f005.backblazeb2.com Open in urlscan Pro
149.137.136.16  Malicious Activity! Public Scan

URL: https://f005.backblazeb2.com/file/navgohoff/glogin.html
Submission Tags: phishing
Submission: On November 03 via api from US — Scanned from IT

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 149.137.136.16, located in United States and belongs to BACKBLAZE, US. The main domain is f005.backblazeb2.com. The Cisco Umbrella rank of the primary domain is 387499.
TLS certificate: Issued by R11 on October 7th 2024. Valid for: 3 months.
This is the only time f005.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
4 149.137.136.16 40401 (BACKBLAZE)
1 172.64.147.188 13335 (CLOUDFLAR...)
1 172.67.71.13 13335 (CLOUDFLAR...)
6 3
Apex Domain
Subdomains
Transfer
4 backblazeb2.com
f005.backblazeb2.com — Cisco Umbrella Rank: 387499
7 KB
1 logodownload.org
logodownload.org — Cisco Umbrella Rank: 181602
57 KB
1 fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 6169
29 KB
6 3
Domain Requested by
4 f005.backblazeb2.com f005.backblazeb2.com
1 logodownload.org f005.backblazeb2.com
1 pro.fontawesome.com f005.backblazeb2.com
6 3

This site contains no links.

Subject Issuer Validity Valid
backblazeb2.com
R11
2024-10-07 -
2025-01-05
3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-01-27
6 months crt.sh
logodownload.org
WE1
2024-09-10 -
2024-12-09
3 months crt.sh

This page contains 1 frames:

Primary Page: https://f005.backblazeb2.com/file/navgohoff/glogin.html
Frame ID: D54FCBE5F38D88899D488D845A6E34CE
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Yahoo Mail | Sign in

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

93 kB
Transfer

214 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request glogin.html
f005.backblazeb2.com/file/navgohoff/
3 KB
3 KB
Document
General
Full URL
https://f005.backblazeb2.com/file/navgohoff/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
149.137.136.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f005.backblazeb2.com
Software
nginx /
Resource Hash
ba4e01b0241bb011c599d61ceca6042976a95d9f2c245d3492b73b93eb4ffc61
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
2911
Content-Type
text/html
Date
Sun, 03 Nov 2024 14:10:46 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000
X-Bz-Upload-Timestamp
1704576626818
x-bz-content-sha1
0bdb091340167bc522df08e667fd729ee5ec7583
x-bz-file-id
4_z6e5ddc98aae8ea0387c20710_f112bbed03c3e7f25_d20240106_m213026_c005_v0501016_t0033_u01704576626818
x-bz-file-name
glogin.html
x-bz-info-src_last_modified_millis
1686915633528
all.css
pro.fontawesome.com/releases/v5.10.0/css/
153 KB
29 KB
Stylesheet
General
Full URL
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by
Host: f005.backblazeb2.com
URL: https://f005.backblazeb2.com/file/navgohoff/glogin.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.147.188 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Origin
https://f005.backblazeb2.com
Referer
https://f005.backblazeb2.com/

Response headers

access-control-max-age
3000
cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
W/"aa1272633e7e552395d147a499bad186"
access-control-allow-methods
GET
x-amz-request-id
TJZM9G567TC59GS1
cf-ray
8dccf322e8460dfe-MXP
access-control-allow-origin
*
date
Sun, 03 Nov 2024 14:10:46 GMT
content-type
text/css
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
server
cloudflare
last-modified
Mon, 28 Jun 2021 16:54:32 GMT
x-amz-id-2
GN/71jc0f2XnEbW1+SJvpx08UpRvpXOrBUv1cGZ7k2t5gaWRDJX1xHXUTMj/oPtKfr5IAbPgHhs=
gform.css
f005.backblazeb2.com/file/navgohoff/
1 KB
2 KB
Stylesheet
General
Full URL
https://f005.backblazeb2.com/file/navgohoff/gform.css
Requested by
Host: f005.backblazeb2.com
URL: https://f005.backblazeb2.com/file/navgohoff/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
149.137.136.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f005.backblazeb2.com
Software
nginx /
Resource Hash
0f549ec9f7abaaf6409bf193a6156746c92df5ff979c66a378f2e73e616c8533
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Referer
https://f005.backblazeb2.com/file/navgohoff/glogin.html

