steep-tooth-0892.on.fleek.co Open in urlscan Pro
2606:4700::6812:691 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://steep-tooth-0892.on.fleek.co/
Submission: On February 20 via api (February 20th 2023, 3:03:54 am UTC) from JP — Scanned from JP

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700::6812:691, located in United States and belongs to CLOUDFLARENET, US. The main domain is steep-tooth-0892.on.fleek.co.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2022. Valid for: a year.

This is the only time steep-tooth-0892.on.fleek.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700::68... 2606:4700::6812:691	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4004:811::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::6815:5284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4004:810::2003	15169 (GOOGLE) (GOOGLE)
13	5

10 2606:4700::6812:691 (United States)

ASN13335 (CLOUDFLARENET, US)

steep-tooth-0892.on.fleek.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:811::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:5284 (United States)

ASN13335 (CLOUDFLARENET, US)

freeipapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:810::2003 (Australia)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	fleek.co steep-tooth-0892.on.fleek.co	264 KB
1	gstatic.com fonts.gstatic.com	39 KB
1	freeipapi.com freeipapi.com — Cisco Umbrella Rank: 814343	717 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	893 B
13	4

	Domain	Requested by
10	steep-tooth-0892.on.fleek.co	steep-tooth-0892.on.fleek.co
1	fonts.gstatic.com	fonts.googleapis.com
1	freeipapi.com	steep-tooth-0892.on.fleek.co
1	fonts.googleapis.com	steep-tooth-0892.on.fleek.co
13	4

This site contains no links.

Subject Issuer	Validity	Valid
fleek.co Cloudflare Inc ECC CA-3	`2022-05-08` - `2023-05-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-20` - `2024-02-20`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://steep-tooth-0892.on.fleek.co/
Frame ID: E8B35189F91EF84D4C4B8FBEE1064C23
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Card Login | Discover Card

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

305 kB
Transfer

464 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
steep-tooth-0892.on.fleek.co/ 1 KB
1 KB 489ms
475ms Document
text/html 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e9810e7852fa1cc39ba91337850b1dc02aec4c521c93906b8ed9050f84fb2d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET,HEAD,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
access-control-max-age: 86400
age: 131788
cache-control: max-age=10, stale-while-revalidate=600
cf-cache-status: HIT
cf-ray: 79c402e08aa7f8f3-NRT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Mon, 20 Feb 2023 03:03:49 GMT
expires: Mon, 20 Feb 2023 07:03:49 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cache-status: HIT
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu
x-request-id: 5794d84dafa3ad447df7735867675410
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
893 B 83ms
42ms Stylesheet
text/css 2404:6800:4004:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Signika:wght@300;400;500;700&display=swap

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:811::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d024987a9506bc3a22ff1b434707cba29199fcbf5b45ca855014826bc91820b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 20 Feb 2023 03:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 03:03:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Feb 2023 03:03:49 GMT

GET
H2 200 index.1d6b8f7e.js Show response
steep-tooth-0892.on.fleek.co/assets/ 275 KB
140 KB 326ms
325ms Script
text/javascript 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steep-tooth-0892.on.fleek.co/assets/index.1d6b8f7e.js

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa5f53dcbd6b32cbbbd52f0e2759946b76a023d380c487f2bbc1fbbef98df600

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steep-tooth-0892.on.fleek.co/
Origin: https://steep-tooth-0892.on.fleek.co
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 98702
x-cache-status: MISS
x-xss-protection: 0
x-request-id: 7fe24c52c07f2060140656dbd5063471
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmYfcPzi68urDpccnntoJwTmRHUS84Ubpsfbgurscnkqog
etag: W/"QmYfcPzi68urDpccnntoJwTmRHUS84Ubpsfbgurscnkqog"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/index.1d6b8f7e.js
access-control-max-age: 86400
cf-ray: 79c402e38bbdf8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 index.f663e4cc.css
steep-tooth-0892.on.fleek.co/assets/ 23 KB
5 KB 328ms
328ms Stylesheet
text/css 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steep-tooth-0892.on.fleek.co/assets/index.f663e4cc.css

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e871393663e7c2f99b9f4a883fafac1a1cf7d23c4c06fe718b022cbd31c012d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 98703
x-cache-status: MISS
x-xss-protection: 0
x-request-id: d5a86fc4ae84e44aaea1ab58ae7f183d
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmNVHHtCvws7Q1fcu1qJc5fdU5mLLBYLeRknHK7P2CZU3V
etag: W/"QmNVHHtCvws7Q1fcu1qJc5fdU5mLLBYLeRknHK7P2CZU3V"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/index.f663e4cc.css
access-control-max-age: 86400
cf-ray: 79c402e38bbbf8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 json Show response
freeipapi.com/api/ 214 B
717 B 513ms
498ms Fetch
application/json 2606:4700:3030::6815:5284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://freeipapi.com/api/json

