storageapi.fleek.co
Open in
urlscan Pro
2606:4700::6812:691
Malicious Activity!
Public Scan
Effective URL: https://storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/acs.html
Submission: On September 16 via manual from HK — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700::68... 2606:4700::6812:691 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:20:... 2606:4700:20::681a:8c0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
1 | 2606:4700:303... 2606:4700:3036::ac43:dacd | () () | |
9 | 8 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 209 |
13 KB |
2 |
fleek.co
1 redirects
storageapi.fleek.co — Cisco Umbrella Rank: 211450 |
164 KB |
1 |
screenshotmachine.com
api.screenshotmachine.com |
7 KB |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 45254 |
269 B |
1 |
geoiplookup.io
json.geoiplookup.io — Cisco Umbrella Rank: 49011 |
1007 B |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2290 |
15 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 293 |
31 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
9 | 8 |
Domain | Requested by | |
---|---|---|
2 | cdnjs.cloudflare.com |
storageapi.fleek.co
|
2 | storageapi.fleek.co | 1 redirects |
1 | api.screenshotmachine.com | |
1 | api.telegram.org |
storageapi.fleek.co
|
1 | json.geoiplookup.io |
ajax.googleapis.com
|
1 | stackpath.bootstrapcdn.com |
storageapi.fleek.co
|
1 | ajax.googleapis.com |
storageapi.fleek.co
|
0 | www. Failed | |
9 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fleek.co Cloudflare Inc ECC CA-3 |
2022-03-31 - 2023-03-30 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-08-29 - 2022-11-21 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2022-03-24 - 2023-04-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/acs.html
Frame ID: 3FE5D3B559922C1472ACD84F9DB71B80
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Connecting to Email ProviderPage URL History Show full URLs
-
http://storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/acs.html
HTTP 301
https://storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/acs.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/acs.html
HTTP 301
https://storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/acs.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
acs.html
storageapi.fleek.co/c0c77e31-17da-4399-b3c2-753b55a88e01-bucket/ Redirect Chain
|
897 KB 164 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detect.min.js
cdnjs.cloudflare.com/ajax/libs/Detect.js/2.2.2/ |
26 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
555 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
json.geoiplookup.io/ |
629 B 1007 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getupdates
api.telegram.org/bot5677573243:AAFS8J2-V7PNmyIabqpR1RTVPLtmGYeVYYI/ |
23 B 269 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
www./ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.screenshotmachine.com/ |
6 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.
- URL
- https://www./favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| Popper object| bootstrap function| forEach function| detect string| dri function| _0xb4a949 function| _0xd5a13b function| _0x43a902 function| _0x5e9f40 function| _0x3c525f function| _0xfee98e function| _0x336814 function| _0x43a72a function| _0x2f5ee7 object| d string| today string| date object| result function| _0x3387 function| _0x391d string| browser string| tnk function| _0x2ba3cc function| _0x2dea10 string| curHour number| curMinute number| curSeconds string| curMeridiem string| details0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | block-all-mixed-content |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.screenshotmachine.com
api.telegram.org
cdnjs.cloudflare.com
json.geoiplookup.io
stackpath.bootstrapcdn.com
storageapi.fleek.co
www.
www.
2001:67c:4e8:f004::9
2606:4700:20::681a:8c0
2606:4700:3036::ac43:dacd
2606:4700::6811:190e
2606:4700::6812:691
2606:4700::6812:bcf
2a00:1450:4001:828::200a
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
22a67790ce6b6632c0c1780e5c9edadfd7b5e306705213dfa36979d9508fe645
2303a29a9eb73ed747e21b6ab3317987010613f9cc357ee174eafcfb93e4ce35
2321bd0dcab3570cb4b36871411be2b13d70ccbaca5db547ed054b87ee563684
3295413bcfbb4ef915cd8efce8031056ddcb8c4d7cdc8434f7e7950b6b48dd21
50342d05c86b5f00f66fe3ab5a63e55197a3c0a5aff838d2c9ad0e5a0e5ff4b6
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5820ce3812f13eb3875a0e614b7b540a4c92c4e3a6c4a59786f92f78e0cc7b3e
5eca3998a46e6ac97e1e55c0abf4268c81ad3d9c9934f9d01a77c6e176952c7b
6a6beae164a3397dd506f59af5261bb7662b9344a3225c0f4d7f857f54f4db13
93f553f07040ccaa21c9fa7c4ec02e97aff4999acee2bd4bdf9860100a1ea08a
aba082654ed9a884ee14954d8a4085aff721d03989fcc16934f4d03cf6a55229
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d