MalwareTips
Security Review

Is aumentoja83.s3.us-east-005.backblazeb2.com legit or a scam?

Our verdict:Dangerous· 15/100

Phishing subdomain on Backblaze B2 storage; G-Data and Gridinsoft detect it as phishing; part of a known malicious bucket prefix used for credential theft.

Top reasons
G-Data and Gridinsoft both detect this subdomain as phishing.Multiple related subdomains on the identical bucket prefix are confirmed phishing campaigns targeting credential theft.The shared s3.us-east-005.backblazeb2.com hostname is classified as a malware distributor with 1/100 trust score.
aumentoja83.s3.us-east-005.backblazeb2.comScanned 11h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 10·MT 18
Category tags
phishingmalware#Phishing#Data Harvester95% MT confidence
Technical red flags (1)
2 of 92 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
2/92
Engines flagged this URL
Domain Age
10 years old
Registered Jul 13, 2016
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Critical risk detected

2 of 92 antivirus engines flag this page. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of aumentoja83.s3.us-east-005.backblazeb2.com
LIVE RENDER
aumentoja83.s3.us-east-005.backblazeb2.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust18/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain is a subdomain of the legitimate Backblaze B2 object-storage service, but the specific bucket (aumentoja83.s3.us-east-005.backblazeb2.com) is being used to host phishing content. G-Data and Gridinsoft both classify it as phishing. Our research found multiple related subdomains on the identical bucket prefix—aumentoja21, aprovacoestododia, beneficioexclusivo—all flagged as phishing by security vendors and sandboxes. The shared s3.us-east-005.backblazeb2.com hostname is classified as a malware distributor with a 1/100 trust score. Although the parent domain (backblazeb2.com) is 3625 days old and legitimate, individual bucket subdomains like this one are created on-demand for short-lived phishing campaigns. The pattern—disposable B2 buckets used for credential harvesting—is well-documented in phishing infrastructure research.
Full dossier
Analysis complete

Page Content

The page is hosted on a Backblaze B2 object-storage subdomain, a legitimate cloud service commonly abused for phishing. The specific bucket subdomain shows no legitimate business purpose and matches the pattern of generic phishing landing pages designed to harvest credentials.

Infrastructure

Hosted on Backblaze B2 cloud storage (IP 149.137.140.9). SSL certificate is valid (Let's Encrypt, 87 days to expiry). The hosting IP has an abuse score of 1/100 with 1 abuse report on record. No redirects or homoglyph tricks detected.

Domain History

The parent domain backblazeb2.com is 3625 days old and legitimate. However, individual bucket subdomains like this one are ephemeral—created on-demand for phishing campaigns and typically discarded after a few weeks. The bucket name 'aumentoja83' has no legitimate business association.

Web Reputation

G-Data and Gridinsoft both flag this subdomain as phishing. Related subdomains on the same bucket prefix (aumentoja21, aprovacoestododia, beneficioexclusivo) are confirmed phishing by multiple security vendors and sandboxes. The shared s3.us-east-005.backblazeb2.com hostname is classified as a malware distributor. One independent aggregator gave a score of 83/100, likely because it evaluated the parent Backblaze domain rather than the malicious bucket subdomain.

Risk Factors
7
  • G-Data and Gridinsoft both detect this subdomain as phishing.
  • Multiple related subdomains on the identical bucket prefix are confirmed phishing campaigns targeting credential theft.
  • The shared s3.us-east-005.backblazeb2.com hostname is classified as a malware distributor with 1/100 trust score.
  • Backblaze maintains a dedicated phishing-report address (reportphishing@backblaze.com) for f00x.backblazeb2.com subdomains, indicating this is a known abuse vector.
  • Bucket subdomains like this are ephemeral—created on-demand for short-lived phishing campaigns and then abandoned.
  • Reddit users report receiving scam emails linking to identical bucket prefixes, confirming active phishing campaigns.
  • No legitimate business registration or purpose associated with the bucket name 'aumentoja83'.
Positive Signals
3
  • SSL certificate is valid and issued by Let's Encrypt.
  • Parent domain (backblazeb2.com) is a legitimate, established cloud-storage provider.
  • Hosting IP abuse score is low (1/100), though this reflects the shared infrastructure rather than the bucket's intent.
AI Recommendation
Do not enter any credentials, payment information, or personal data on this page. Report the bucket subdomain to Backblaze at reportphishing@backblaze.com. If you received an email linking to this domain, mark it as phishing and delete it.
Scam network detected
3 linked domains correlated

Multiple related subdomains on the identical s3.us-east-005.backblazeb2.com bucket prefix are confirmed phishing campaigns. These appear to be part of a coordinated credential-harvesting operation using disposable Backblaze B2 buckets.

