![](/screenshots/8c72a447-01c7-49fd-ba33-bb518cfcfe17.png)
storageapi.fleek.co
Open in
urlscan Pro
2606:4700::6812:691
Malicious Activity!
Public Scan
Submission: On June 22 via automatic, source links-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:691 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 52.72.169.177 52.72.169.177 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
7 | 4 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-169-177.compute-1.amazonaws.com
salesdemo.loyaltyloop.com |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
loyaltyloop.com
salesdemo.loyaltyloop.com |
574 KB |
1 |
googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 5828 |
296 KB |
1 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1324 |
2 KB |
1 |
fleek.co
storageapi.fleek.co — Cisco Umbrella Rank: 112727 |
1 KB |
7 | 4 |
Domain | Requested by | |
---|---|---|
4 | salesdemo.loyaltyloop.com |
storageapi.fleek.co
|
1 | firebasestorage.googleapis.com |
storageapi.fleek.co
|
1 | aadcdn.msftauth.net |
storageapi.fleek.co
|
1 | storageapi.fleek.co | |
7 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fleek.co Cloudflare Inc ECC CA-3 |
2022-03-31 - 2023-03-30 |
a year | crt.sh |
*.loyaltyloop.com Amazon |
2022-05-02 - 2023-05-31 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2022-04-01 - 2023-04-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://storageapi.fleek.co/34be6f9f-7d75-4db4-92f3-01919f74cb25-bucket/Jeremy%20Stell%20Folder/link.html
Frame ID: E15D0B530A4F02D07767BABD6CC8930D
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/8c72a447-01c7-49fd-ba33-bb518cfcfe17.png)
Page Title
Sign In - Secure Document DistributionDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
link.html
storageapi.fleek.co/34be6f9f-7d75-4db4-92f3-01919f74cb25-bucket/Jeremy%20Stell%20Folder/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
salesdemo.loyaltyloop.com/static/ |
482 KB 483 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
salesdemo.loyaltyloop.com/static/ |
82 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-validator.min.js
salesdemo.loyaltyloop.com/static/ |
7 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
input_labels.js
salesdemo.loyaltyloop.com/static/ |
312 B 483 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imageedit_4_2691645918.png
firebasestorage.googleapis.com/v0/b/m-docshare7.appspot.com/o/ |
295 KB 296 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | block-all-mixed-content |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
firebasestorage.googleapis.com
salesdemo.loyaltyloop.com
storageapi.fleek.co
152.199.23.37
2606:4700::6812:691
2a00:1450:4001:82a::200a
52.72.169.177
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
23161498e3a4ef8154adcc7914430e1d59932436fb640c270bf8afa3f3901b18
549e2bb206b1090aff8d53592cf8521160940b9e515d3e46d85373903aa8330b
b7ffc05135a09d650e61cb6ab4588c325147a1b58743e57e71d4c38fa77c7041
e238846b7e1cadbbe00e7bb553c79170821246af1f584d44b68dad7852009092
f5a5ee8413d3011d4f38e8216665feb89a1f8589032b87fdb1342569ac45df95