Jump to content

f000.backblazeb2.com


JadeS
 Share

Recommended Posts

Hi,

 

f000.backblazeb2.com is being blocked for phishing. This is a widely used cloud storage  provider. I’m sure it has been connected with phishing campaigns in the past, but our use is not that, and most uses of b2 are legitimate. 
 

I found an earlier example of a b2 domain being blocked. Please give this due diligence so other websites using b2 don’t face this issue. 
 

Thank you

Link to post
Share on other sites

-Log Details-
Protection Event Date: 2/4/21
Protection Event Time: 4:31 PM
Log File: b4a59d4e-6738-11eb-993c-842b2bac4cc2.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1146
Update Package Version: 1.0.36735
License: Premium

-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Phishing
Domain: f000.backblazeb2.com
IP Address: 104.153.233.177
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Link to post
Share on other sites

4 minutes ago, JadeS said:

When will the next update be released?

Generally about 4 hours.

5 minutes ago, JadeS said:

will this ensure future allowed connections to f002.backblazeb2.com, or are subdomains handled separately?

My non official answer is that it was an IP block.

Link to post
Share on other sites

  • 6 months later...

We are a cloud based backup solution provider and use Backblazeb2.com as one of our destinations.  Over the last few weeks, many of our customers are seeing popups from Malware Bytes for F002.backblazeb2.com.  This is legitimate traffic and is clearly a false positive.  Can you please stop with whatver rules you have enabled that is causing this? 

Screen Shot 2021-08-11 at 12.57.47 PM.png

Link to post
Share on other sites

  • 2 months later...

I was chatting with the wife trying to explain how to identify bad links and she noticed something I missed!

They put c followed by l to make goclaclcly look like godaddy if you weren't paying attention.

f002.backblazeb2.com/file/goclaclcly-activator-secure-northern-dbase-004/goclaclcly-activator-secure-northern-dbase-tk.html#

Gives support some folders to check out anyway.

Link to post
Share on other sites

7 minutes ago, JustGotPhished said:

I just received a phishing email claiming my godaddy email was going to be deactivated unless I clicked the link which was to f002.backblazeb2.com/blahblah so I would say that's a good reason for AV to block that domain

Problem is any service can be used for these scams. There are dozens out that offer services like backblaze.

Link to post
Share on other sites

4 minutes ago, JustGotPhished said:

Gives support some folders to check out anyway.

When you encounter a scam like this it should be reported here. https://forums.malwarebytes.com/forum/155-newest-ip-or-url-threats/

Also never click links in email. Go directly to the source.

Did you fall for it? If so there is some damage control to do.

Link to post
Share on other sites

8 hours ago, Porthos said:

When you encounter a scam like this it should be reported here. https://forums.malwarebytes.com/forum/155-newest-ip-or-url-threats/

Also never click links in email. Go directly to the source.

Did you fall for it? AIf so there is some damage control to do.

Thankfully I did not. Really appreciate all the support.

Link to post
Share on other sites

  • 8 months later...
On 11/11/2021 at 11:01 AM, Porthos said:

When you encounter a scam like this it should be reported here.

This is Annalisa from the Backblaze Compliance team. If you find phishing or scammy links hosted on backblazeb2.com, please send them us via reportphishing @ backblaze.com. Our goal is to take them down asap but at least within 1 hour of the report.

We have many other tactics to stop them before the links make it out into the wild, but unfortunately some still slip through.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.