urlscan.io logo urlscan.io
SecurityTrails logo

storageapi.fleek.one Open in urlscan Pro
2606:4700:3036::ac43:8f60  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Submission: On January 16 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3036::ac43:8f60, located in United States and belongs to CLOUDFLARENET, US. The main domain is storageapi.fleek.one. The Cisco Umbrella rank of the primary domain is 585362.
TLS certificate: Issued by GTS CA 1P5 on January 12th 2023. Valid for: 3 months.
This is the only time storageapi.fleek.one was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 38.34.185.163 18978 (ENZUINC-)
1 173.208.209.195 32097 (WII)
1 142.250.184.228 15169 (GOOGLE)
9 6
2    2606:4700:3036::ac43:8f60 (United States)

ASN13335 (CLOUDFLARENET, US)
storageapi.fleek.one
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
3    38.34.185.163 (Tokyo, Japan)

ASN18978 (ENZUINC-, US)
PTR: 163.185-34-38.rdns.scalabledns.com
code.jquery.com.de
1    173.208.209.195 (United States)

ASN32097 (WII, US)
www.pngitem.com
1    142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
3 com.de
code.jquery.com.de
395 KB
2 fleek.one
storageapi.fleek.one — Cisco Umbrella Rank: 585362
22 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 pngitem.com
www.pngitem.com — Cisco Umbrella Rank: 54665
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2342
25 KB
0 clearbit.com Failed
logo.clearbit.com Failed
9 6
Domain Requested by
3 code.jquery.com.de storageapi.fleek.one
code.jquery.com.de
2 storageapi.fleek.one storageapi.fleek.one
1 www.google.com storageapi.fleek.one
1 www.pngitem.com storageapi.fleek.one
1 stackpath.bootstrapcdn.com storageapi.fleek.one
0 logo.clearbit.com Failed code.jquery.com.de
9 6

This site contains no links.

Subject Issuer Validity Valid
*.fleek.one
GTS CA 1P5		 2023-01-12 -
2023-04-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
code.jquery.com.de
cPanel, Inc. Certification Authority		 2022-10-20 -
2023-01-18		 3 months crt.sh
pngitem.com
R3		 2023-01-10 -
2023-04-10		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Frame ID: 527868452D77FA46C89835BBC7740156
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Mail

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

89 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

441 kB
Transfer

648 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 072922.html
storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/ 		87 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:8f60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8a6ca929bfbd6c9fb6c3ae7a33bf14541096493d8e0ed7bbce9ef0d2d55dec8
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cdn-cache
BYPASS
cdn-cachedat
01/16/2023 04:07:01
cdn-edgestorageid
1053
cdn-proxyver
1.03
cdn-pullzone
970096
cdn-requestcountrycode
DE
cdn-requestid
bc94921a43b78864762d1e1967d037b5
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-status
200
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cf-cache-status
DYNAMIC
cf-ray
78a3fb57ecd6bbad-FRA
content-encoding
br
content-security-policy
block-all-mixed-content
content-type
text/html
date
Mon, 16 Jan 2023 04:07:01 GMT
last-modified
Thu, 12 Jan 2023 06:39:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMnjPEY4cxYd%2FY35ZWpG%2FYG5Lb7OVxWSPCQpg7lz0xzI%2FUwg%2BF63oXpROWd6anAeAAd8czrIUCX4QUS3VPNn2a%2B6JPP6YX%2BDPouOsyt0PT%2F0AycK7PAp%2BkeEzAzpEf7eKjmGt7YZLV%2Fw6tgF2A9ms2n9oQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-amz-request-id
173AAE7342681A8F
x-xss-protection
1; mode=block
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Requested by
Host: storageapi.fleek.one
URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 04:07:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
894
age
1043282
cdn-cachedat
06/21/2022 18:36:46
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"816af0eddd3b4822c2756227c7e7b7ee"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
26dc42b107cdf3a7e53269f95f5a14ed
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
78a3fb5e3a952c3a-FRA
cdn-requestpullsuccess
True
jquery-3.5.1.min.js
code.jquery.com.de/ 		394 KB
394 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/jquery-3.5.1.min.js
Requested by
Host: storageapi.fleek.one
URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash
a90c94ab06dfc865686a8e9919e4602ac90408fc1da90811c2eb7328915183f0

Request headers

Referer
https://storageapi.fleek.one/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Mon, 16 Jan 2023 04:07:02 GMT
Last-Modified
Sun, 10 Jul 2022 16:27:33 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
403295
26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
www.pngitem.com/pimgs/m/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.pngitem.com/pimgs/m/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
Requested by
Host: storageapi.fleek.one
URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.208.209.195 , United States, ASN32097 (WII, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
99b5561cd177e23d6a81072c2e739d11e0e2f2c591a4a1483c6f15292cdec1ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/jpeg
bg-image.jpg
storageapi.fleek.one/img/ 		314 B
314 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storageapi.fleek.one/img/bg-image.jpg
Requested by
Host: storageapi.fleek.one
URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:8f60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
849726c1ed6d1af28d01f61747db37a64c97feabfd14d5087c5666d2c123476b
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 04:07:04 GMT
content-security-policy
block-all-mixed-content
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1078
x-amz-request-id
173AAE73F9663768
cdn-cachedat
01/16/2023 04:07:04
cdn-pullzone
970096
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
cdn-proxyver
1.03
cdn-requestpullcode
404
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEfsznHaoObEzmUgnNBKUgX09wskalH6dc8Smm%2B84Wmqt%2Fb7KvPDVZ5kh0W5roV%2BZ6yA1PnCeB6Or6Vp0UXGDC7iaJCcNMS6%2F8T8VR0YK2H4bcTbypiOeNZw2XXIEOsLLmTjC54f1gjHZkEnnFAXI%2BCEqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/xml
cdn-cache
BYPASS
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cache-control
public, max-age=14400
cdn-requestid
06ea430630c204c06914671e1a77cbf3
cf-ray
78a3fb6a0f24bbad-FRA
cdn-requestcountrycode
DE
cdn-status
404
cdn-requestpullsuccess
True
ip.php
code.jquery.com.de/ 		33 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/ip.php
Requested by
Host: code.jquery.com.de
URL: https://code.jquery.com.de/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash
f23811de6b82ce9d2687491835d01bc48bec92136974141a200ce731ab0319bd

Request headers

Accept
*/*
Referer
https://storageapi.fleek.one/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 04:07:04 GMT
Server
Apache
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Access-Control-Allow-Headers
Authorization, Content-Type
Content-Length
33
Keep-Alive
timeout=5, max=100
/
logo.clearbit.com/ 		0
0
favicons
www.google.com/s2/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/s2/favicons?domain=https://
Requested by
Host: storageapi.fleek.one
URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers
index.php
code.jquery.com.de/post/ 		0
284 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/post/index.php?title=Mail&link=https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html&time=2023-1-16%204:7:7&ip=217.114.218.23%20:%20Germany
Requested by
Host: code.jquery.com.de
URL: https://code.jquery.com.de/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*/*
Referer
https://storageapi.fleek.one/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Mon, 16 Jan 2023 04:07:07 GMT
Server
Apache
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Access-Control-Allow-Headers
Authorization, Content-Type
Content-Length
0
Keep-Alive
timeout=5, max=99

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
logo.clearbit.com
URL
https://logo.clearbit.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange function| _0xa76d function| _0x438a function| _0x41e8d5 string| mail string| file function| _0x171d function| _0x391389 function| _0x3fa8 function| $ function| jQuery string| ndata string| pp string| catchh string| postt function| _0x4f3105 function| _0x585c function| _0x59f7 object| data string| my_ai string| imgsrc string| my_slice object| domn string| ipinfo

0 Cookies

7 Console Messages

Source Level URL
Text
javascript warning URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com.de/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html(Line 5)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com.de/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://www.pngitem.com/pimgs/m/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: https://storageapi.fleek.one/9b419356-b552-4003-ba66-38bb5c640247-bucket/072922.html
Message:
Access to XMLHttpRequest at 'https://logo.clearbit.com/' from origin 'https://storageapi.fleek.one' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://logo.clearbit.com/
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://storageapi.fleek.one/img/bg-image.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.google.com/s2/favicons?domain=https://
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block