storageapi.fleek.co
Open in
urlscan Pro
2606:4700::6812:791
Malicious Activity!
Public Scan
Effective URL: https://storageapi.fleek.co/5ae0321a-bfc3-462c-9347-2e5816fd6b54-bucket/plt.html
Submission Tags: falconsandbox
Submission: On September 26 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:791 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:20:... 2606:4700:20::681a:9c0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
1 | 2606:4700:303... 2606:4700:3036::ac43:dacd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 8 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 209 |
13 KB |
1 |
screenshotmachine.com
api.screenshotmachine.com |
626 KB |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 45254 |
269 B |
1 |
geoiplookup.io
json.geoiplookup.io — Cisco Umbrella Rank: 49011 |
1006 B |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2290 |
15 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 293 |
31 KB |
1 |
fleek.co
storageapi.fleek.co — Cisco Umbrella Rank: 211450 |
164 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
9 | 8 |
Domain | Requested by | |
---|---|---|
2 | cdnjs.cloudflare.com |
storageapi.fleek.co
|
1 | api.screenshotmachine.com |
storageapi.fleek.co
|
1 | api.telegram.org |
storageapi.fleek.co
|
1 | json.geoiplookup.io |
ajax.googleapis.com
|
1 | stackpath.bootstrapcdn.com |
storageapi.fleek.co
|
1 | ajax.googleapis.com |
storageapi.fleek.co
|
1 | storageapi.fleek.co | |
0 | www.aquatic.biosecurity Failed |
storageapi.fleek.co
|
9 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fleek.co Cloudflare Inc ECC CA-3 |
2022-03-31 - 2023-03-30 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-05 - 2022-11-28 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2022-03-24 - 2023-04-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://storageapi.fleek.co/5ae0321a-bfc3-462c-9347-2e5816fd6b54-bucket/plt.html
Frame ID: FBE1D4A842CE39472738CAB7F259D4E6
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Connecting to Email ProviderDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
plt.html
storageapi.fleek.co/5ae0321a-bfc3-462c-9347-2e5816fd6b54-bucket/ |
901 KB 164 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detect.min.js
cdnjs.cloudflare.com/ajax/libs/Detect.js/2.2.2/ |
26 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
555 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
json.geoiplookup.io/ |
630 B 1006 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getupdates
api.telegram.org/bot5677573243:AAFS8J2-V7PNmyIabqpR1RTVPLtmGYeVYYI/ |
23 B 269 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
https://www.aquatic.biosecurity%40dpi.nsw.gov.a/favicon.ico
https://www.aquatic.biosecurity%40dpi.nsw.gov.a/favicon.ico |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.screenshotmachine.com/ |
624 KB 626 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.aquatic.biosecurity
- URL
- https://www.aquatic.biosecurity%40dpi.nsw.gov.a/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| Popper object| bootstrap function| forEach function| detect string| dri function| _0x3419a3 function| _0x254285 function| _0x7acc7f function| _0x496569 function| _0x3d48 function| _0x53eee8 function| _0x5f20da function| _0x454a93 function| _0x1c7dfa object| d function| _0x474b function| _0x431f63 string| today string| date object| result function| _0x39d3ab string| browser string| tnk function| _0x3f00f7 number| curHour number| curMinute number| curSeconds string| curMeridiem string| details0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | block-all-mixed-content |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.screenshotmachine.com
api.telegram.org
cdnjs.cloudflare.com
json.geoiplookup.io
stackpath.bootstrapcdn.com
storageapi.fleek.co
www.aquatic.biosecurity
www.aquatic.biosecurity
2001:67c:4e8:f004::9
2606:4700:20::681a:9c0
2606:4700:3036::ac43:dacd
2606:4700::6811:190e
2606:4700::6812:791
2606:4700::6812:acf
2a00:1450:4001:828::200a
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
22a67790ce6b6632c0c1780e5c9edadfd7b5e306705213dfa36979d9508fe645
2321bd0dcab3570cb4b36871411be2b13d70ccbaca5db547ed054b87ee563684
29d704be9dc7b69e26e6c6ece0c7937d84da38bb085dd4ccf3e341ac00cde96d
4c7024496e7835658feee93b433fce5229210bbbba8c59c6f0dc29b779af8985
50342d05c86b5f00f66fe3ab5a63e55197a3c0a5aff838d2c9ad0e5a0e5ff4b6
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5820ce3812f13eb3875a0e614b7b540a4c92c4e3a6c4a59786f92f78e0cc7b3e
5fb77d5bde5d819d230d0c15a02a346d43c65df9ca1b56975def2670ff0a1271
6a6beae164a3397dd506f59af5261bb7662b9344a3225c0f4d7f857f54f4db13
93f553f07040ccaa21c9fa7c4ec02e97aff4999acee2bd4bdf9860100a1ea08a
aba082654ed9a884ee14954d8a4085aff721d03989fcc16934f4d03cf6a55229
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d