urlscan.io logo urlscan.io
SecurityTrails logo

storageapi.fleek.co Open in urlscan Pro
2606:4700::6812:791  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Effective URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Submission: On May 25 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 16 HTTP transactions. The main IP is 2606:4700::6812:791, located in United States and belongs to CLOUDFLARENET, US. The main domain is storageapi.fleek.co. The Cisco Umbrella rank of the primary domain is 196128.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
9 52.218.251.25 16509 (AMAZON-02)
3 2620:1ec:46::45 8068 (MICROSOFT...)
1 68.66.226.75 55293 (A2HOSTING)
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
16 6
2    2606:4700::6812:791 (United States)

ASN13335 (CLOUDFLARENET, US)
storageapi.fleek.co
9    52.218.251.25 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com
abc000x.s3.us-west-2.amazonaws.com
3    2620:1ec:46::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msauth.net
1    68.66.226.75 (United States)

ASN55293 (A2HOSTING, US)
PTR: az1-ts1.a2hosting.com
aronwebsolutions.com
2    2a06:98c1:3120::a (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
Apex Domain
Subdomains		 Transfer
9 amazonaws.com
abc000x.s3.us-west-2.amazonaws.com
734 KB
3 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1324
22 KB
2 fontawesome.com
ka-f.fontawesome.com — Cisco Umbrella Rank: 2955
18 KB
2 fleek.co
storageapi.fleek.co — Cisco Umbrella Rank: 196128
90 KB
1 aronwebsolutions.com
aronwebsolutions.com
2 KB
16 5
Domain Requested by
9 abc000x.s3.us-west-2.amazonaws.com storageapi.fleek.co
3 aadcdn.msauth.net storageapi.fleek.co
2 ka-f.fontawesome.com abc000x.s3.us-west-2.amazonaws.com
2 storageapi.fleek.co 1 redirects
1 aronwebsolutions.com storageapi.fleek.co
16 5

This site contains no links.

Subject Issuer Validity Valid
fleek.co
Cloudflare Inc ECC CA-3		 2022-03-31 -
2023-03-30		 a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon		 2021-12-17 -
2022-11-29		 a year crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2022-05-24 -
2023-05-24		 a year crt.sh
aronwebsolutions.com
cPanel, Inc. Certification Authority		 2022-04-07 -
2022-07-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-12 -
2022-09-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Frame ID: ED1006F74F85078EA7120529B79F9297
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

  1. http://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondoc... HTTP 301
    https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondoc... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

1
Countries

865 kB
Transfer

1477 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html HTTP 301
    https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.toaccesscommondocument.a7bE34Lt_uri.html
storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/
Redirect Chain
  • http://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
  • https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
548 KB
90 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
423bfba64d4fd5a278cdada631c18ab8ea917ff78c96b8e67533e7bdb8558e1b
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
710a5bfcab80901e-FRA
content-encoding
gzip
content-security-policy
block-all-mixed-content
content-type
text/html
date
Wed, 25 May 2022 01:04:51 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Fri, 06 May 2022 15:18:50 GMT
server
cloudflare
vary
Origin
x-amz-request-id
16F2338C64ABB932
x-xss-protection
1; mode=block

Redirect headers

CF-RAY
710a5bfc4eba91de-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Wed, 25 May 2022 01:04:50 GMT
Expires
Wed, 25 May 2022 02:04:50 GMT
Location
https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
jquery.min.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		84 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery.min.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e302f49181251a403177480c80f677dd129c566e693443453e2bc14db47c51ea

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:54 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:17 GMT
Server
AmazonS3
x-amz-request-id
ANF11KYG51CGZ677
ETag
"ae32e3a8b23b3c22e9954018a8f50771"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
85628
x-amz-id-2
UplJbNeYhtMHqCJKKdvRrPBwq21xAC4wiNFEtKgq8vGOXp8cIlok/pYJ2g73K4DAENDdP671D8o=
jquery-3.1.1.min.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.1.1.min.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
17c6f5cb588cf68e1d846863b21ccd1261b61a955d28c40caa3cee6f4942935b

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:54 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:18 GMT
Server
AmazonS3
x-amz-request-id
ANFE2CPR3P3V40EQ
ETag
"d72b3148cc9e1ad1e428aea9d7a03565"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
86759
x-amz-id-2
J0bpxd1rTkpLGH7tg444Q+1Oq/X9O8XKMpnjcgdNyAFEzzjvH0UmuLZ/RAVt4u5YTxg5ixRKjoI=
jquery-3.3.1.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		276 KB
276 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.3.1.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
53847ae03a6d9bceb4f438cf1b50a7a37d7105130835208cd0b887d90ba46def

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:54 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:21 GMT
Server
AmazonS3
x-amz-request-id
ANFCKMNRM2MC55VA
ETag
"e445669af64b8a010cd0cb09c1e0c1d0"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
282165
x-amz-id-2
5RL7fZzdGB/XVHmgHMkEoq9Y695vINWo/gFtOKcv+JY94stYJcyal6ie0zHUjIPP6xa3b4RQKBY=
converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		106 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8

