steep-tooth-0892.on.fleek.co Open in urlscan Pro
2606:4700::6812:791 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://steep-tooth-0892.on.fleek.co/
Effective URL:
https://steep-tooth-0892.on.fleek.co/
Submission: On February 19 via api (February 19th 2023, 4:21:29 am UTC) from US — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700::6812:791, located in United States and belongs to CLOUDFLARENET, US. The main domain is steep-tooth-0892.on.fleek.co.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2022. Valid for: a year.

This is the only time steep-tooth-0892.on.fleek.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6812:691	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700::68... 2606:4700::6812:791	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:820::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3037::ac43:9e39	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
13	5

1 2606:4700::6812:691 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

steep-tooth-0892.on.fleek.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6812:791 (United States)

ASN13335 (CLOUDFLARENET, US)

steep-tooth-0892.on.fleek.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:9e39 (United States)

ASN13335 (CLOUDFLARENET, US)

freeipapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	fleek.co 1 redirects steep-tooth-0892.on.fleek.co	264 KB
1	gstatic.com fonts.gstatic.com	39 KB
1	freeipapi.com freeipapi.com — Cisco Umbrella Rank: 814343	727 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	893 B
13	4

	Domain	Requested by
11	steep-tooth-0892.on.fleek.co	1 redirects steep-tooth-0892.on.fleek.co
1	fonts.gstatic.com	fonts.googleapis.com
1	freeipapi.com	steep-tooth-0892.on.fleek.co
1	fonts.googleapis.com	steep-tooth-0892.on.fleek.co
13	4

This site contains no links.

Subject Issuer	Validity	Valid
fleek.co Cloudflare Inc ECC CA-3	`2022-05-08` - `2023-05-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.freeipapi.com E1	`2022-12-22` - `2023-03-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://steep-tooth-0892.on.fleek.co/
Frame ID: 3BE20CBA3FEE075E5CC1720D04B99278
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Card Login | Discover Card

Page URL History Show full URLs

http://steep-tooth-0892.on.fleek.co/ HTTP 301
https://steep-tooth-0892.on.fleek.co/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

305 kB
Transfer

464 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://steep-tooth-0892.on.fleek.co/ HTTP 301
https://steep-tooth-0892.on.fleek.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
steep-tooth-0892.on.fleek.co/
Redirect Chain

http://steep-tooth-0892.on.fleek.co/
https://steep-tooth-0892.on.fleek.co/

1 KB
1 KB

686ms
600ms

Document
text/html

2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e9810e7852fa1cc39ba91337850b1dc02aec4c521c93906b8ed9050f84fb2d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET,HEAD,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
access-control-max-age: 86400
age: 79986
cache-control: max-age=10, stale-while-revalidate=600
cf-cache-status: HIT
cf-ray: 79bc36f0edb2da9f-MIA
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Sun, 19 Feb 2023 04:21:15 GMT
expires: Sun, 19 Feb 2023 08:21:15 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cache-status: HIT
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu
x-request-id: e7229d0dc46ca89887b939d7a9ef9ef5
x-xss-protection: 0

Redirect headers

CF-RAY: 79bc36ef4d4ad9bd-MIA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sun, 19 Feb 2023 04:21:14 GMT
Expires: Sun, 19 Feb 2023 05:21:14 GMT
Location: https://steep-tooth-0892.on.fleek.co/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
893 B 233ms
83ms Stylesheet
text/css 2607:f8b0:4006:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Signika:wght@300;400;500;700&display=swap

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d024987a9506bc3a22ff1b434707cba29199fcbf5b45ca855014826bc91820b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Feb 2023 04:21:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Feb 2023 04:21:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Feb 2023 04:21:15 GMT

GET
H2 200 index.1d6b8f7e.js Show response
steep-tooth-0892.on.fleek.co/assets/ 275 KB
139 KB 345ms
342ms Script
text/javascript 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steep-tooth-0892.on.fleek.co/assets/index.1d6b8f7e.js

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa5f53dcbd6b32cbbbd52f0e2759946b76a023d380c487f2bbc1fbbef98df600

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steep-tooth-0892.on.fleek.co/
Origin: https://steep-tooth-0892.on.fleek.co
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 75785
x-cache-status: HIT
x-xss-protection: 0
x-request-id: 860a56705d4c11284a6530274cc26399
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmYfcPzi68urDpccnntoJwTmRHUS84Ubpsfbgurscnkqog
etag: W/"QmYfcPzi68urDpccnntoJwTmRHUS84Ubpsfbgurscnkqog"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/index.1d6b8f7e.js
access-control-max-age: 86400
cf-ray: 79bc36f58d34da9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 index.f663e4cc.css
steep-tooth-0892.on.fleek.co/assets/ 23 KB
5 KB 336ms
334ms Stylesheet
text/css 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://steep-tooth-0892.on.fleek.co/assets/index.f663e4cc.css