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/assets/index.1d6b8f7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:5284 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a186bb48822c0c587afc655c5fb83471a0d9feae2d0cc98750e6b770d301a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-ratelimit-remaining: 60
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVMppxBALwXrpRamQkl4gpjOjAtF4SIqS9Ufxp6yFUwJ3pRB9Xej58rnqrCB7CWkW6Y%2FAhlr7LsHaQ1ZTobPBK8%2ByBMOr9sMiL15vJmhD58m1lr9tlCQhKZ4sGPjgf7Rm6xgUbjSPBc9P1AN"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
x-ratelimit-limit: 60
cf-ray: 79c402e5c90314d4-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 twitter.b9049e83.svg
steep-tooth-0892.on.fleek.co/assets/ 1 KB
2 KB 143ms
142ms Image
image/svg+xml 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/twitter.b9049e83.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9049e8383f6a4a119d04a5c9baad547a832911564ee46e6e1a34f01346cb74d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 98701
x-cache-status: MISS
x-xss-protection: 0
x-request-id: e65238f03dcff1e47702fa041cc43cee
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmTrPQuDY7roc1RnLddTG9RL2A5ZUWcVu9ThAmQ96iWQnQ
etag: W/"QmTrPQuDY7roc1RnLddTG9RL2A5ZUWcVu9ThAmQ96iWQnQ"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/twitter.b9049e83.svg
access-control-max-age: 86400
cf-ray: 79c402e6fd50f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 facebook.9091caf2.svg
steep-tooth-0892.on.fleek.co/assets/ 710 B
733 B 327ms
326ms Image
image/svg+xml 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/facebook.9091caf2.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9091caf2ebc41ea232983bc546c2762ce3271b2947970c3c601cb072c492e414

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 98701
x-cache-status: MISS
x-xss-protection: 0
x-request-id: a16e3e48123c5cfbea6691a94260d091
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmTfyQ4M55ukcwAt1ZccQN3yF4GQLFaPApMSsZeq4Ly7iY
etag: W/"QmTfyQ4M55ukcwAt1ZccQN3yF4GQLFaPApMSsZeq4Ly7iY"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/facebook.9091caf2.svg
access-control-max-age: 86400
cf-ray: 79c402e6fd51f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 instagram.251a46dd.svg
steep-tooth-0892.on.fleek.co/assets/ 2 KB
1 KB 136ms
135ms Image
image/svg+xml 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/instagram.251a46dd.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

251a46dd26dd4775830c98920fcb1d6d38f0f0a4f1369281720ad99f7521e146

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 98701
x-cache-status: MISS
x-xss-protection: 0
x-request-id: fc0136e32f36f3e4f501ce3aa52353c2
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmThwfyde6Gab6RLUsjK18YHrEZr7zjNHmuvbSyQvH9xx5
etag: W/"QmThwfyde6Gab6RLUsjK18YHrEZr7zjNHmuvbSyQvH9xx5"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/instagram.251a46dd.svg
access-control-max-age: 86400
cf-ray: 79c402e6fd52f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 linkedin.6d2f5133.svg
steep-tooth-0892.on.fleek.co/assets/ 1 KB
1 KB 137ms
136ms Image
image/svg+xml 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/linkedin.6d2f5133.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d2f51339b71990cbf713f9da388d3515c9987f7d2bb2b02fab7ac8160d170f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 98701
x-cache-status: MISS
x-xss-protection: 0
x-request-id: 408105e54672245227993f0c7981f40e
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmV59WRABhqztp24PDZ6vvhEZ2qEnM5iDxFzrVTknKGH2W
etag: W/"QmV59WRABhqztp24PDZ6vvhEZ2qEnM5iDxFzrVTknKGH2W"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/linkedin.6d2f5133.svg
access-control-max-age: 86400
cf-ray: 79c402e6fd53f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 app-icon.e603a824.png
steep-tooth-0892.on.fleek.co/assets/ 24 KB
24 KB 334ms
333ms Image
image/png 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/app-icon.e603a824.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e603a8249e2d58affccc3e06e93161663d6c6e1deb5a0a89659fbcab82f95fb0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 98701
x-cache-status: MISS
content-length: 24381
x-xss-protection: 0
x-request-id: e302ebf8ec00ab5d50ae5d0d6a36f224
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmSesBNkosriZkSiBeuTRCgu2WQ5MgUeDeWFGw5bEZRk3g
etag: "QmSesBNkosriZkSiBeuTRCgu2WQ5MgUeDeWFGw5bEZRk3g"
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/app-icon.e603a824.png
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 79c402e6fd54f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 certification.d49919b4.png
steep-tooth-0892.on.fleek.co/assets/ 22 KB
23 KB 323ms
323ms Image
image/png 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/certification.d49919b4.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d49919b48a53a771b0bfcbca9ac3338a7dbd46b758082c5cc02f1ca9d08b6959

