value: 11000f4826120f768f054cae95683443

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/fonts/AdobeClean-Bold.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Message: Access to font at 'https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff2' from origin 'https://f003.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Message: Access to font at 'https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff' from origin 'https://f003.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Message: Access to font at 'https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.woff' from origin 'https://f003.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Message: Access to font at 'https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.ttf' from origin 'https://f003.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f003.backblazeb2.com/file/hydrovane-jinking-preduplicated/index.html?id=https%3A%2F%2Fpiestudio.co.za Message: Access to font at 'https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.ttf' from origin 'https://f003.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://discoversmtp.com/email-list/aadobe02/fonts/AdobeClean-Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
discoversmtp.com
f003.backblazeb2.com
santomikhael.ac.id
discoversmtp.com
103.16.198.153
152.199.19.160
2a06:98c1:3121::7
45.11.36.16
039ba9f72d4d2f7114b3d99b44f10806709bbbc9f7e4f9ac04d5daeacab32cb6
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
62b03da2caff8939d912916e5db8b678c4c5d6fe012387bf254a302dbfd5611a
69209043e61125d56d8b65b77ccabb9cee5d2f6dd307ddca36be6ee5cab45c7d
991bdf033695889b792d8fb90926290fbc598d500277880fb914a9b2d74531ef
c299c56a135a2ae2659ca472b7d913d15fe4da8cb36cce82fac52ae96aa441b3
c4e04a3270e4c58110581aafa4753efe3abe9a64c234c240b9ddd85f6ab7f93e
ca68736d1bb10b4b93fbb568bbc39690acd71f5bf9c9a5d55b9822f08359f015

f003.backblazeb2.com Open in urlscan Pro 45.11.36.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

64 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1252 kBTransfer

1295 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

13 Console Messages

Indicators

f003.backblazeb2.com Open in urlscan Pro
45.11.36.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

64 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1252 kB
Transfer

1295 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!