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e871393663e7c2f99b9f4a883fafac1a1cf7d23c4c06fe718b022cbd31c012d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 75785
x-cache-status: HIT
x-xss-protection: 0
x-request-id: 3110d7e008a4c0a9451c01bdb7e53eb5
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmNVHHtCvws7Q1fcu1qJc5fdU5mLLBYLeRknHK7P2CZU3V
etag: W/"QmNVHHtCvws7Q1fcu1qJc5fdU5mLLBYLeRknHK7P2CZU3V"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/index.f663e4cc.css
access-control-max-age: 86400
cf-ray: 79bc36f58d2fda9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 json Show response
freeipapi.com/api/ 233 B
727 B 291ms
184ms Fetch
application/json 2606:4700:3037::ac43:9e39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://freeipapi.com/api/json

Requested by

Host: steep-tooth-0892.on.fleek.co
URL: https://steep-tooth-0892.on.fleek.co/assets/index.1d6b8f7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:9e39 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a26e94379475c93c90a5546506fa60019185becf562d198beed2f72a3817fdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-ratelimit-remaining: 60
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3Js4d3FfFbauM5YYmFGXw2HwxnamPp9axXaabxdd1zgZ96G31mN3F01XYEVEnAZ9qAEw70hsJ4IBsg68gaN5TwRz1W2XqnhbfK1%2BqXZNWoqYYJFwmaPyFfKYeiDk5Ca2PnF6cvLmMSgWedd"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
x-ratelimit-limit: 60
cf-ray: 79bc36f90e2d09d2-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 twitter.b9049e83.svg
steep-tooth-0892.on.fleek.co/assets/ 1 KB
1 KB 362ms
354ms Image
image/svg+xml 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/twitter.b9049e83.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9049e8383f6a4a119d04a5c9baad547a832911564ee46e6e1a34f01346cb74d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
x-xss-protection: 0
x-request-id: 015b0ddbf67b74c7e103eb114083aeed
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmTrPQuDY7roc1RnLddTG9RL2A5ZUWcVu9ThAmQ96iWQnQ
etag: W/"QmTrPQuDY7roc1RnLddTG9RL2A5ZUWcVu9ThAmQ96iWQnQ"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/twitter.b9049e83.svg
access-control-max-age: 86400
cf-ray: 79bc36f9abaeda9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 facebook.9091caf2.svg
steep-tooth-0892.on.fleek.co/assets/ 710 B
744 B 351ms
341ms Image
image/svg+xml 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/facebook.9091caf2.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9091caf2ebc41ea232983bc546c2762ce3271b2947970c3c601cb072c492e414

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
x-xss-protection: 0
x-request-id: cb9504e95745708d855775a631462603
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmTfyQ4M55ukcwAt1ZccQN3yF4GQLFaPApMSsZeq4Ly7iY
etag: W/"QmTfyQ4M55ukcwAt1ZccQN3yF4GQLFaPApMSsZeq4Ly7iY"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/facebook.9091caf2.svg
access-control-max-age: 86400
cf-ray: 79bc36f9abb2da9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 instagram.251a46dd.svg
steep-tooth-0892.on.fleek.co/assets/ 2 KB
2 KB 330ms
320ms Image
image/svg+xml 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/instagram.251a46dd.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

251a46dd26dd4775830c98920fcb1d6d38f0f0a4f1369281720ad99f7521e146

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
x-xss-protection: 0
x-request-id: a15695079fb9e0b688e80c18e212ea86
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmThwfyde6Gab6RLUsjK18YHrEZr7zjNHmuvbSyQvH9xx5
etag: W/"QmThwfyde6Gab6RLUsjK18YHrEZr7zjNHmuvbSyQvH9xx5"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/instagram.251a46dd.svg
access-control-max-age: 86400
cf-ray: 79bc36f9bbb4da9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 linkedin.6d2f5133.svg
steep-tooth-0892.on.fleek.co/assets/ 1 KB
1 KB 321ms
313ms Image
image/svg+xml 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/linkedin.6d2f5133.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d2f51339b71990cbf713f9da388d3515c9987f7d2bb2b02fab7ac8160d170f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
x-xss-protection: 0
x-request-id: 7d6a72e8231ca6a9069dce1620f4a1d5
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmV59WRABhqztp24PDZ6vvhEZ2qEnM5iDxFzrVTknKGH2W
etag: W/"QmV59WRABhqztp24PDZ6vvhEZ2qEnM5iDxFzrVTknKGH2W"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/linkedin.6d2f5133.svg
access-control-max-age: 86400
cf-ray: 79bc36f9bbb6da9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 app-icon.e603a824.png
steep-tooth-0892.on.fleek.co/assets/ 24 KB
24 KB 339ms
334ms Image
image/png 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/app-icon.e603a824.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e603a8249e2d58affccc3e06e93161663d6c6e1deb5a0a89659fbcab82f95fb0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
content-length: 24381
x-xss-protection: 0
x-request-id: 41e8105f6b63c160a1bf55f885dd3467
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmSesBNkosriZkSiBeuTRCgu2WQ5MgUeDeWFGw5bEZRk3g
etag: "QmSesBNkosriZkSiBeuTRCgu2WQ5MgUeDeWFGw5bEZRk3g"
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/app-icon.e603a824.png
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 79bc36f9bbb8da9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 certification.d49919b4.png
steep-tooth-0892.on.fleek.co/assets/ 22 KB
23 KB 336ms
330ms Image
image/png 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/certification.d49919b4.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d49919b48a53a771b0bfcbca9ac3338a7dbd46b758082c5cc02f1ca9d08b6959

