check-case-05.firebaseapp.com Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer
Effective URL:
https://check-case-05.firebaseapp.com/
Submission: On October 09 via manual (October 9th 2023, 6:23:09 pm UTC) from US — Scanned from GB

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is check-case-05.firebaseapp.com.
TLS certificate: Issued by GTS CA 1D4 on September 11th 2023. Valid for: 3 months.

This is the only time check-case-05.firebaseapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.71.2.190 161.71.2.190	14340 (SALESFORCE) (SALESFORCE)
4	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
6	104.16.169.131 104.16.169.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.168.131 104.16.168.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	4

1 161.71.2.190 (London, United Kingdom) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: dcl6-ncg0-lhr3.um9-lo2.salesforce.com

astra-a-dev-ed.develop.my.salesforce-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

check-case-05.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.169.131 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.168.131 (None, )

ASN13335 (CLOUDFLARENET, US)

newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	hcaptcha.com js.hcaptcha.com — Cisco Umbrella Rank: 10514 newassets.hcaptcha.com — Cisco Umbrella Rank: 10576 hcaptcha.com — Cisco Umbrella Rank: 7440	499 KB
4	firebaseapp.com check-case-05.firebaseapp.com	120 KB
1	salesforce-sites.com 1 redirects astra-a-dev-ed.develop.my.salesforce-sites.com	944 B
11	3

	Domain	Requested by
5	newassets.hcaptcha.com	js.hcaptcha.com newassets.hcaptcha.com
4	check-case-05.firebaseapp.com	check-case-05.firebaseapp.com
1	hcaptcha.com	newassets.hcaptcha.com
1	js.hcaptcha.com	check-case-05.firebaseapp.com
1	astra-a-dev-ed.develop.my.salesforce-sites.com	1 redirects
11	5

This site contains no links.

Subject Issuer	Validity	Valid
firebaseapp.com GTS CA 1D4	`2023-09-11` - `2023-12-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-15` - `2024-04-14`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://check-case-05.firebaseapp.com/
Frame ID: B296E2A0E8031A8EFAC4D52ED2760658
Requests: 5 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
Frame ID: 490D1790C932C4730470F197DD583343
Requests: 4 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
Frame ID: 9268B103898AFC1FE2A96FEA01985A33
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Support Case Resolve Program | Support | Meta Inc.

Page URL History Show full URLs

https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer HTTP 301
https://check-case-05.firebaseapp.com/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

619 kB
Transfer

2059 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer HTTP 301
https://check-case-05.firebaseapp.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
check-case-05.firebaseapp.com/
Redirect Chain

https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer
https://check-case-05.firebaseapp.com/

950 B
723 B

283ms
199ms

Document
text/html

2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://check-case-05.firebaseapp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

32f8f91a8e8f151e29a7d2674ca7a9f074e181fcf197aaac555369afa3f70c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 357
content-type: text/html; charset=utf-8
date: Mon, 09 Oct 2023 18:23:04 GMT
etag: "71bba8888f68b5695946035fae2ef5c5405311ce230879d006227ada26f9cfcd-br"
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-man4128-MAN
x-timer: S1696875784.856114,VS0,VE175

Redirect headers

Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private
Content-Security-Policy: upgrade-insecure-requests
Date: Mon, 09 Oct 2023 18:23:03 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://check-case-05.firebaseapp.com/
Referrer-Policy: origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H2 200 main.59923531.js Show response
check-case-05.firebaseapp.com/static/js/ 365 KB
97 KB 107ms
105ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://check-case-05.firebaseapp.com/static/js/main.59923531.js

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

864056ca62851b9bc1b9a9f6b86d6f14063d9f53f2b2e277021bb97d8b9066c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: cache-man4128-MAN
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Mon, 09 Oct 2023 18:23:04 GMT
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
x-timer: S1696875784.089340,VS0,VE60
etag: "27ee6b0afe233cd702019150d68d7033bfb955535a534e842e16f6f0c26c7410-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 99217
x-cache-hits: 0

GET
H2 200 main.908cabbc.css
check-case-05.firebaseapp.com/static/css/ 165 KB
18 KB 159ms
158ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://check-case-05.firebaseapp.com/static/css/main.908cabbc.css

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

31184aec8d38ad9fc4647287fccd37bbc014dfac386fe32c7284e9493aeb3e6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: cache-man4128-MAN
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Mon, 09 Oct 2023 18:23:04 GMT
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
x-timer: S1696875784.089360,VS0,VE113
etag: "d12d41450301c24796014e00e4c7e34e2a707f258affb5bf16cf70f677f8bc62-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18428
x-cache-hits: 0

GET
H2 200 api.js Show response
js.hcaptcha.com/1/ 323 KB
92 KB 111ms
39ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hcaptcha.com/1/api.js?render=explicit&onload=hcaptchaOnLoad