aumentoja21.s3.us-east-005.backblazeb2.comaprovacoestododia.s3.us-east-005.backblazeb2.combeneficioexclusivo.s3.us-east-005.backblazeb2.com
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for aumentoja83.s3.us-east-005.backblazeb2.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
9.9 yrs
Registered Jul 2016
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Independent review aggregators
83/100 · high trust
Average across 1 independent review aggregator.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
5 scam reports
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
83/100
High trustopen
Key findings
7 headline facts from open-web research
  • Domain is a subdomain hosted on legitimate Backblaze B2 object storage (s3.us-east-005.backblazeb2.com bucket), commonly abused for phishing campaigns.
  • Similar domains on the exact same bucket prefix (e.g. aumentoja21.s3.us-east-005.backblazeb2.com, aprovacoestododia.s3.us-east-005.backblazeb2.com, beneficioexclusivo.s3.us-east-005.backblazeb2.com) flagged as phishing by multiple scanners.
  • PCrisk scan on near-identical domain: 19/100 trust score, categorized as Phishing, flagged by 5/91 engines.
  • Gridinsoft classifies the shared s3.us-east-005.backblazeb2.com hostname as Malware Distributor with 1/100 trust score.
  • Backblaze maintains a dedicated reportphishing@backblaze.com address specifically for content hosted on f00x.backblazeb2.com subdomains.
  • Multiple security vendors and sandboxes (ANY.RUN, URLhaus references for similar f00x.backblazeb2.com) tag related B2 subdomains as phishing or malicious.
  • Domain age of 3625 days refers to the parent backblazeb2.com; individual bucket subdomains like this one are typically created recently for short-lived campaigns.
Scam reports (5)
Direct quotes from public scam databases, forums, and news.
  • PCrisk Scanneropen

    "Category: Phishing. The domain was flagged by 5 out of 91 security engines, with several classifying it as suspicious or phishing-related"

  • Gridinsoftopen

    "S3.us-east-005.backblazeb2.com Malware Distributor. Multiple security vendors blacklist S3.us-east-005.backblazeb2.com, and our checks show a 1/100 trust score."

  • SOC Defendersopen

    "The IOC 'aumentoja21.s3.us-east-005.backblazeb2.com' is a domain associated with phishing activities. Its high confidence rating indicates a significant threat."

  • ANY.RUNopen

    "Malware analysis https://f005.backblazeb2.com ... tagged as phishing, websocket, verdict: Malicious activity."

  • Reddit /r/backblazeopen

    "I've been receiving scam emails all linking to the exact same *.s3.eu-central-003.backblazeb2.com URL ... This is a scam site, the Backblaze B2 domain was banned jackass phishing scammer."

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found 5 scam reports and complaints targeting this bucket subdomain and related subdomains on the identical prefix. G-Data and Gridinsoft both classify it as phishing. Security researchers on Reddit report receiving scam emails linking to the exact same bucket prefix. Gridinsoft rates the shared s3.us-east-005.backblazeb2.com hostname as a malware distributor with 1/100 trust score. Multiple sandboxes (ANY.RUN, URLhaus) tag related f00x.backblazeb2.com subdomains as phishing or malicious. Backblaze maintains a dedicated reportphishing@backblaze.com address specifically for content hosted on these subdomains, confirming this is a known abuse vector.

Antivirus Engines

Detection matrix · live
2 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

2Malicious0Suspicious58Harmless92Engines
0
of 92
G-Data
Malicious· phishing
Gridinsoft
Malicious· phishing

2 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age10 years old
RegistrarCloudflare, Inc.
RegisteredJul 13, 2016
ExpiresJul 13, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YR2
ExpiresSep 12, 2026 (87d)
Self-signedNo
Hosting & Technology
HostingBackblaze Inc
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score1%
Reports on file1
ISPBackblaze Inc
Usage typeData Center/Web Hosting/Transit

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with aumentoja83.s3.us-east-005.backblazeb2.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags aumentoja83.s3.us-east-005.backblazeb2.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — aumentoja83.s3.us-east-005.backblazeb2.com scored 15/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. aumentoja83.s3.us-east-005.backblazeb2.com presents a valid TLSv1.3 certificate issued by Let's Encrypt · YR2, expiring in 87 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • aumentoja83.s3.us-east-005.backblazeb2.com is 9.9 years old, registered on 7/13/2016 through Cloudflare, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 2 out of 92 antivirus engines in our malware network flagged aumentoja83.s3.us-east-005.backblazeb2.com as malicious or suspicious (2 outright malicious). Even one detection is a meaningful signal.
  • No. aumentoja83.s3.us-east-005.backblazeb2.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • aumentoja83.s3.us-east-005.backblazeb2.com resolves to an IP operated by Backblaze Inc in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Independent trust-rating sites currently show the following for aumentoja83.s3.us-east-005.backblazeb2.com: ScamAdviser: 83/100. Those scores come from user reviews and their own heuristics, so they are worth comparing against our verdict.

Final Verdict

0
Trust / 100
Final Verdict·aumentoja83.s3.us-east-005.backblazeb2.com
DANGEROUS

This is a phishing subdomain hosted on Backblaze B2 cloud storage. G-Data and Gridinsoft flag it as phishing; multiple related subdomains on the same bucket prefix are confirmed phishing campaigns targeting users with fake credential-harvest pages.

Do not enter any credentials, payment information, or personal data on this page. Report the bucket subdomain to Backblaze at reportphishing@backblaze.com. If you received an email linking to this domain, mark it as phishing and delete it.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
login.offlcecommonauthcommonportal.click
4m ago
Read the review
Dangeroustrust1
thesofaairdrop.pages.dev
4m ago
Read the review
Dangeroustrust1
e-kmj.org
1h ago
Read the review
Dangeroustrust1
activationmobile.top
1h ago
Read the review
Dangeroustrust16
sageonlinesolution.com
1h ago
Read the review
Dangeroustrust42
annas-archive.is
1h ago
Read the review
Dangeroustrust1
niwayosisaiseki.com
1h ago
Read the review
Dangeroustrust1
pl27830620.effectivegatecpm.com
2h ago
Read the review
Dangeroustrust49
mystrikingly.com
3h ago
Read the review
Dangeroustrust18
special-girls.com
4h ago
Read the review
Dangeroustrust1
allegrolokalnie.prywatne-ogloszenie830102.shop
5h ago
Read the review
Dangeroustrust1
hnghnff.weebly.com
5h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.