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
content-length: 22698
x-xss-protection: 0
x-request-id: 651a17b8e87a64d310ff7bb571e6e869
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmZQrPh3uPpe8YdjprfZiePm9Pe6gAxZbYHHgapgvPQgRZ
etag: "QmZQrPh3uPpe8YdjprfZiePm9Pe6gAxZbYHHgapgvPQgRZ"
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/certification.d49919b4.png
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 79bc36f9bbbada9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 intro.a24e2227.jpg
steep-tooth-0892.on.fleek.co/assets/ 67 KB
67 KB 309ms
304ms Image
image/jpeg 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steep-tooth-0892.on.fleek.co/assets/intro.a24e2227.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24e222776c2ed30341277982bb4a37cb9df02476e0f4b881f5f052a9e492d53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steep-tooth-0892.on.fleek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 19 Feb 2023 04:21:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 75784
x-cache-status: HIT
content-length: 68190
x-xss-protection: 0
x-request-id: 19ca0ccf93cc40b092f58c131cbcd2b6
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu,QmchMGzjTEaLaWJ7QypwhaaUwqxCsKYZHP91EWArBEGbXw,QmZa1GZJLJ5oLyyduMWMnAS3NE4TyJkHqDBTSZGXHWtJaH
etag: "QmZa1GZJLJ5oLyyduMWMnAS3NE4TyJkHqDBTSZGXHWtJaH"
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeihafkebc2x6maw7mjtfgmc6nytt6onqcbippexv4plhubcwdvxvpu/assets/intro.a24e2227.jpg
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 79bc36f9bbbdda9f-MIA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Sun, 19 Feb 2023 08:21:16 GMT

GET
H2 200 vEFR2_JTCgwQ5ejvG1EmBg.woff2
fonts.gstatic.com/s/signika/v20/ 39 KB
39 KB 214ms
62ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/signika/v20/vEFR2_JTCgwQ5ejvG1EmBg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Signika:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e36ecb4b8f63375fe634496441f39c6165c5504f3d4dbe8ae47caae8d7730e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steep-tooth-0892.on.fleek.co
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:19:54 GMT
x-content-type-options: nosniff
age: 291682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39776
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 18:45:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 19:19:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| IMask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
freeipapi.com
steep-tooth-0892.on.fleek.co
2606:4700:3037::ac43:9e39
2606:4700::6812:691
2606:4700::6812:791
2607:f8b0:4006:81f::2003
2607:f8b0:4006:820::200a
251a46dd26dd4775830c98920fcb1d6d38f0f0a4f1369281720ad99f7521e146
2a26e94379475c93c90a5546506fa60019185becf562d198beed2f72a3817fdb
55e9810e7852fa1cc39ba91337850b1dc02aec4c521c93906b8ed9050f84fb2d
6d2f51339b71990cbf713f9da388d3515c9987f7d2bb2b02fab7ac8160d170f1
7d024987a9506bc3a22ff1b434707cba29199fcbf5b45ca855014826bc91820b
9091caf2ebc41ea232983bc546c2762ce3271b2947970c3c601cb072c492e414
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
a24e222776c2ed30341277982bb4a37cb9df02476e0f4b881f5f052a9e492d53
b9049e8383f6a4a119d04a5c9baad547a832911564ee46e6e1a34f01346cb74d
d49919b48a53a771b0bfcbca9ac3338a7dbd46b758082c5cc02f1ca9d08b6959
e36ecb4b8f63375fe634496441f39c6165c5504f3d4dbe8ae47caae8d7730e38
e603a8249e2d58affccc3e06e93161663d6c6e1deb5a0a89659fbcab82f95fb0
e871393663e7c2f99b9f4a883fafac1a1cf7d23c4c06fe718b022cbd31c012d7
fa5f53dcbd6b32cbbbd52f0e2759946b76a023d380c487f2bbc1fbbef98df600

steep-tooth-0892.on.fleek.co Open in urlscan Pro 2606:4700::6812:791 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

305 kBTransfer

464 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

steep-tooth-0892.on.fleek.co Open in urlscan Pro
2606:4700::6812:791 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

305 kB
Transfer

464 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!