f002.backblazeb2.com
Open in
urlscan Pro
206.190.215.16
Malicious Activity!
Public Scan
Effective URL: https://f002.backblazeb2.com/file/beknotted-cryonics-monorganic/index.html
Submission: On September 21 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on July 19th 2021. Valid for: 3 months.
This is the only time f002.backblazeb2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.118.35 167.89.118.35 | 11377 (SENDGRID) (SENDGRID) | |
1 | 206.190.215.16 206.190.215.16 | 32354 (UNWIRED) (UNWIRED) | |
10 | 104.21.9.8 104.21.9.8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net
u17030614.ct.sendgrid.net |
ASN32354 (UNWIRED, US)
PTR: f002.backblazeb2.com
f002.backblazeb2.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
jasoncafe.com
jasoncafe.com |
192 KB |
1 |
backblazeb2.com
f002.backblazeb2.com |
76 KB |
1 |
sendgrid.net
1 redirects
u17030614.ct.sendgrid.net |
277 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
10 | jasoncafe.com |
f002.backblazeb2.com
|
1 | f002.backblazeb2.com | |
1 | u17030614.ct.sendgrid.net | 1 redirects |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
backblazeb2.com R3 |
2021-07-19 - 2021-10-17 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-13 - 2022-09-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://f002.backblazeb2.com/file/beknotted-cryonics-monorganic/index.html
Frame ID: D2E2D8D4D48CEDD7521CE4067906DCC4
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
DropboxPage URL History Show full URLs
-
https://u17030614.ct.sendgrid.net/ls/click?upn=6oKAVPUBqlsfzGlzC3sCEuQuuveXUvxYOpZ0yF8p7p8j7xEs2MQljQD7VUcByWU...
HTTP 302
https://f002.backblazeb2.com/file/beknotted-cryonics-monorganic/index.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u17030614.ct.sendgrid.net/ls/click?upn=6oKAVPUBqlsfzGlzC3sCEuQuuveXUvxYOpZ0yF8p7p8j7xEs2MQljQD7VUcByWUa-2FPj0xKAr7MP0iph6hVadHyY5fImHyDoD1iqGY-2BdakQ4Y-2BpcWAzBEAWNO00ezpXJEyKjv_OLpEA5q9Awjc6kXkkOeIsrvPkJgxZeAOrK12c4pw19uMUTjECZH2Z1VCmGb3CzYR4k9ctvkukY0cWCVzswwtq-2BwgkIjscIOi1yJdapZunW66xB902FUaIsV2wU03uz7giHJHNqECdLfJHN2mpPe1YYLT9O6NytoPu-2FNZeThaG3x0lBUipVHxeOJUWksy4vJ-2B2HyfQXpo7oSESfl4Ss7h7A-3D-3D
HTTP 302
https://f002.backblazeb2.com/file/beknotted-cryonics-monorganic/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
f002.backblazeb2.com/file/beknotted-cryonics-monorganic/ Redirect Chain
|
76 KB 76 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12.png
jasoncafe.com/email-list/onedrivedbhcsyd32/img-css/ |
83 KB 84 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| _0x101f function| _0x2f78 object| Zlib function| templatePage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
f002.backblazeb2.com
jasoncafe.com
u17030614.ct.sendgrid.net
104.21.9.8
167.89.118.35
206.190.215.16
172f4e7bb8722658406f6e13a53f5a7a3a9083e128d12e8047fc55f8d0f8fa37
2477b4b08ccdc262123a0e0029b7d45fc557ea9d553718aa480ace142c58cccf
273f5fe56e9a657897a81292f054876d116e9cc40589908854cb8f538dacffaa
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
9d2c57835ca05ea901cdc07680921aef273c35bb043941db3b468a2adb7f3f82
a79b778e9148a5614d90632ed3ed1928a06413d84f95948f0004884e682a7462
cbba2402feb0b7a6cacf40ccfeb5b2d5ea9e12c4fd7784585914a5d5febec453
cd9a5febfc8486b2ea7f266070cb03523ad5f7cdc5af22ac2db8ae3552a2578d
d8f5475680fc496ea93eacfd03a943b973b26ed321bce038b02f64ee3bf4916f
f980da766be71a530a32fb7fc66fd4d2e30cd33630d9c24b9720f72c94e9ae9d
fd2568a85b9b6337ce89cc0fe85a80704180ce9be1027fa96d11f3eb90b94401