Report - cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw

Report Overview

Submitted URL
cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
IP
104.17.96.13
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 16:28:56
Access
public
Website Title
Wetransfer Files
Final URL
cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Tags
wetransfer phishing financial
urlquery detections
Phishing - WeTransfer

Detections

urlquery
11
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cloudflare-ipfs.com	75147	2018-05-30	2021-01-20	2024-03-15	527 B	10 kB	104.17.96.13
storageapi.fleek.co	533726	2020-03-06	2020-05-08	2024-04-17	5.5 kB	344 kB	104.18.7.145
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-23	413 B	32 kB	151.101.130.137
i.gifer.com	37112	2003-04-27	2018-03-26	2024-04-21	471 B	46 kB	51.68.36.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw	WeTransfer

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-06
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-06 00:47:53 Times Seen266127 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw	0 B	2023-03-07	2024-05-06
Pretty URL cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw IP 104.17.96.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 01:30:25 Times Seen37371822 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw	0 B	2023-03-07	2024-05-06
Pretty URL cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw IP 104.17.96.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 01:30:25 Times Seen37371822 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (14)

URL IP Response Size

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/pp.jpg

104.18.7.145

200 OK

95 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/pp.jpg
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1055x1080, components 3
Size
95 kB (94816 bytes)
Hash
8a44f248a5afb51375b45644e54649f8
d9815b894513f8fb93524e3399a7ac1577406957
b53544d900cc956f0389cf888fd0c6d7b86a824e80a1ed93e112eb82086e006a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/pp.jpg HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:30 GMT
content-type: image/jpeg
content-length: 94816
cf-bgj: h2pri
content-security-policy: block-all-mixed-content
etag: "bafybeichuxe67bcmzt4tbqah23m6tr3g3qnfmvjfopo3uugzsge74nnsny"
last-modified: Sun, 11 Sep 2022 12:00:52 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DADFC7D02
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:30 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777858c2c56ae-OSL
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/logo.png

104.18.7.145

200 OK

8.0 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/logo.png
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 289 x 57, 8-bit/color RGBA, non-interlaced
Size
8.0 kB (8007 bytes)
Hash
7d95537aeab6448757c1652cf3d0cff6
9e27eb7955c7281d077bca53e8c9bfc1b1e7f48f
72d11555972a6f3b75c19057d0fb0013ea2bb592b6a011e79ed87afcbd2bbfe6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/logo.png HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: image/png
content-length: 8007
content-security-policy: block-all-mixed-content
etag: "bafybeidq2ghtupimcwgmsjjhswo6sls7tazeoh7tkdfn2se6lemvcu2ive"
last-modified: Sun, 11 Sep 2022 10:23:26 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DB4051468
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777859c3756ae-OSL
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/welogo.png

104.18.7.145

200 OK

7.8 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/welogo.png
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 400 x 206, 8-bit/color RGBA, non-interlaced
Size
7.8 kB (7753 bytes)
Hash
b02585205c408293ce0bc5d75c0a5bfe
16a7db11198e96935ab6ece34bbcb0b45dd2e36f
9fde8de58e658a62c12f0bda8f732e6af9c6667ca19b9dca5c34f269fbf05758

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/welogo.png HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: image/png
content-length: 7753
content-security-policy: block-all-mixed-content
etag: "bafybeid3gy7inzncltgg45h3m6traikbbn6moh7sy37pdza7abyff5ofie"
last-modified: Sun, 11 Sep 2022 10:23:25 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DAFC8D21B
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777859c3b56ae-OSL
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/rfq.jpg

104.18.7.145

200 OK

19 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/rfq.jpg
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 40x40, segment length 16, baseline, precision 8, 316x341, components 3
Size
19 kB (18979 bytes)
Hash
a0064db76db9fe2dbe69243ca549e73e
15c5b897adc70a4531e5a53985d80f8bd39fd046
f9603ccd69cc60be665a640e101659e107d652589841ba9a5f6108a2a617fad3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/rfq.jpg HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:30 GMT
content-type: image/jpeg
content-length: 18979
cf-bgj: h2pri
content-security-policy: block-all-mixed-content
etag: "bafybeig6e55cdosh3qwhfhzh7hp5l4egsxw3u5euf5w5gzcaieuaemx4oe"
last-modified: Sun, 11 Sep 2022 12:00:49 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DB23D088E
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:30 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777858c2b56ae-OSL
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/specs.jpg