Request headers

Referer
https://storageapi.fleek.co/
Origin
https://storageapi.fleek.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 25 May 2022 01:04:51 GMT
content-encoding
gzip
x-azure-ref-originshield
0rVWNYgAAAABfpg22f0wmTLb2hYYs7zIDQU1TMDRFREdFMTgxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-md5
/7H4IR1YAHBHDqgAZw2T1Q==
x-cache
TCP_HIT
content-length
19750
x-ms-lease-status
unlocked
last-modified
Tue, 18 Aug 2020 21:44:27 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D843BFE1586E6F
x-azure-ref
0tICNYgAAAAASE8mmkyG8RImBju025SJVRlJBRURHRTEwMTMAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4d6a0be9-201e-0045-42c3-6b6368000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
bootstrap.min.css
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/bootstrap.min.css
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
efaf2cabafd973e92f54e8b8ba760018ffa02bcdb63cdab01c219b570c21a2fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 25 May 2022 01:04:54 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:08 GMT
Server
AmazonS3
x-amz-request-id
ANF9Z378EJ4H6R2D
ETag
"1e5b180ea96b35ab0a33865ab541cfee"
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
144934
x-amz-id-2
4/Roabn/SrS3X1Up1rHDkJGc+yDeh3XfsulL3y2XnVILWcI1VZyE6KgvSyg/ZUNMfb/lGdrpAGg=
family=Archivo+Narrow&display=swap.css
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/family=Archivo+Narrow&display=swap.css
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers
main.style.css
aronwebsolutions.com//git/bg123a/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aronwebsolutions.com//git/bg123a/main.style.css
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.226.75 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ts1.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
e39e197f5555c261ce72908fe575089cc44a00d5a548f0587077e02a90eb85aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

cf-edge-cache
no-cache
date
Wed, 25 May 2022 01:04:53 GMT
cache-control
private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
last-modified
Wednesday, 25-May-2022 01:04:53 GMT
server
imunify360-webshield/1.18
content-type
text/css
5051251.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/5051251.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
450fca8a717252e0b5820af945aa199405db752bde94a452e6612441768d44f4

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:54 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:05 GMT
Server
AmazonS3
x-amz-request-id
ANFBR6Z3PFX29GAY
ETag
"ecc21637437ade8afa1bf3cea287e18a"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
10914
x-amz-id-2
zJo1IMyeX7+YHWnqXrfUmMkXIjK7ZzsdwbRPHylswohFWZcaR+jXxZRNjkbiXnfZdh5PNdlNEBw=
free.min.css
ka-f.fontawesome.com/releases/v5.15.2/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.2/css/free.min.css?token=585b051251
Requested by
Host: abc000x.s3.us-west-2.amazonaws.com
URL: https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/5051251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c7bba7deb64ff95e98f7ac8cd0d3b675a4bcf02f302e57edc5a1d6fa3d6cf94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 01:04:54 GMT
via
1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA60-P2
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 13 Jan 2021 18:32:18 GMT
server
cloudflare
etag
W/"4ecc071b77d6b1790fa9fb8a5173f972"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfnBSB5jafSr0HLx2DvjQ38zIp5pxwHrWws%2FG%2BCLV%2FTWfpz7HplMXi8N4OFNE1HOMdQI19TTYRl5CZJRrRSZXSNf3NLfBrKgrqFL2U9fQv0gBLYxgaOsREn1sYg%2BfiCsL8WCkus4VUQSWl4R1ZOh0pSnpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
710a5c137fcf695b-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
ou9ODqEJfn6-7-fKPc69nepBkZ_3-hHfsPP9oS-471tQLVVgDyEuyQ==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.2/css/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-shims.min.css?token=585b051251
Requested by
Host: abc000x.s3.us-west-2.amazonaws.com
URL: https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/5051251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7cc3c57f9bda4c6dcb83bb3c19f2f2aa86ecec6274e243cd4ec315ae8e30101

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 01:04:54 GMT
via
1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA60-P2
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 13 Jan 2021 18:32:17 GMT
server
cloudflare
etag
W/"1848e71668f42835079e5fa2af6cf4a8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63gKT%2BApvwIpnirAuLlpW%2BZ2MQ%2BnI%2F6ThBYPaXqnGq%2BQBSrztCEwbQ%2FUpg%2B9OdFgsOSvnU7l%2BNMSqahmYBQf7FzJ4h1BVsZqPOTeDnF1NRp1Lgr%2BtowBSZQxmnzYho9e50CizEB4so7WWHE9RqZpjbG%2FhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
710a5c137fd0695b-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
42FX9is18s4-TvR4Q9cfMMs7zuIOCWitNr0v76Yo3FGmQk3CS3DrGA==
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f508cf3427fbb7e4ad8650b6d8fc8ba0d186e4e3e62eb9a257295f45291c9260

