storageapi.fleek.co
Open in
urlscan Pro
2606:4700::6812:791
Malicious Activity!
Public Scan
Effective URL: https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/mains80uj808_0i90u=-=k0-=j90.html?err=XPWW1WKKBXX...
Submission Tags: falconsandbox
Submission: On May 09 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2022. Valid for: a year.
This is the only time storageapi.fleek.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 195.252.110.229 195.252.110.229 | 6700 (BEOTEL-AS...) (BEOTEL-AS www.beotel.net) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
5 | 2606:4700::68... 2606:4700::6810:5714 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6812:791 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
29 | 8 |
ASN6700 (BEOTEL-AS www.beotel.net, RS)
PTR: cpanel26.beotel.net
q-sci.rs |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 341 |
242 KB |
7 |
q-sci.rs
q-sci.rs |
39 KB |
5 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 574 |
118 KB |
2 |
fleek.co
storageapi.fleek.co — Cisco Umbrella Rank: 552387 |
64 KB |
1 |
gstatic.com
fonts.gstatic.com |
21 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 111 |
1021 B |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 936 |
30 KB |
0 |
clearbit.com
Failed
logo.clearbit.com Failed |
|
29 | 8 |
Domain | Requested by | |
---|---|---|
8 | cdnjs.cloudflare.com |
storageapi.fleek.co
cdnjs.cloudflare.com |
7 | q-sci.rs |
q-sci.rs
|
5 | cdn.jsdelivr.net |
q-sci.rs
storageapi.fleek.co |
2 | storageapi.fleek.co |
q-sci.rs
storageapi.fleek.co |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
q-sci.rs
|
1 | code.jquery.com |
q-sci.rs
|
0 | logo.clearbit.com Failed |
storageapi.fleek.co
|
29 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
q-sci.rs cPanel, Inc. Certification Authority |
2022-02-28 - 2022-05-29 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-03 - 2022-07-02 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-04-18 - 2022-07-11 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-04-18 - 2022-07-11 |
3 months | crt.sh |
fleek.co Cloudflare Inc ECC CA-3 |
2022-03-31 - 2023-03-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/mains80uj808_0i90u=-=k0-=j90.html?err=XPWW1WKKBXXVEDYY3SL&dispatch=897&id=6096C6BA2116827abA078A4b93B8bc
Frame ID: 4797F4EE9EC81E8D59BAB10928C853F1
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
AEKYUNG - MailPage URL History Show full URLs
- https://q-sci.rs/zk/kjh6c/wps/79797986/webtyhj67.html?y-id039=Nschae%40aekyung.kr Page URL
- https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/mains80uj808_0i90u=-=k0-=j90.... Page URL
- https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/mains80uj808_0i90u=-=k0-=j90.... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Axios (JavaScript libraries) Expand
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://q-sci.rs/zk/kjh6c/wps/79797986/webtyhj67.html?y-id039=Nschae%40aekyung.kr Page URL
- https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/mains80uj808_0i90u=-=k0-=j90.html Page URL
- https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/mains80uj808_0i90u=-=k0-=j90.html?err=XPWW1WKKBXXVEDYY3SL&dispatch=897&id=6096C6BA2116827abA078A4b93B8bc Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
webtyhj67.html
q-sci.rs/zk/kjh6c/wps/79797986/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background_styles.css
q-sci.rs/zk/kjh6c/wps/79797986/files/nnh/cache/ |
501 B 811 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
q-sci.rs/zk/kjh6c/wps/79797986/files/nnh/cache/ |
505 B 815 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
q-sci.rs/zk/kjh6c/wps/79797986/files/nnh/cache/ |
285 B 609 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x.js
q-sci.rs/zk/kjh6c/wps/79797986/files/ |
754 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1021 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b001.png
q-sci.rs/zk/kjh6c/wps/79797986/files/nnh/cache/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Technology-Bold.ttf
q-sci.rs/zk/kjh6c/wps/79797986/files/nnh/cache/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v27/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mains80uj808_0i90u=-=k0-=j90.html
storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/ |
138 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wallpaper.png
storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/ |
76 KB 77 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
mains80uj808_0i90u=-=k0-=j90.html
storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/ |
138 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
aekyung.kr
logo.clearbit.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wallpaper.png
storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/ |
76 KB 77 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
aekyung.kr
logo.clearbit.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- storageapi.fleek.co
- URL
- https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/wallpaper.png
- Domain
- logo.clearbit.com
- URL
- https://logo.clearbit.com/aekyung.kr
- Domain
- storageapi.fleek.co
- URL
- https://storageapi.fleek.co/726c6443-ee78-4973-9d19-8935f113fdcd-bucket/kr/wallpaper.png
- Domain
- logo.clearbit.com
- URL
- https://logo.clearbit.com/aekyung.kr
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| axios function| $ function| jQuery object| bootstrap function| sendMail function| validateEmail function| urlExists function| setNameAndFavicon function| randomString string| rString string| MAIL_URL string| AUTH_LOADING_MESSAGE string| FINAL_REDIRECT_URL number| retryAttemptCount0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
logo.clearbit.com
q-sci.rs
storageapi.fleek.co
logo.clearbit.com
storageapi.fleek.co
195.252.110.229
2001:4de0:ac18::1:a:1b
2606:4700::6810:5714
2606:4700::6811:180e
2606:4700::6812:791
2a00:1450:4001:80e::200a
2a00:1450:4001:82b::2003
01c602a591db4395c1fdfcd7200d2b301e054b3f7a8efb5e28fb2d96976298d6
041d04f233a5327aa7e85e178d0311cc15c1fe15c1adde175f0b47ef2c99c765
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
2699316cb83af2502422d101e81564b0492785cab2fdfbdc256f90e1c4ad5606
2e67fa5f4ddbbd7d0bf68c9ea93c5316079707e2798764e393d8a11ec7a56578
3f603877ab77e077ebe9f777163f5e50fae35e9390c40900c0982075f02e7510
62c30d1ef7c92635d27e5a2ac0dca9b3f3962b7617b2fc0e57642f68ab7ab42b
8b70efc57dd27f773ed2d4ea3bac776caf346124c36fd73cba96176de33d7ec3
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
b8e5e47e4cbb72684567d947219364970ea5a54f868915ffe1b641452b694405
c01842e5d85ca2ec11854621275f309f5063d53e1afebe45afd51757bcfde80c
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8364a8976086cbd233ce2efa50c818331d49f1577729a562be2a57c8bfdfec3
fdc93938bf3f2826e7cfaf14e147d1bd9662e7f1abbfbf2001866fe3ee06e327
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e