s3.us-east-005.backblazeb2.com Open in urlscan Pro
149.137.137.254 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html
Submission: On October 19 via manual (October 19th 2023, 5:15:57 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 13 HTTP transactions. The main IP is 149.137.137.254, located in United States and belongs to BACKBLAZE, US. The main domain is s3.us-east-005.backblazeb2.com. The Cisco Umbrella rank of the primary domain is 19496.
TLS certificate: Issued by R3 on October 17th 2023. Valid for: 3 months.

This is the only time s3.us-east-005.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	149.137.137.254 149.137.137.254	40401 (BACKBLAZE) (BACKBLAZE)
9	2606:4700:303... 2606:4700:3036::6815:299a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c09::5f	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::5f	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::5e	15169 (GOOGLE) (GOOGLE)
13	5

1 149.137.137.254 (United States)

ASN40401 (BACKBLAZE, US)
PTR: s3.us-east-005.backblazeb2.com

s3.us-east-005.backblazeb2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3036::6815:299a (United States)

ASN13335 (CLOUDFLARENET, US)

diekuiiea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::5f (Ashburn, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	diekuiiea.com diekuiiea.com	220 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 405 fonts.googleapis.com — Cisco Umbrella Rank: 49	32 KB
1	gstatic.com fonts.gstatic.com	48 KB
1	backblazeb2.com s3.us-east-005.backblazeb2.com — Cisco Umbrella Rank: 19496	16 KB
13	4

	Domain	Requested by
9	diekuiiea.com	s3.us-east-005.backblazeb2.com diekuiiea.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	diekuiiea.com
1	ajax.googleapis.com	s3.us-east-005.backblazeb2.com
1	s3.us-east-005.backblazeb2.com
13	5

This site contains no links.

Subject Issuer	Validity	Valid
backblazeb2.com R3	`2023-10-17` - `2024-01-15`	3 months	crt.sh
diekuiiea.com GTS CA 1P5	`2023-09-16` - `2023-12-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html
Frame ID: 50D66C7E74B20F66E52E077048C59E31
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

315 kB
Transfer

382 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200 Primary Request index.html Show response
s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/ 16 KB
16 KB 201ms
80ms Document
text/html 149.137.137.254
BACKBLAZE

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 149.137.137.254 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS: s3.us-east-005.backblazeb2.com
Software: /
Resource Hash: 4ce41c0b5fcccf358b53adc201db10a531bb7a9f7203761fcb1e88a5c4170ade

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 16293
Content-Type: text/html
Date: Thu, 19 Oct 2023 17:15:51 GMT
ETag: "db0d91958bb39ac673af91090d7a289f"
Keep-Alive: timeout=5
Last-Modified: Thu, 19 Oct 2023 15:29:49 GMT
x-amz-id-2: aNYsyGWTtOFU4xTjMMYZlLTOCZDk0rDeZ
x-amz-request-id: 6b3d13cad3622e11
x-amz-version-id: 4_z15129d7888e8418e83bd0417_f117ba8e1767ce5fb_d20231019_m152949_c005_v0501008_t0013_u01697729389180

GET
H2 200 style.css
diekuiiea.com/email-list/excel5/css/ 4 KB
1 KB 113ms
37ms Stylesheet
text/css 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://diekuiiea.com/email-list/excel5/css/style.css
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8eaf3ce65c9fd6dbb881cbb7a8fa4b6a7794d21d49aa1a76ef2af32d9b5f429

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 163347
etag: W/"64b804cb-ece"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZHLTY7RSVOCf1K0lXMlPgbWVpd2xD63VlinmhNt6KpDlXpFOV4bcjX36YZ7ww8s93u%2FRLpiRl%2BWXRNYbkuWdkRc%2FW3PgWhTFGPN3Mrrgn09BzUFZZRBke6UUYX1lkjMNAL6gbUVGc3WeAzd"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 818aaa5ffb2a4c21-MIA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 161ms
53ms Script
text/javascript 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s3.us-east-005.backblazeb2.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 13 Oct 2023 13:30:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Oct 2024 13:30:33 GMT

