f000.backblazeb2.com
Open in
urlscan Pro
104.153.233.177
Malicious Activity!
Public Scan
Effective URL: https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/login.html?qkcoz=1R7An8McIo7IMEKowztdo6J37a&eiewhpo=t1Vfsw8i5ht...
Submission: On March 23 via manual from US
Summary
TLS certificate: Issued by R3 on February 17th 2021. Valid for: 3 months.
This is the only time f000.backblazeb2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
4 | 104.153.233.177 104.153.233.177 | 32354 (UNWIRED) (UNWIRED) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
8 | 2606:4700:303... 2606:4700:3037::6815:4dbc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 23.79.147.199 23.79.147.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
22 | 6 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-199.deploy.static.akamaitechnologies.com
content.schwab.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
smtptemp.site
smtptemp.site |
223 KB |
4 |
backblazeb2.com
f000.backblazeb2.com |
159 KB |
2 |
schwab.com
content.schwab.com client.schwab.com Failed |
64 KB |
2 |
googleapis.com
ajax.googleapis.com |
60 KB |
1 |
bit.ly
1 redirects
bit.ly |
283 B |
22 | 5 |
Domain | Requested by | |
---|---|---|
8 | smtptemp.site |
f000.backblazeb2.com
smtptemp.site |
4 | f000.backblazeb2.com |
f000.backblazeb2.com
|
2 | content.schwab.com |
smtptemp.site
|
2 | ajax.googleapis.com |
f000.backblazeb2.com
|
1 | bit.ly | 1 redirects |
0 | client.schwab.com Failed |
smtptemp.site
|
22 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwab.com |
client.schwab.com |
lms-mgmt.schwab.com |
lms.schwab.com |
brokercheck.finra.org |
www.sipc.org |
www.schwab-global.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
backblazeb2.com R3 |
2021-02-17 - 2021-05-18 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-02-23 - 2021-05-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-05 - 2022-03-04 |
a year | crt.sh |
content.schwab.com DigiCert SHA2 Extended Validation Server CA |
2020-07-07 - 2021-07-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/login.html?qkcoz=1R7An8McIo7IMEKowztdo6J37a&eiewhpo=t1Vfsw8i5ht229DoEM9yuZ9gF1Q&abqlfemz=3g2FjQfAqo6BPcY
Frame ID: BC31E5455EF2FB74127C0FF17250A353
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/3f3FY61
HTTP 301
https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/index.html Page URL
- https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/login.html?qkcoz=1R7An8McIo7IMEKowztdo6J37a... Page URL
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: SchwabSafe®
Search URL Search Domain Scan URL
Title: The Schwab Security Guarantee
Search URL Search Domain Scan URL
Title: Schwab Homepage
Search URL Search Domain Scan URL
Title: Forgot login ID or password?
Search URL Search Domain Scan URL
Title: New user?
Search URL Search Domain Scan URL
Title: Log in to mobile
Search URL Search Domain Scan URL
Title: Web Browser Information
Search URL Search Domain Scan URL
Title: FINRA's BrokerCheck
Search URL Search Domain Scan URL
Title: member SIPC
Search URL Search Domain Scan URL
Title: non-U.S. residents
Search URL Search Domain Scan URL
Title: Learn more >
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3f3FY61
HTTP 301
https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/index.html Page URL
- https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/login.html?qkcoz=1R7An8McIo7IMEKowztdo6J37a&eiewhpo=t1Vfsw8i5ht229DoEM9yuZ9gF1Q&abqlfemz=3g2FjQfAqo6BPcY Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/3f3FY61 HTTP 301
- https://f000.backblazeb2.com/file/organize-christmas-ee669cb0/index.html
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.html
f000.backblazeb2.com/file/organize-christmas-ee669cb0/ Redirect Chain
|
75 KB 75 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.html
f000.backblazeb2.com/file/organize-christmas-ee669cb0/ |
83 KB 83 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layoutf86f.css
smtptemp.site/email-list/schwab/css/ |
121 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contentf86f.css
smtptemp.site/email-list/schwab/css/ |
41 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
masterf86f.css
smtptemp.site/email-list/schwab/css/ |
120 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ps.css
smtptemp.site/email-list/schwab/css/ |
85 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
file68b6.css
smtptemp.site/email-list/schwab/css/ |
26 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
smtptemp.site/email-list/schwab/css/ |
4 KB 808 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-component-responsive-secondary
f000.backblazeb2.com/bundles/styles/lib/ |
0 0 |
Stylesheet
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SMART_BANNER_ICON_BACKGROUND_COLOR_Copy.png
smtptemp.site/email-list/schwab/images/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginlogoutpsd7308.png
smtptemp.site/email-list/schwab/images/ |
134 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Schwab-Icon-Font.ttf
f000.backblazeb2.com/fonts/ |
0 0 |
Font
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
schwabsafe_logo.svg
content.schwab.com/web/login/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background_image_exblur_dev2b.jpg
content.schwab.com/web/login/ |
61 KB 61 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Light.woff
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Regular.woff
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Light.ttf
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Regular.ttf
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Schwab-Icon-Font.woff
smtptemp.site/email-list/schwab/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Schwab-Icon-Font.ttf
smtptemp.site/email-list/schwab/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Light.woff?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Regular.woff?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Light.ttf?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Regular.ttf?v=1.0.0
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/schwab/css/fonts/Schwab-Icon-Font.woff?51abjd
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/schwab/css/fonts/Schwab-Icon-Font.ttf?51abjd
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x134f function| _0x319a object| Zlib function| $ function| jQuery function| mg function| getBaseHref function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bit.ly
client.schwab.com
content.schwab.com
f000.backblazeb2.com
smtptemp.site
client.schwab.com
smtptemp.site
104.153.233.177
23.79.147.199
2606:4700:3037::6815:4dbc
2a00:1450:4001:808::200a
2a00:1450:4001:828::200a
67.199.248.10
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
13dd6e94b589a02031a7bfc8824ba818f04ef38e883f8cfd046b6455a6793a6b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
3519e15519d8d5907d23f987d4ee35366f6c50b201200d1db91f5db5902f1a80
4128f7e0469a7c17a238524efe6ef384aa36f303f662cd38ab6484806e738840
4f380d4dbff23ca3aa1acba5c7683e1541e9e7b7ba7028f45693d5f000e02738
689137464c584b5cc1afb209ecf7e0ef9b0ac8648b0d0945561edaf46f650c40
7c6baaa1811ce6a74a51a95f551903d6334925ccb8b57b5bce56c698dda113fd
9735741384abae44bb29f9da6df9a3a285e68928c44e055dd431fef269c1cbb1
c43819a6148d57b994b8840eeb6ece04e8bfb19898771febb644a31e237b4074
d11d92322c0adc2bd5ba1acc1c26b4158fe89c90fa6544f8d998a569941d2f14
e87107962df2fa9db2bfb003dcb609f364cc8964242f1a7f8af98239e44ca472
f6253665cb203eb7b241ad30a4146d4692b3157649e634eba22c1daaedd57c25