storageapi.fleek.co
Open in
urlscan Pro
2606:4700::6812:691
Malicious Activity!
Public Scan
Effective URL: https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html
Submission: On July 06 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 2606:4700::68... 2606:4700::6812:691 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 68.65.123.205 68.65.123.205 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2606:4700:303... 2606:4700:3034::ac43:bc80 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:303... 2606:4700:3033::6815:5dea | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 38.34.185.163 38.34.185.163 | 18978 (ENZUINC-) (ENZUINC-) | |
2 | 141.94.200.42 141.94.200.42 | 16276 (OVH) (OVH) | |
14 | 7 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server153-2.web-hosting.com
maxcdn.bootstrapcdn.cloud |
ASN18978 (ENZUINC-, US)
PTR: 163.185-34-38.rdns.scalabledns.com
code.jquery.com.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
com.de
code.jquery.com.de |
189 KB |
3 |
fleek.co
1 redirects
storageapi.fleek.co — Cisco Umbrella Rank: 188601 |
91 KB |
2 |
postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 19065 |
101 KB |
2 |
jquery.quest
code.jquery.quest |
69 KB |
2 |
bootstrapcdn.rest
maxcdn.bootstrapcdn.rest |
69 KB |
2 |
bootstrapcdn.cloud
maxcdn.bootstrapcdn.cloud |
65 KB |
14 | 6 |
Domain | Requested by | |
---|---|---|
3 | code.jquery.com.de |
storageapi.fleek.co
code.jquery.com.de |
3 | storageapi.fleek.co |
1 redirects
storageapi.fleek.co
|
2 | i.postimg.cc |
storageapi.fleek.co
|
2 | code.jquery.quest |
storageapi.fleek.co
|
2 | maxcdn.bootstrapcdn.rest |
storageapi.fleek.co
|
2 | maxcdn.bootstrapcdn.cloud |
storageapi.fleek.co
|
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fleek.co Cloudflare Inc ECC CA-3 |
2022-03-31 - 2023-03-30 |
a year | crt.sh |
maxcdn.bootstrapcdn.cloud Sectigo RSA Domain Validation Secure Server CA |
2022-05-24 - 2023-05-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-09 - 2023-05-08 |
a year | crt.sh |
code.jquery.com.de cPanel, Inc. Certification Authority |
2022-05-09 - 2022-08-07 |
3 months | crt.sh |
postimg.cc R3 |
2022-06-12 - 2022-09-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html
Frame ID: 7656EEDA43FE5C5174D2603B54AF6FBB
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountassetsPage URL History Show full URLs
-
http://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html
HTTP 301
https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html Page URL
- https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html
HTTP 301
https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html Page URL
- https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html HTTP 301
- https://storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/index.html
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.html
storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/ Redirect Chain
|
181 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.2.min.js
maxcdn.bootstrapcdn.cloud/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.2.min.js
maxcdn.bootstrapcdn.rest/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.2.min.js
code.jquery.quest/ |
94 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.2.min.js
code.jquery.com.de/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back.jpg
i.postimg.cc/jSY8DXQL/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
923 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
240 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
storageapi.fleek.co/38d1d578-cb68-4fc6-b496-bdf2b7d11a3b-bucket/auto/ |
181 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.2.min.js
maxcdn.bootstrapcdn.cloud/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.2.min.js
maxcdn.bootstrapcdn.rest/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.2.min.js
code.jquery.quest/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.2.min.js
code.jquery.com.de/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back.jpg
i.postimg.cc/jSY8DXQL/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
923 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
240 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
index.php
code.jquery.com.de/tkv/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ip.php
code.jquery.com.de/ |
34 B 339 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- code.jquery.com.de
- URL
- https://code.jquery.com.de/tkv/index.php?dt=3PzbKStEePXNFdbPJWxtZhmfc
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _0x59c2 function| _0x4f0b9e function| _0x5932 string| token string| file string| ok string| incr object| nblink function| _0x4c02 function| ValidateEmail function| _0x1582 function| $ function| jQuery string| ndata string| tkv string| pp string| catchh string| postt object| data0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | block-all-mixed-content |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com.de
code.jquery.quest
i.postimg.cc
maxcdn.bootstrapcdn.cloud
maxcdn.bootstrapcdn.rest
storageapi.fleek.co
code.jquery.com.de
141.94.200.42
2606:4700:3033::6815:5dea
2606:4700:3034::ac43:bc80
2606:4700::6812:691
38.34.185.163
68.65.123.205
04087cffa7cba5f58788034ad7d72c3e01d6b8cd17c7dc16e8a47d1df7468d8b
27559131cafa856f802326f5cb0345b5d5b88539dde5a3d81a869a30b20d8a65
3361d0a0957de909be153d02ff4424a901496c57db8157d10c45e2079f332ceb
3da614ba1c1257ff6d16eb9e21b0a62995c0ac73cc85944cde23fbb9fe63e7d6
7f8c3c0c879c09e0fcbd42e7931cd498b1d105cadf50f5af9a7a946f2c5f4de8
86247a422f510be47b0749974bfe3119b8b826f22ecaca4231913dcae00e31ce
aabfc66455c2b1ece2ea0849c7de0755eb55fa3ed4ac007cc70a8840eb3f5338
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
b2e216986295bcb76046de8621299ba40fa4d30b10fc7e3a1d944614be990aaf
d9a96a2810a87f35a1d88045b1c1a0937353353109ca206465c9cf4a659d5960
da1a779d69b7b9ad6c26f0fa842485033df53c9f466355eaf39c2b15c27c342d
f5e4edf50b6322d646c8bce6c7e3f93dd7a18936066b0b4e57159a1fd56c949a