GET
H2 200 logo.png
diekuiiea.com/email-list/excel5/images/ 6 KB
7 KB 111ms
37ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/logo.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d301bbb4e8ced380c1975a2ca3890c0cc06a3c1c78ad6b36d45e652e7a0542d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 163348
alt-svc: h3=":443"; ma=86400
content-length: 6474
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
server: cloudflare
etag: "64b804cb-194a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CgGejCY3MTckaY5Q2Uj73jQAH%2BFgBGD%2Fj7vFrBBVIJO6eB3vzdpE1lPpwOi0R8ttQCXHOSB45QWRHl4L5nOOnI65ria15mZT939jxmm%2Bom%2F7v2FzbnVTNYakMyVwR2bedkg2VtCZwItinaB"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa5ffb2e4c21-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gmail.png
diekuiiea.com/email-list/excel5/images/ 5 KB
5 KB 112ms
38ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/gmail.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a90b5fa6d77d3b2afe97c72215abfebe27170f1b4307c71bb83c819fc0a27b6f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 163347
alt-svc: h3=":443"; ma=86400
content-length: 5272
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
server: cloudflare
etag: "64b804cb-1498"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4qhqgYWvFa6%2FT0clJLUVQZc1PYEAQncEnktAK3s%2Bq%2F5jc96kShmMSDqMy6nKGxtBTVpwJtnHOLpclHJM0Ntnzcrr3TctZT725d4FuqnQSUc%2BvkipzYeYfA1Yfsto400Qb5qGLBOoiTH%2Bqv%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa5ffb2f4c21-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 outlook.png
diekuiiea.com/email-list/excel5/images/ 5 KB
6 KB 110ms
36ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/outlook.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8739393ae7d356ee4f7e03814cdf2cef90f2f04e7cd4a68aedb67d8f53a0ba5d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 163347
alt-svc: h3=":443"; ma=86400
content-length: 5608
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
server: cloudflare
etag: "64b804cb-15e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2awI6yXoyD1ALIQcQTeJX%2BUU3T5TGgPQAPDqOYrjEWVFyVGixF2TCVId9bEN%2B291MLtpfqlz7z9VZQz%2BHXJsUKoDHFUS0Z%2BuHUhKEaNXVpZpX2kxsMbDNd2LrD%2FssfMNSrC8KpRmk6Jji5Q8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa5ffb2b4c21-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 aol-el.png
diekuiiea.com/email-list/excel5/images/ 5 KB
6 KB 114ms
41ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/aol-el.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1389ce073991b5dd4f76a7922d577a0f01526402481dfd48a863245bca92904c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 163347
alt-svc: h3=":443"; ma=86400
content-length: 5400
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
server: cloudflare
etag: "64b804cb-1518"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ymqv11%2Bt1iK5FhHJODRQhj41O1OqdGqYh5M5TI8wvZKt%2BNOGXWMQIOqjlehocHCcA1nPw5uKwiCb5yM8SfSVsdORu6GTEtI%2FfmgYuOjN6dl4uvCFj%2BBAq%2BTUhEr%2FPbnpvU4%2BizlDFsrXAmUt"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa5ffb2c4c21-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 office.png
diekuiiea.com/email-list/excel5/images/ 4 KB
5 KB 1353ms
1280ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/office.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0ed507810757b0fa96725b5ede8b0e72be4cbcfee70ca664924552b41de114d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:52 GMT
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64b804cb-119f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyGeySEhvQg3lZeEEdgloyXwFYUu4SNUr0sS9%2B1TXiHIyNWNIXc1wZZP%2B72UJxI2%2FLyrFaqr1NTC2Dxwgtt%2F1BCu374oCKnbV9gZNPSiCzlWw8OPBqJknyf587wthAaoGQ5NCk7JI%2BIE9%2BKr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa5ffb2d4c21-MIA
alt-svc: h3=":443"; ma=86400
content-length: 4511
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 yahoo.png
diekuiiea.com/email-list/excel5/images/ 4 KB
5 KB 40ms
39ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/yahoo.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c84c6a01e844c1a29e0a3ee63d5eb5f13fae24c6c9f3455e944394406d247b9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 163347
alt-svc: h3=":443"; ma=86400
content-length: 4441
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
server: cloudflare
etag: "64b804cb-1159"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLb2Q03lk7SSFOIvcZ6vuDE4dtZWdRZlNE2FyTIndvbUOATHGxlVyPzL30EDjW77dU5uo2caDEFTx7WicIL9tN1YV5QYEmncnuQ%2B%2FkPvlHDlYWeo6YwZ2UvbAIc8vjtb1zYKprS9QdBaf9SN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa603b7b4c21-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mail.png
diekuiiea.com/email-list/excel5/images/ 5 KB
5 KB 313ms
312ms Image
image/png 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/mail.png
Requested by: Host: s3.us-east-005.backblazeb2.com
URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fd3e60902a4cc0387a40638316545102c2a12ef4fa0cb8105415ba47150c61b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64b804cb-142e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0DfEtdmtWYIzg21PpYFE%2FJ%2FkZ70K490ejFOvJWjaXjmWNoT5o4JeXBqPCKdwJf5gqr%2BnLkP%2Bj6lwQZh974mA8MLQjog1jNJCOc%2F0YWG91pHfZcVfbX6SIUoPLTniT41nMNS2UIgSm%2Fm%2Frxd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa603b7c4c21-MIA
alt-svc: h3=":443"; ma=86400
content-length: 5166
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 173ms
62ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Requested by

