storageapi.fleek.co
Open in
urlscan Pro
2606:4700::6812:791
Malicious Activity!
Public Scan
Effective URL: https://storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/adoberedirect.html
Submission: On June 30 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700::68... 2606:4700::6812:791 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:82b::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 198.46.87.190 198.46.87.190 | 54641 (IMH-IAD) (IMH-IAD) | |
1 | 2606:4700:20:... 2606:4700:20::681a:e6e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 75.2.60.5 75.2.60.5 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 7 |
ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com |
ASN54641 (IMH-IAD, US)
PTR: server.outlookimport.com
www.outlooktransfer.com |
ASN16509 (AMAZON-02, US)
PTR: acd89244c803f7181.awsglobalaccelerator.com
mailmeteor.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
gstatic.com
encrypted-tbn0.gstatic.com |
8 KB |
2 |
fleek.co
1 redirects
storageapi.fleek.co — Cisco Umbrella Rank: 188601 |
18 KB |
1 |
mailmeteor.com
mailmeteor.com |
4 KB |
1 |
cutewallpaper.org
cutewallpaper.org — Cisco Umbrella Rank: 129580 |
102 KB |
1 |
outlooktransfer.com
www.outlooktransfer.com |
13 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2725 |
165 KB |
7 | 6 |
Domain | Requested by | |
---|---|---|
2 | encrypted-tbn0.gstatic.com |
storageapi.fleek.co
|
2 | storageapi.fleek.co | 1 redirects |
1 | mailmeteor.com |
storageapi.fleek.co
|
1 | cutewallpaper.org |
storageapi.fleek.co
|
1 | www.outlooktransfer.com |
storageapi.fleek.co
|
1 | upload.wikimedia.org |
storageapi.fleek.co
|
7 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
white-breeze-5523.on.fleek.co |
Subject Issuer | Validity | Valid | |
---|---|---|---|
fleek.co Cloudflare Inc ECC CA-3 |
2022-03-31 - 2023-03-30 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2021-10-19 - 2022-11-17 |
a year | crt.sh |
outlooktransfer.com cPanel, Inc. Certification Authority |
2022-06-17 - 2022-09-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-12 - 2023-05-12 |
a year | crt.sh |
mailmeteor.com R3 |
2022-06-19 - 2022-09-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/adoberedirect.html
Frame ID: 168C597B0C0C23A0443D6BD9136CFC52
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Sign in AdobePage URL History Show full URLs
-
http://storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/adoberedirect.html
HTTP 301
https://storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/adoberedirect.html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/adoberedirect.html
HTTP 301
https://storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/adoberedirect.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
adoberedirect.html
storageapi.fleek.co/83279f06-a1c2-41b0-acd7-cf8f31cd38a9-bucket/ Redirect Chain
|
30 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2048px-Microsoft_Office_logo_%282019%E2%80%93present%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/5/5f/Microsoft_Office_logo_%282019%E2%80%93present%29.svg/ |
164 KB 165 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roundcube-logo-square.jpg
www.outlooktransfer.com/wp-content/uploads/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
godaddy-107b5-logo-3535d-png-67773-and-f1fb9-vector-50e3c-logo-52417-download.png
cutewallpaper.org/24/godaddy-logo-png/ |
102 KB 102 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Gmail_Logo_256px.png
mailmeteor.com/logos/assets/PNG/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online) Microsoft (Consumer)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | block-all-mixed-content |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cutewallpaper.org
encrypted-tbn0.gstatic.com
mailmeteor.com
storageapi.fleek.co
upload.wikimedia.org
www.outlooktransfer.com
198.46.87.190
2606:4700:20::681a:e6e
2606:4700::6812:791
2620:0:862:ed1a::2:b
2a00:1450:4001:82b::200e
75.2.60.5
18886f75e3d2ba753b52a28e4dd76ed4b2da423d5d9573b2c5e48ca38c1bdd46
35e3560262a1b374d0bc00f4ae33894a1318dfa11864c456646f4d2cedf8069a
41aa86736d057e51a1ed2d48c9ffde57368833d3a68d63cb66428a43d3637182
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
87f1027e08338fcc576ab636af1e36fb48e2bd81e30d032bc9e11b11ed91ed6d
91423c9d61b2edb3f5754ac85753e97c7ae07b0e8ecca1ee5465aa6db6f66a8b
9dc5fbf65db91a8c1fc5a208512baf0eef03c729a896848fb655864c6fdc0ed8
b967b01eb154be5d343cc318741f0b893e7c6a9df84607385c79eb856f891976
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545
ddfae74eb552fee02548cd2f3b7f86512f8b087f6f80903d7d464130372172bc