104.18.7.145

200 OK

32 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/specs.jpg
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 712x664, components 3
Size
32 kB (31537 bytes)
Hash
39ff6e822830a0a0f5a442e67bdae14d
a50146f71907a4c037cc3cf929fec3a31c3d4118
833b9e154cddc84a56ddf502b81d12fbe34600ef1c18f234aafc37d6c009be53

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/images/specs.jpg HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: image/jpeg
content-length: 31537
cf-bgj: h2pri
content-security-policy: block-all-mixed-content
etag: "bafybeidb4a52gy7rdhhesqhbzuxa5cpxhvubjwyjiiywqxmujn5oiovz44"
last-modified: Sun, 11 Sep 2022 12:00:51 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DB5BF54C4
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777858c2e56ae-OSL
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Apr 2024 16:28:31 GMT
age: 6433730
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 126537
x-timer: S1713976111.041395,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

i.gifer.com/origin/b4/b4d657e7ef262b88eb5f7ac021edda87.gif

51.68.36.8

200 OK

45 kB

URL GET HTTP/2
i.gifer.com/origin/b4/b4d657e7ef262b88eb5f7ac021edda87.gif
IP
51.68.36.8:443
ASN
#16276 OVH SAS

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerLet's Encrypt
Subjectgifer.com
FingerprintCC:29:4D:A0:4E:A2:86:85:76:B9:42:18:3E:81:61:2B:1D:BC:F8:05
ValidityMon, 26 Feb 2024 20:03:56 GMT - Sun, 26 May 2024 20:03:55 GMT

File type
GIF image data, version 89a, 256 x 256
Size
45 kB (45404 bytes)
Hash
3f2590067056b4f0630d5b360e694fce
8686bc4a12cc862516974c39080f89de85c21fa6
ba67f5cbb26d1c913527475815f0c8d4c4519b092a7544f015cc021360240275

HTTP Headers

GET /origin/b4/b4d657e7ef262b88eb5f7ac021edda87.gif HTTP/1.1
Host: i.gifer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: image/gif
content-length: 45404
last-modified: Wed, 22 Sep 2021 23:09:25 GMT
etag: "614bb7a5-b15c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/webfonts/fa-solid-900.woff2

104.18.7.145

200 OK

80 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/webfonts/fa-solid-900.woff2
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80328, version 331.589
Size
80 kB (80328 bytes)
Hash
412a43d6840addd683665ec12c30f810
f3be6605dbff23cf22ec3abddd1141a81a99e3aa
0bf1b8d8ac1b4ef0caea0db8cbe1b6a35f8a84a2f5fffa2421936cc11a1a91fc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://storageapi.fleek.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:32 GMT
content-type: application/octet-stream
content-length: 80328
access-control-allow-credentials: true
access-control-allow-origin: https://cloudflare-ipfs.com
access-control-expose-headers: Date, Etag, Server, Connection, Accept-Ranges, Content-Range, Content-Encoding, Content-Length, Content-Type, Content-Disposition, Last-Modified, Content-Language, Cache-Control, Retry-After, X-Amz-Bucket-Region, Expires, X-Amz*, X-Amz*, *
content-security-policy: block-all-mixed-content
etag: "bafybeifkavlgakrruhaay336uafatrfwenbeqlsf44p5xsjrki6coryyei"
last-modified: Sun, 11 Sep 2022 11:38:44 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3E07755D4C
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
expires: Wed, 24 Apr 2024 20:28:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777887f2656ae-OSL
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/webfonts/fa-regular-400.woff2

104.18.7.145

200 OK

14 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/webfonts/fa-regular-400.woff2
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13596, version 331.589
Size
14 kB (13596 bytes)
Hash
5c674c9216c06ede2f618aa58ae71116
f31f61126938f879dab593a1323d080a86e0e745
de5fb40e0689f154902213527781c2fb83cddcbf8f622a1384f1e2a7e7693b21

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://storageapi.fleek.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:32 GMT
content-type: application/octet-stream
content-length: 13596
access-control-allow-credentials: true
access-control-allow-origin: https://cloudflare-ipfs.com
access-control-expose-headers: Date, Etag, Server, Connection, Accept-Ranges, Content-Range, Content-Encoding, Content-Length, Content-Type, Content-Disposition, Last-Modified, Content-Language, Cache-Control, Retry-After, X-Amz-Bucket-Region, Expires, X-Amz*, X-Amz*, *
content-security-policy: block-all-mixed-content
etag: "bafybeiankxpjga4gdhanh74nozfoiyumjc66puvznvljmpos5gf3mnm4lq"
last-modified: Sun, 11 Sep 2022 11:38:43 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3E073B145B
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
expires: Wed, 24 Apr 2024 20:28:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 879777886f2156ae-OSL
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/checkbox.css

