urlscan.io logo urlscan.io
SecurityTrails logo

f004.backblazeb2.com Open in urlscan Pro
149.137.128.16  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Submission Tags: phishing
Submission: On January 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 149.137.128.16, located in United States and belongs to BACKBLAZE, US. The main domain is f004.backblazeb2.com. The Cisco Umbrella rank of the primary domain is 343989.
TLS certificate: Issued by R3 on December 5th 2023. Valid for: 3 months.
This is the only time f004.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
3 149.137.128.16 40401 (BACKBLAZE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 104.26.6.17 13335 (CLOUDFLAR...)
5 3
Apex Domain
Subdomains		 Transfer
3 backblazeb2.com
f004.backblazeb2.com — Cisco Umbrella Rank: 343989
7 KB
1 logodownload.org
logodownload.org — Cisco Umbrella Rank: 147665
56 KB
1 fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 5289
29 KB
5 3
Domain Requested by
3 f004.backblazeb2.com f004.backblazeb2.com
1 logodownload.org f004.backblazeb2.com
1 pro.fontawesome.com f004.backblazeb2.com
5 3

This site contains no links.

Subject Issuer Validity Valid
backblazeb2.com
R3		 2023-12-05 -
2024-03-04		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-17 -
2024-04-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Frame ID: AA0ED986C5BD5B06DFACE760FC943366
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Yahoo Mail | Sign in

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

93 kB
Transfer

214 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request glogin.html
f004.backblazeb2.com/file/managementupdate23/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.137.128.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f004.backblazeb2.com
Software
nginx /
Resource Hash
ba4e01b0241bb011c599d61ceca6042976a95d9f2c245d3492b73b93eb4ffc61
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
2911
Content-Type
text/html
Date
Sun, 21 Jan 2024 02:50:06 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000
X-Bz-Upload-Timestamp
1705775511154
x-bz-content-sha1
0bdb091340167bc522df08e667fd729ee5ec7583
x-bz-file-id
4_zf199ebe92b1d2e8285d10d13_f109466ec8c1ab690_d20240120_m183151_c004_v0402019_t0040_u01705775511154
x-bz-file-name
glogin.html
x-bz-info-src_last_modified_millis
1705349766000
all.css
pro.fontawesome.com/releases/v5.10.0/css/ 		153 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by
Host: f004.backblazeb2.com
URL: https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

Referer
https://f004.backblazeb2.com/
Origin
https://f004.backblazeb2.com
accept-language
de-DE,de;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Sun, 21 Jan 2024 02:50:07 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 28 Jun 2021 16:54:32 GMT
server
cloudflare
x-amz-request-id
YZR83EJDG1YGJRVP
etag
W/"aa1272633e7e552395d147a499bad186"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
text/css
cache-control
max-age=31556926
cf-ray
848c3f71ca0e30c9-FRA
x-amz-id-2
UomRb/0TOBklXzrcWzv3b31CHdEMBAE9bF138oBVag7prnMNc0d2+rapDoAmfYyZfNrijZnfNG0=
gform.css
f004.backblazeb2.com/file/managementupdate23/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://f004.backblazeb2.com/file/managementupdate23/gform.css
Requested by
Host: f004.backblazeb2.com
URL: https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.137.128.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f004.backblazeb2.com
Software
nginx /
Resource Hash
0f549ec9f7abaaf6409bf193a6156746c92df5ff979c66a378f2e73e616c8533
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f004.backblazeb2.com/file/managementupdate23/glogin.html
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Sun, 21 Jan 2024 02:50:07 GMT
Strict-Transport-Security
max-age=63072000
X-Bz-Upload-Timestamp
1705775536157
Server
nginx
x-bz-file-id
4_zf199ebe92b1d2e8285d10d13_f103b49f2a74ef2a3_d20240120_m183216_c004_v0402021_t0041_u01705775536157
x-bz-content-sha1
5bdee0e3e5c9b14ce2f6d9cb34a1eb056b0b51ee
Content-Type
text/css
x-bz-file-name
gform.css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1218
x-bz-info-src_last_modified_millis
1705349766000
gstyles.css
f004.backblazeb2.com/file/managementupdate23/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://f004.backblazeb2.com/file/managementupdate23/gstyles.css
Requested by
Host: f004.backblazeb2.com
URL: https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.137.128.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f004.backblazeb2.com
Software
nginx /
Resource Hash
b76cccd789fbc73288f948c24b4e2c311b8aa7fedfb026e20b76509f99193f4b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f004.backblazeb2.com/file/managementupdate23/glogin.html
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Sun, 21 Jan 2024 02:50:07 GMT
Strict-Transport-Security
max-age=63072000
X-Bz-Upload-Timestamp
1705775727090
Server
nginx
x-bz-file-id
4_zf199ebe92b1d2e8285d10d13_f10833d8bfe386bf2_d20240120_m183527_c004_v0402000_t0017_u01705775727090
x-bz-content-sha1
24408727238f2d74888bc2b4dcdb4409ba7b508b
Content-Type
text/css
x-bz-file-name
gstyles.css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1444
x-bz-info-src_last_modified_millis
1705349762000
yahoo-logo-1.png
logodownload.org/wp-content/uploads/2019/09/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png
Requested by
Host: f004.backblazeb2.com
URL: https://f004.backblazeb2.com/file/managementupdate23/glogin.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.6.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd5a09d5898d5480d063e1833c4d9bc3f509f3d7c672e0c0e973bb061a694ae2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f004.backblazeb2.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Sun, 21 Jan 2024 02:50:06 GMT
cf-cache-status
HIT
last-modified
Wed, 12 Aug 2020 20:27:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2101
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsGSvzJJgj0dDsFZ4CJ%2B3mB8KKQY%2BjohOejsf6W8n%2BL5Aj2%2FBw6mNptGzC9fT0YayMT2H9GNn7xcJI1e0jMmKayi1VDG0iCSDszwajkL33%2B6YO7M42WXAKcTCii0NPyAESk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
848c3f71ab4f2c16-FRA
content-length
57304

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000