Host: diekuiiea.com
URL: https://diekuiiea.com/email-list/excel5/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e9686aeea0055ab0c2b1f0eba66dec9b6dd487b4ec34b0fc9106edc7cd3a52cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://diekuiiea.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 19 Oct 2023 17:15:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 19 Oct 2023 16:39:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Oct 2023 17:15:51 GMT

GET
H3 200 bg.jpg
diekuiiea.com/email-list/excel5/images/ 179 KB
180 KB 39ms
38ms Image
image/jpeg 2606:4700:3036::6815:299a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://diekuiiea.com/email-list/excel5/images/bg.jpg
Requested by: Host: diekuiiea.com
URL: https://diekuiiea.com/email-list/excel5/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:299a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d98e41fc1f3f2227739b3cc59a3623a1f46790d1f9187335bfa658b15a0dd7c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://diekuiiea.com/email-list/excel5/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 17:15:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 49770
alt-svc: h3=":443"; ma=86400
content-length: 183739
last-modified: Wed, 19 Jul 2023 15:44:11 GMT
server: cloudflare
etag: "64b804cb-2cdbb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aiyFrao15RfG0rRN9O9TZqcnW%2Bc0%2BrhXe8CAz366ttuUP9Hi%2Bt87SvjH3jW0Uclu8m8x7KjIydZ8YbrBH1k%2Bnecu%2FMxO0UyJHb6hDCQAXR4z0zbhm5%2BuQx0kh0tbHgkLEleMxGjVAI86JstN"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 818aaa615f0a2604-MIA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 47 KB
48 KB 159ms
52ms Font
font/woff2 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s3.us-east-005.backblazeb2.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 18:36:37 GMT
x-content-type-options: nosniff
age: 599955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48432
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 18:36:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html? Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://s3.us-east-005.backblazeb2.com/academize-electrography-electrophoreses/index.html? Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
diekuiiea.com
fonts.googleapis.com
fonts.gstatic.com
s3.us-east-005.backblazeb2.com
149.137.137.254
2606:4700:3036::6815:299a
2607:f8b0:4004:c06::5f
2607:f8b0:4004:c09::5f
2607:f8b0:4004:c1d::5e
1389ce073991b5dd4f76a7922d577a0f01526402481dfd48a863245bca92904c
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3c84c6a01e844c1a29e0a3ee63d5eb5f13fae24c6c9f3455e944394406d247b9
4ce41c0b5fcccf358b53adc201db10a531bb7a9f7203761fcb1e88a5c4170ade
4fd3e60902a4cc0387a40638316545102c2a12ef4fa0cb8105415ba47150c61b
8739393ae7d356ee4f7e03814cdf2cef90f2f04e7cd4a68aedb67d8f53a0ba5d
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9d301bbb4e8ced380c1975a2ca3890c0cc06a3c1c78ad6b36d45e652e7a0542d
9d98e41fc1f3f2227739b3cc59a3623a1f46790d1f9187335bfa658b15a0dd7c
a90b5fa6d77d3b2afe97c72215abfebe27170f1b4307c71bb83c819fc0a27b6f
c8eaf3ce65c9fd6dbb881cbb7a8fa4b6a7794d21d49aa1a76ef2af32d9b5f429
e9686aeea0055ab0c2b1f0eba66dec9b6dd487b4ec34b0fc9106edc7cd3a52cb
f0ed507810757b0fa96725b5ede8b0e72be4cbcfee70ca664924552b41de114d

s3.us-east-005.backblazeb2.com Open in urlscan Pro 149.137.137.254 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

80 %IPv6

4 Domains

5 Subdomains

5 IPs

1 Countries

315 kBTransfer

382 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

s3.us-east-005.backblazeb2.com Open in urlscan Pro
149.137.137.254 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

315 kB
Transfer

382 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!