104.18.7.145

200 OK

3.8 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/checkbox.css
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
3.8 kB (3764 bytes)
Hash
f4d3fca9c642004197a4c8f7dcef3258
e1013c12349b7faa16478a7c8591e86a4c86b611
6273ea82072ae04b529b677fa2c6a9e764dde3abb38a61d1cea57cb618c2b9c8

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/checkbox.css HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"bafybeibgvokgwybajizqfuuzu6gipiom5pzaffhcexlefhw3bkehtidaq4"
last-modified: Sun, 11 Sep 2022 10:16:53 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DAC4418AB
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:31 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 879777859c4656ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw

104.17.96.13

200 OK

9.2 kB

URL User Request GET HTTP/2
cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
IP
104.17.96.13:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
FingerprintAF:BC:14:E3:55:D9:D8:F0:3C:8E:26:A0:4E:4A:C8:E6:13:58:A0:59
ValidityWed, 24 Apr 2024 02:22:22 GMT - Tue, 23 Jul 2024 02:22:21 GMT

File type
JavaScript source, ASCII text, with very long lines (10012), with no line terminators
Size
9.2 kB (9200 bytes)
Hash
b50428d093931a91d79a527602e51e03
307529e282cf161a607ffb6e6797dd7ef78adab6
92fe76e89091745fd0f184b219319ec2f4d0e27a638a5ecdac581cf552a916cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer
OpenPhish	phishing	WeTransfer
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:30 GMT
content-type: text/html
cf-ray: 879777827aee1c16-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
x-ipfs-roots: QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
set-cookie: __cf_bm=SnZaDVwQBiRsa1pJLZ0_uM4.Ainyhfn.LUbqQq1_.aU-1713976110-1.0.1.1-7aacB6.dzAc9dhoPvjyeeXcXnyd5NsltDzLMMQasv0VnnjryuGbJp240lpm3YSN0usFF_bZhmofBm1.TtLh4MQ; path=/; expires=Wed, 24-Apr-24 16:58:30 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/css.css

104.18.7.145

200 OK

5.1 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/css.css
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5409), with no line terminators
Size
5.1 kB (5101 bytes)
Hash
85d22599a284c62282428e9896f71c47
e727af90022997ca2bdf28059c4861657913b98a
4566c1d48372004e312619664ab29bbb018eba2e44164ecbf9fb01f0a78e316c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/css.css HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:30 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"bafybeih6kspinnq23twtcjtiib6chb3n5cu2f7d4bkwlajaggla4nupnzq"
last-modified: Sun, 11 Sep 2022 10:16:53 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DAFED0232
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:30 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 879777858c2856ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/all.css

104.18.7.145

200 OK

73 kB

URL GET HTTP/2
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/all.css
IP
104.18.7.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
73 kB (73117 bytes)
Hash
9280ef20d2d40a0287109a55d273daf1
1db1b39522a959f1ca23192070544c930aaa79b9
530cb4c29b444dc89dd73a4e0812f803be98d3448a48edca8aafdbc55a0b97eb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - WeTransfer

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/css/all.css HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"bafybeifn25ou76enaoedkhqvxjgm7tpftkec5jjgdlvaxekmk26qx353qa"
last-modified: Sun, 11 Sep 2022 10:16:54 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8EB3DB04B9C2B
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:31 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 879777859c4056ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/favicon.ico

0.0.0.0

0 B

URL GET
storageapi.fleek.co/f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://cloudflare-ipfs.com/ipfs/QmYP4gbpjoEpaMBXAmsVHsUSLjGoeSHpnfg33yJhSb61dw
Certificate
IssuerCloudflare, Inc.
Subjectfleek.co
FingerprintBD:C3:14:20:96:F3:3B:08:04:17:AB:CB:46:08:C4:4F:D4:40:61:1F
ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f1c6f5d4-e2a2-4106-910e-774322bb8cec-bucket/wetransfer/favicon.ico HTTP/1.1
Host: storageapi.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 16:28:31 GMT
content-type: image/x-icon
content-security-policy: block-all-mixed-content
etag: W/"bafybeie7jaurql6hv76qizb5qnxnmn74t3f6i6f4ibqzbhofh7fl7eevja"
last-modified: Sun, 11 Sep 2022 10:23:25 GMT
vary: Origin, Accept-Encoding
x-amz-request-id: 17C8F278F3B5A6CE
x-xss-protection: 1; mode=block
cf-cache-status: HIT
expires: Wed, 24 Apr 2024 20:28:31 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 87977789e8c256ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP