f004.backblazeb2.com Open in urlscan Pro
149.137.128.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Effective URL:
https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html
Submission: On February 18 via automatic, source openphish (February 18th 2022, 1:12:49 pm UTC) — Scanned from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 20 HTTP transactions. The main IP is 149.137.128.16, located in United States and belongs to BACKBLAZE, US. The main domain is f004.backblazeb2.com.
TLS certificate: Issued by R3 on February 8th 2022. Valid for: 3 months.

This is the only time f004.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	169.46.118.100 169.46.118.100	36351 (SOFTLAYER) (SOFTLAYER)
2	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3035::6815:2a46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	149.137.128.16 149.137.128.16	40401 (BACKBLAZE) (BACKBLAZE)
9	2606:4700:303... 2606:4700:3034::6815:189e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	6

1 169.46.118.100 (Irving, United States)

ASN36351 (SOFTLAYER, US)
PTR: 64.76.2ea9.ip4.static.sl-reverse.com

1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::200a (Queens, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:2a46 (United States)

ASN13335 (CLOUDFLARENET, US)

discoversmtp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.137.128.16 (United States)

ASN40401 (BACKBLAZE, US)
PTR: f004.backblazeb2.com

f004.backblazeb2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3034::6815:189e (United States)

ASN13335 (CLOUDFLARENET, US)

gohardsmtp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	gohardsmtp.com gohardsmtp.com	240 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 250	61 KB
1	backblazeb2.com f004.backblazeb2.com	77 KB
1	discoversmtp.com discoversmtp.com — Cisco Umbrella Rank: 629372	616 B
1	softlayer.net 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net	75 KB
20	5

	Domain	Requested by
9	gohardsmtp.com	1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net f004.backblazeb2.com
2	ajax.googleapis.com	1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
1	f004.backblazeb2.com	1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
1	discoversmtp.com	ajax.googleapis.com
1	1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
20	5

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-28` - `2023-01-28`	a year	crt.sh
backblazeb2.com R3	`2022-02-08` - `2022-05-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html
Frame ID: 1AD27B11DEDF910B7AAEDB44302FA51F
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Office 365

Page URL History Show full URLs

http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/w... Page URL
https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

65 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

1
Countries

453 kB
Transfer

563 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com Page URL
https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK index.html Show response
1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/ 74 KB
75 KB 116ms
51ms Document
text/html 169.46.118.100
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: HTTP/1.1
Server: 169.46.118.100 Irving, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 64.76.2ea9.ip4.static.sl-reverse.com
Software: Cleversafe /
Resource Hash: 1b257c2d931a1ccf80443c8320db27dd5f1204b428bcbfa333d339b6586badaf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

Date: Fri, 18 Feb 2022 13:12:39 GMT
X-Clv-Request-Id: d50a442c-7ddd-462b-9205-ec43db7f51b4
Server: Cleversafe
X-Clv-S3-Version: 2.5
Accept-Ranges: bytes
x-amz-request-id: d50a442c-7ddd-462b-9205-ec43db7f51b4
ETag: "5dff962dc973f6954c65bae89bf90d85"
Content-Type: text/html
Last-Modified: Fri, 28 Jan 2022 02:12:41 GMT
Content-Length: 76186

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 16ms
3ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 18 Feb 2022 06:08:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Feb 2023 06:08:52 GMT

GET
H2 200 redirect-to-url.php
discoversmtp.com/email-list/__vendor/ 75 B
616 B 2415ms
2304ms XHR
text/html 2606:4700:3035::6815:2a46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://discoversmtp.com/email-list/__vendor/redirect-to-url.php?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https%3A%2Fwww.amazon.com&fragment=
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2a46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Referer: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZ0dNCwho5eCUI%2B7Yf0Efw8AbgRjVYzckgNdHN98PuTSowpuoeBoiPP4Ms2zsFDz0CgK1BycAg4WyOzGf%2FDItPBwYlUQHWRCmqhOY11yFl5cHyUxfhzBNYfu4P%2BC2Ztcnmj%2FkcWkUlX5rKT3FXZr"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 6df78220d88017f1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200 Primary Request index.html Show response
f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/ 77 KB
77 KB 499ms
281ms Document
text/html 149.137.128.16
BACKBLAZE

General

Check archive.org

Show headers Download Go to

Full URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 149.137.128.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS: f004.backblazeb2.com
Software: /
Resource Hash: acac3e60ac52938fc48218eae45b7849bfc23d7d2b4d27eb69946720381ec4a2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/

Response headers

x-bz-file-name: index.html
x-bz-file-id: 4_z7dd4463c608e0dad7df6031e_f105eaceca024d12d_d20220218_m011800_c004_v0402006_t0015
x-bz-content-sha1: 883552f2c8571d3bae6855e763d8e397cba74b91
X-Bz-Upload-Timestamp: 1645147080000
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 78554
Date: Fri, 18 Feb 2022 13:12:41 GMT
Keep-Alive: timeout=5
Connection: keep-alive

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f004.backblazeb2.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 18 Feb 2022 08:13:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Feb 2023 08:13:37 GMT

GET
H2 200 microsoft_logo.svg
gohardsmtp.com/email-list/fdfhudfh2/assets/ 4 KB
2 KB 284ms
238ms Image
image/svg+xml 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/microsoft_logo.svg
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Feb 2022 09:05:13 GMT
server: cloudflare
etag: W/"620cbe49-e43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVJMHMwEvisJDoMHDaVUpMJQ6bG1iTXNbgBPVT2YBAr9TBU7Wl7gYQf25l18K86h1L0rhZKVWiJ62flR4qYonYjJ9f%2BRkm9%2BrZ0%2B54JZPTftRmayWrc%2BA4SU7i7xTMDYGsNkDrNw8CknenxZIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6df782337d198c09-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 voice-message.svg
gohardsmtp.com/email-list/fdfhudfh2/assets/ 2 KB
949 B 284ms
239ms Image
image/svg+xml 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/voice-message.svg
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 829adf6e395d89aac87f0dba6e009ab4b97ed6274bd793e6f2b95c4d2be2051e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Feb 2022 09:05:16 GMT
server: cloudflare
etag: W/"620cbe4c-82e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p618pvW8fdsmjyKagpXx73yWgBzggDpU4u0fmM7VNb35jVvow1N1HLBR5C5OUxc2yTJBDzQKJRtYnj6PgFDjZOMYFIWKEdCI3ai%2BS5ixLTNJeArPF88%2FoB8C1zuoOThdcCnHmhKvDE%2BjxBTc4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6df782337d1a8c09-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 google.png
gohardsmtp.com/email-list/fdfhudfh2/assets/ 4 KB
4 KB 280ms
235ms Image
image/png 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/google.png
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a95cf128e60997275120bcc511082dfb8b2fbd3ba1ba69d0a61cb05ba75fda1a

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3592
last-modified: Wed, 16 Feb 2022 09:05:16 GMT
server: cloudflare
etag: "620cbe4c-e08"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHLVi5G95WdT%2FBkXOHcQkJgthx%2F40OFm4CdkC6f1xNx%2FNih1BK4fFSVGB7JBBiDKOqJCL4ia4T1wJewziSzDTzjrZjwsqCw%2B6%2FW0cTSvlALYyPNG4LADI5XHadEKuQEIPZLJB0KNqHf6cCkPXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782337d1b8c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 outlook.png
gohardsmtp.com/email-list/fdfhudfh2/assets/ 3 KB
4 KB 282ms
236ms Image
image/png 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/outlook.png
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 903e28f0b146911fcf784ffaaed77b8de9d784edb413701c535f48fd6c76098e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3423
last-modified: Wed, 16 Feb 2022 09:05:12 GMT
server: cloudflare
etag: "620cbe48-d5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iEj9SFnpIexu%2BKyUj1Gbmf2fodq8LlgstjRXccNUXgTUyp2gkh66gTvG%2FXyeAUHZN%2FWSax4uttTlthXis6lwjILTTXsDcWWycmwnLqWYz%2B9AwKC%2F0Sn3CAIgJ%2B0cmb6WP1xInablUiEgE73cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782338d1c8c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Aol%20shape.png
gohardsmtp.com/email-list/fdfhudfh2/assets/ 4 KB
5 KB 281ms
235ms Image
image/png 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/Aol%20shape.png
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8265c58cbab5ee5bc959f8462f66c0c96960d838b453e11d137cd76793863529

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4339
last-modified: Wed, 16 Feb 2022 09:05:18 GMT
server: cloudflare
etag: "620cbe4e-10f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OHiWBhr9FaCSOFIBITZK8384BHyTFOP6KX1QbahQZrJjSSimwJkzdhzhpF1HTAn1kRAoCDmaqocbPQUyrG%2FeMsnwRop%2FFUqHQqp3P79ZQ2cv%2FQods27zNLwOmIpddSEzdeN2ARLY2eXbWvf2Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782338d1d8c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 office.png
gohardsmtp.com/email-list/fdfhudfh2/assets/ 3 KB
4 KB 295ms
250ms Image
image/png 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/office.png
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 124d9aa8391e28a8afb8727c691eb018389e3c1af07e59cc7f4a573aee53551b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3193
last-modified: Wed, 16 Feb 2022 09:05:12 GMT
server: cloudflare
etag: "620cbe48-c79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WrH%2BTZLg74BUTZV26t97SRGl8tyPMZDilKOq0mDnR2ENCYpnUmSVGO9VLx%2FrCMp8Bmm6sYqzdN0hm1QJDjACUFp3cvoSuz0lbCL49PLTjoxQ4JlVB6R1RheHfz7JiaX4P3tVQq81TV%2BbCdx2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782338d1e8c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 yahoo.png
gohardsmtp.com/email-list/fdfhudfh2/assets/ 3 KB
3 KB 263ms
237ms Image
image/png 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/yahoo.png
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97a7283dbd58e5209fbd2c9416901829c4655257b4f71f8480cee0a5bc3effc2

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3066
last-modified: Wed, 16 Feb 2022 09:05:14 GMT
server: cloudflare
etag: "620cbe4a-bfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mE5NfqUNJAzzXSJZMe2VUSwFkKwq5q%2F1CiVPczJ13gt1QopBdwndXtQvY94C4EWjXhsCCAU16v5fbBU%2BE3dcaCU%2BVpCoD2xlbJYvE%2FKu4DbrBR%2BxywRkX3OZ86y8JYp%2BtDymN10w0QL24OJU2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782337d168c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 other%20mails.png
gohardsmtp.com/email-list/fdfhudfh2/assets/ 5 KB
5 KB 261ms
236ms Image
image/png 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/other%20mails.png
Requested by: Host: 1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
URL: http://1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net/viperously/index.html?key=8c2356b5a3d23344dfe7f2c1f781db3d&redirect=https:/www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7eb644c95663eb3e724cd73b7203337cecbf4d6435ae1fa4cc96c3d153db28b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5295
last-modified: Wed, 16 Feb 2022 09:05:13 GMT
server: cloudflare
etag: "620cbe49-14af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yq9RQs9nQs14bguLAhb910Za5TZAZ7F4QI9U0vlmhHlEWuY11fBWGwOKXHdKxQBoHiG5Y5sXvm7AxxNIsXJEbkom7yQw%2FgQf2aAChILx%2FzVU15JQmVjTazQ56nToBq%2Bf6WVQn8ykJTGPe5%2FwBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782337d178c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bg.jpg
gohardsmtp.com/email-list/fdfhudfh2/assets/ 212 KB
212 KB 485ms
460ms Image
image/jpeg 2606:4700:3034::6815:189e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/bg.jpg
Requested by: Host: f004.backblazeb2.com
URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:189e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9776d7fcf45ba7a1d17cce95a26a4c1f1383ae43b8421920825bd3e2524beca

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://f004.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 13:12:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 216757
last-modified: Wed, 16 Feb 2022 09:05:14 GMT
server: cloudflare
etag: "620cbe4a-34eb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A749RKtkIxlYDSdKb8GyqfKEuiWz0hyyNiY5me9Md8%2FXFLQHxWZ3%2BnjYVndEvqVJQ9Hj8VE32ccXjDSH8XWcpj7tuPgnQS%2Fp1%2BjOgEVqmw4K6WHTUA5gegrU%2FLcW15WBuio7VyyYBlhi3Gx4Og%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6df782337d128c09-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET SegoeUI-SemiBold.woff2
gohardsmtp.com/email-list/fdfhudfh2/assets/ 0
0

GET SegoeUI.woff2
gohardsmtp.com/email-list/fdfhudfh2/assets/ 0
0

GET SegoeUI.woff
gohardsmtp.com/email-list/fdfhudfh2/assets/ 0
0

GET SegoeUI-SemiBold.woff
gohardsmtp.com/email-list/fdfhudfh2/assets/ 0
0

GET SegoeUI.ttf
gohardsmtp.com/email-list/fdfhudfh2/assets/ 0
0

GET SegoeUI-SemiBold.ttf
gohardsmtp.com/email-list/fdfhudfh2/assets/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gohardsmtp.com
URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.woff2

Domain: gohardsmtp.com
URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.woff2

Domain: gohardsmtp.com
URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.woff

Domain: gohardsmtp.com
URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.woff

Domain: gohardsmtp.com
URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.ttf

Domain: gohardsmtp.com
URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	error	URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Message: Access to font at 'https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.woff2' from origin 'https://f004.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Message: Access to font at 'https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.woff2' from origin 'https://f004.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Message: Access to font at 'https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.woff' from origin 'https://f004.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Message: Access to font at 'https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.woff' from origin 'https://f004.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Message: Access to font at 'https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.ttf' from origin 'https://f004.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://f004.backblazeb2.com/file/bludging-phyllodia-presbyteria/index.html Message: Access to font at 'https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.ttf' from origin 'https://f004.backblazeb2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://gohardsmtp.com/email-list/fdfhudfh2/assets/SegoeUI-SemiBold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1qh3nz9xt6.s3.us-south.objectstorage.softlayer.net
ajax.googleapis.com
discoversmtp.com
f004.backblazeb2.com
gohardsmtp.com
gohardsmtp.com
149.137.128.16
169.46.118.100
2606:4700:3034::6815:189e
2606:4700:3035::6815:2a46
2607:f8b0:4006:824::200a
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
124d9aa8391e28a8afb8727c691eb018389e3c1af07e59cc7f4a573aee53551b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1b257c2d931a1ccf80443c8320db27dd5f1204b428bcbfa333d339b6586badaf
8265c58cbab5ee5bc959f8462f66c0c96960d838b453e11d137cd76793863529
829adf6e395d89aac87f0dba6e009ab4b97ed6274bd793e6f2b95c4d2be2051e
903e28f0b146911fcf784ffaaed77b8de9d784edb413701c535f48fd6c76098e
97a7283dbd58e5209fbd2c9416901829c4655257b4f71f8480cee0a5bc3effc2
a95cf128e60997275120bcc511082dfb8b2fbd3ba1ba69d0a61cb05ba75fda1a
acac3e60ac52938fc48218eae45b7849bfc23d7d2b4d27eb69946720381ec4a2
b9776d7fcf45ba7a1d17cce95a26a4c1f1383ae43b8421920825bd3e2524beca
c7eb644c95663eb3e724cd73b7203337cecbf4d6435ae1fa4cc96c3d153db28b
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

f004.backblazeb2.com Open in urlscan Pro 149.137.128.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

65 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

6 IPs

1 Countries

453 kBTransfer

563 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

16 Console Messages

Indicators

f004.backblazeb2.com Open in urlscan Pro
149.137.128.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

65 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

1
Countries

453 kB
Transfer

563 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!