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 98701
x-cache-status: MISS
content-length: 22698
x-xss-protection: 0
x-request-id: e80d4373591d8b4831b226a1b711a2fd
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmZQrPh3uPpe8YdjprfZiePm9Pe6gAxZbYHHgapgvPQgRZ
etag: "QmZQrPh3uPpe8YdjprfZiePm9Pe6gAxZbYHHgapgvPQgRZ"
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/certification.d49919b4.png
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 79c402e6fd55f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:49 GMT

GET
H2 200 intro.a24e2227.jpg
steep-tooth-0892.on.fleek.co/assets/ 67 KB
67 KB 411ms
411ms Image
image/jpeg 2606:4700::6812:691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/intro.a24e2227.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24e222776c2ed30341277982bb4a37cb9df02476e0f4b881f5f052a9e492d53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 03:03:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 98702
x-cache-status: MISS
content-length: 68190
x-xss-protection: 0
x-request-id: 12e05850802268d0314309cbb5c0979f
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmZa1GZJLJ5oLyyduMWMnAS3NE4TyJkHqDBTSZGXHWtJaH
etag: "QmZa1GZJLJ5oLyyduMWMnAS3NE4TyJkHqDBTSZGXHWtJaH"
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/intro.a24e2227.jpg
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 79c402e6fd56f8f3-NRT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Mon, 20 Feb 2023 07:03:50 GMT

GET
H2 200 vEFR2_JTCgwQ5ejvG1EmBg.woff2
fonts.gstatic.com/s/signika/v20/ 39 KB
39 KB 56ms
2ms Font
font/woff2 2404:6800:4004:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/signika/v20/vEFR2_JTCgwQ5ejvG1EmBg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Signika:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:810::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e36ecb4b8f63375fe634496441f39c6165c5504f3d4dbe8ae47caae8d7730e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steep-tooth-0892.on.fleek.co
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 07:21:41 GMT
x-content-type-options: nosniff
age: 330128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39776
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 18:45:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 07:21:41 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| IMask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
freeipapi.com
steep-tooth-0892.on.fleek.co
2404:6800:4004:810::2003
2404:6800:4004:811::200a
2606:4700:3030::6815:5284
2606:4700::6812:691
251a46dd26dd4775830c98920fcb1d6d38f0f0a4f1369281720ad99f7521e146
55e9810e7852fa1cc39ba91337850b1dc02aec4c521c93906b8ed9050f84fb2d
6d2f51339b71990cbf713f9da388d3515c9987f7d2bb2b02fab7ac8160d170f1
7d024987a9506bc3a22ff1b434707cba29199fcbf5b45ca855014826bc91820b
9091caf2ebc41ea232983bc546c2762ce3271b2947970c3c601cb072c492e414
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
9a186bb48822c0c587afc655c5fb83471a0d9feae2d0cc98750e6b770d301a7b
a24e222776c2ed30341277982bb4a37cb9df02476e0f4b881f5f052a9e492d53
b9049e8383f6a4a119d04a5c9baad547a832911564ee46e6e1a34f01346cb74d
d49919b48a53a771b0bfcbca9ac3338a7dbd46b758082c5cc02f1ca9d08b6959
e36ecb4b8f63375fe634496441f39c6165c5504f3d4dbe8ae47caae8d7730e38
e603a8249e2d58affccc3e06e93161663d6c6e1deb5a0a89659fbcab82f95fb0
e871393663e7c2f99b9f4a883fafac1a1cf7d23c4c06fe718b022cbd31c012d7
fa5f53dcbd6b32cbbbd52f0e2759946b76a023d380c487f2bbc1fbbef98df600

steep-tooth-0892.on.fleek.co Open in urlscan Pro 2606:4700::6812:691 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

305 kBTransfer

464 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

steep-tooth-0892.on.fleek.co Open in urlscan Pro
2606:4700::6812:691 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

305 kB
Transfer

464 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!