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
jquery-3.2.1.slim.min.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		68 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.2.1.slim.min.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
ba19c068b1fa0a891da87472bb85e4da56b9b36d935908ecda075aee04991204

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:56 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:19 GMT
Server
AmazonS3
x-amz-request-id
5JMWZMW1SWCZP6TZ
ETag
"50d7eb415683330006cf8e7eb71b4e4c"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
69647
x-amz-id-2
o65mJdJQAbe1XI8xuTbBDlagHUNF/YpKz624gVhhaCsm9ZysJRZEDCP/nXPD/NYf9SsoJ5KZdUE=
signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		2 KB
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 25 May 2022 01:04:54 GMT
content-encoding
gzip
x-azure-ref-originshield
0h1ONYgAAAABWwk61tyMJS4uJhYaG7PkQQU1TMDRFREdFMTkyMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-md5
R2FAVxfpONfnQAuxVxXbHg==
x-cache
TCP_HIT
content-length
621
x-ms-lease-status
unlocked
last-modified
Tue, 10 Nov 2020 03:41:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D8852A7FA6B761
x-azure-ref
0t4CNYgAAAAAhuWEpTl/pSoKQSWJsjUBdRlJBRURHRTEwMDkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
4cd352a1-901e-003e-2762-6fb47f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
popper.min.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		19 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/popper.min.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
7fe4cb65ec5651dd7c64a8118ce631fdbbd62bdd6fb16b8e54faed836c55b122

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:56 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:25 GMT
Server
AmazonS3
x-amz-request-id
5JMM1Z64WFEGMVMP
ETag
"577d614cc3e2a9ed0c9114da411d2fa0"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
19243
x-amz-id-2
boAnja0zhzOULLCv3jtUKzgJU6mm6eYL6tEXWDF6zsHJ69K/YoZwVocJKRM456iiHC9uZDYzr2A=
bootstrap.min.js
abc000x.s3.us-west-2.amazonaws.com/xyz000x/ 		48 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/bootstrap.min.js
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.251.25 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
29db8702986257883443c8772092f6e9e6e33e6e180093f939c6c86b54039f25

Request headers

Referer
https://storageapi.fleek.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 25 May 2022 01:04:56 GMT
Last-Modified
Sat, 23 Apr 2022 00:43:10 GMT
Server
AmazonS3
x-amz-request-id
5JMRT0QHA4M4VPND
ETag
"917feccddd1f412fcda6516ee248ee1b"
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
48998
x-amz-id-2
35J7LVqWuwoQnK1sgxnF5HWHlzCS1RijJnzdpxOlUZwjx2Mvx7KKtNl1R+Cdnd5LigrIHhRap8k=
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 25 May 2022 01:04:54 GMT
content-encoding
gzip
x-azure-ref-originshield
0h1ONYgAAAAAC7fwbnACYRJ8i7w+axczEQU1TMDRFREdFMTkyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-md5
DhdidjYrlCeaRJJRG/y9mA==
x-cache
TCP_HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 12 Feb 2020 22:01:30 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D7B0071D86E386
x-azure-ref
0t4CNYgAAAADtk8aJKBdWR4WCR+VCyFT5RlJBRURHRTEwMDkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
a2cae2dd-701e-0020-2562-6fa640000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| WriteHTMLtoJS function| _0x2327 function| _0x345f0c function| _0x262060 function| _0x5e2761 function| _0x3eba77 function| _0x1a8f11 function| _0x561f59 function| _0x62ad function| $ function| jQuery object| FontAwesomeKitConfig function| _0x301c47 function| _0x58d391 function| _0x1a7ca9 function| _0x368c function| _0x30e659 function| _0x201656 function| _0x344baa function| _0x1b29 function| _0x1cbf9c function| _0x2a33 function| _0x580536 function| _0x61ed6e function| _0x3fbd55 function| _0x213fbe function| _0x50ad function| _0x91501c function| _0x8fb59e function| _0x400d6b function| _0x558146 function| _0x2e28 function| _0xca060a function| _0x3faebf function| _0x56310c function| _0x499c function| Popper object| bootstrap function| _0x326c76 function| _0x133783 function| _0x53d26b function| _0x4c1af4 function| redirectCU function| _0x5ca6 function| _0x3b3fc2 function| _0x5846 function| redirectKK function| _0xe3869c string| add undefined| fFTARJ undefined| kJcBRb undefined| final undefined| base64regex undefined| my_slice undefined| my_add undefined| c undefined| ind

0 Cookies

12 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.3.1.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/5051251.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html(Line 31)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html(Line 33)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/family=Archivo+Narrow&display=swap.css
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html(Line 51)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html(Line 51)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html(Line 51)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://storageapi.fleek.co/4d0d0638-1f81-49cb-8acf-14d573ddff47-bucket/impredo1/login.toaccesscommondocument.a7bE34Lt_uri.html(Line 51)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://abc000x.s3.us-west-2.amazonaws.com/xyz000x/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block