Response headers

Strict-Transport-Security
max-age=63072000
x-bz-file-id
4_z6e5ddc98aae8ea0387c20710_f11330d15c333c994_d20240106_m213025_c005_v0501008_t0051_u01704576625822
x-bz-info-src_last_modified_millis
1686915626175
X-Bz-Upload-Timestamp
1704576625822
x-bz-content-sha1
5bdee0e3e5c9b14ce2f6d9cb34a1eb056b0b51ee
Connection
keep-alive
x-bz-file-name
gform.css
Accept-Ranges
bytes
Content-Length
1218
Date
Sun, 03 Nov 2024 14:10:46 GMT
Content-Type
text/css
Server
nginx
gstyles.css
f005.backblazeb2.com/file/navgohoff/
1 KB
2 KB
Stylesheet
General
Full URL
https://f005.backblazeb2.com/file/navgohoff/gstyles.css
Requested by
Host: f005.backblazeb2.com
URL: https://f005.backblazeb2.com/file/navgohoff/glogin.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
149.137.136.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f005.backblazeb2.com
Software
nginx /
Resource Hash
b76cccd789fbc73288f948c24b4e2c311b8aa7fedfb026e20b76509f99193f4b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Referer
https://f005.backblazeb2.com/file/navgohoff/glogin.html

Response headers

Strict-Transport-Security
max-age=63072000
x-bz-file-id
4_z6e5ddc98aae8ea0387c20710_f1193ead6707b7fe6_d20240106_m213029_c005_v0501011_t0033_u01704576629914
x-bz-info-src_last_modified_millis
1686915630042
X-Bz-Upload-Timestamp
1704576629914
x-bz-content-sha1
24408727238f2d74888bc2b4dcdb4409ba7b508b
Connection
keep-alive
x-bz-file-name
gstyles.css
Accept-Ranges
bytes
Content-Length
1444
Date
Sun, 03 Nov 2024 14:10:46 GMT
Content-Type
text/css
Server
nginx
yahoo-logo-1.png
logodownload.org/wp-content/uploads/2019/09/
56 KB
57 KB
Image
General
Full URL
https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png
Requested by
Host: f005.backblazeb2.com
URL: https://f005.backblazeb2.com/file/navgohoff/glogin.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.71.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd5a09d5898d5480d063e1833c4d9bc3f509f3d7c672e0c0e973bb061a694ae2

Request headers

User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Referer
https://f005.backblazeb2.com/

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
age
2175
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KW6L1fUXnZEg6s2tg1GFmplVcD%2B%2BMrqnE0qW7T8HLc6jA9XSJ5xoFvA7u8%2FHrE3Ks61YxFR%2BoaGuEr4DL7BxISssFoMsjPpjaRsakud%2F7WtPNNXBHVEMHfXiAM6cTQet%2B%2BA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8dccf322acd28fd1-FRA
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=27022&sent=6&recv=7&lost=0&retrans=0&sent_bytes=4017&recv_bytes=2234&delivery_rate=150437&cwnd=158&unsent_bytes=0&cid=5720f606b76c8af7&ts=309&x=0"
content-length
57304
date
Sun, 03 Nov 2024 14:10:46 GMT
content-type
image/png
last-modified
Wed, 12 Aug 2020 20:27:15 GMT
vary
Accept-Encoding
server
cloudflare
download_afD_icon.ico
f005.backblazeb2.com/file/navgohoff/images/
94 B
344 B
Other
General
Full URL
https://f005.backblazeb2.com/file/navgohoff/images/download_afD_icon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
149.137.136.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS
f005.backblazeb2.com
Software
nginx /
Resource Hash
a87ef7b2a413f234985afa048f77baf7911825ddda1a8b3610fecdd2c3093272
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Referer
https://f005.backblazeb2.com/file/navgohoff/glogin.html

Response headers

Strict-Transport-Security
max-age=63072000
Cache-Control
max-age=0, no-cache, no-store
Content-Length
94
Date
Sun, 03 Nov 2024 14:10:47 GMT
Content-Type
application/json;charset=utf-8
Server
nginx
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://f005.backblazeb2.com/file/navgohoff/images/download_afD_icon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000