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/static/js/main.59923531.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0467c07191a65c7f9366a97b15dcf941b53f94a80956e2b7515b3c4e7b688e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:23:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d6dc94a543d9b153d5a51a4083ced38c.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: MvOsvP.NMayKSJNNYs2cfoI9ooVPQYmr
age: 0
x-amz-cf-pop: MAN51-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 17:03:48 GMT
server: cloudflare
etag: W/"c02bba1d46ed760c3adc26171e813c66"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=120
cf-ray: 8138a7145eb154d0-MAN
x-amz-cf-id: 5aQz69YOZOCYfrUnTB4m79iCIrv_u4YyJOfC4sfcT8QpYE3udhBxrw==

GET
H3 200 news.3a295996e235b214852e.jpg
check-case-05.firebaseapp.com/static/media/ 11 KB
5 KB 62ms
61ms Image
image/jpeg 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://check-case-05.firebaseapp.com/static/media/news.3a295996e235b214852e.jpg

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

91902273fcd34c1dc745a12fa2f41a840e8b37949bfef4de0abb1013951986c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: cache-man4146-MAN
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Mon, 09 Oct 2023 18:23:04 GMT
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
x-timer: S1696875784.304126,VS0,VE36
etag: "342271e268265b1c396951cec21c65f91fc7353728de4783a9a31c7e8b97dab0-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/jpeg
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4287
x-cache-hits: 0

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/5e1864d/static/ Frame 490D 2 KB
885 B 52ms
36ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js?render=explicit&onload=hcaptchaOnLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e47ae96e7f8481f6e53c3bdd7882a622e914628d362c2375fbf0237d445b198

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://check-case-05.firebaseapp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 79
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 8138a715281454d0-MAN
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 18:23:04 GMT
last-modified: Mon, 09 Oct 2023 17:03:48 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 d6dc94a543d9b153d5a51a4083ced38c.cloudfront.net (CloudFront)
x-amz-cf-id: g8_Em2oW4HuwjeEdvhnJHPEKMqQAYkhkjT6-pcf1FRusXmImiZnaNg==
x-amz-cf-pop: MAN51-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: 7Picnx9hCQYB3kftaf6LCYPh2N10ciRe
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/5e1864d/static/ Frame 9268 2 KB
763 B 34ms
34ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js?render=explicit&onload=hcaptchaOnLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e47ae96e7f8481f6e53c3bdd7882a622e914628d362c2375fbf0237d445b198

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://check-case-05.firebaseapp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 79
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 8138a715483c54d0-MAN
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 18:23:04 GMT
last-modified: Mon, 09 Oct 2023 17:03:48 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 d6dc94a543d9b153d5a51a4083ced38c.cloudfront.net (CloudFront)
x-amz-cf-id: g8_Em2oW4HuwjeEdvhnJHPEKMqQAYkhkjT6-pcf1FRusXmImiZnaNg==
x-amz-cf-pop: MAN51-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: 7Picnx9hCQYB3kftaf6LCYPh2N10ciRe
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/5e1864d/ Frame 490D 323 KB
91 KB 35ms
34ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/5e1864d/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0467c07191a65c7f9366a97b15dcf941b53f94a80956e2b7515b3c4e7b688e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:23:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d6dc94a543d9b153d5a51a4083ced38c.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: MvOsvP.NMayKSJNNYs2cfoI9ooVPQYmr
age: 80
x-amz-cf-pop: MAN51-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 17:03:48 GMT
server: cloudflare
etag: W/"c02bba1d46ed760c3adc26171e813c66"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 8138a715c90a54d0-MAN
x-amz-cf-id: 5aQz69YOZOCYfrUnTB4m79iCIrv_u4YyJOfC4sfcT8QpYE3udhBxrw==

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/5e1864d/ Frame 9268 323 KB
91 KB 45ms
45ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/5e1864d/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0467c07191a65c7f9366a97b15dcf941b53f94a80956e2b7515b3c4e7b688e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:23:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d6dc94a543d9b153d5a51a4083ced38c.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: MvOsvP.NMayKSJNNYs2cfoI9ooVPQYmr
age: 80
x-amz-cf-pop: MAN51-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 17:03:48 GMT
server: cloudflare
etag: W/"c02bba1d46ed760c3adc26171e813c66"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 8138a715c91054d0-MAN
x-amz-cf-id: 5aQz69YOZOCYfrUnTB4m79iCIrv_u4YyJOfC4sfcT8QpYE3udhBxrw==

GET
DATA 200
OK truncated
/ Frame 9268 798 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 checksiteconfig Show response
hcaptcha.com/ Frame 490D 759 B
944 B 96ms
78ms XHR
application/json 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/checksiteconfig?v=5e1864d&host=check-case-05.firebaseapp.com&sitekey=d660cb81-152a-428c-9c68-e2322e02aba5&sc=1&swa=1&spst=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/5e1864d/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5669013f3948209a71c46af7a735ec7a2cc8e905daeaa6f62eb95a2a2f409e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Oct 2023 18:23:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 8138a716db1354d0-MAN
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass: 2
alt-svc: h3=":443"; ma=86400

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/7a7fc3d/ Frame 490D 542 KB
222 KB 52ms
51ms Script
application/javascript 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/7a7fc3d/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/5e1864d/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5b61a0f51e14cf9c360329736f08563446ee3946d03db8a1307516d4778838d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:23:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c74474051b84c739f39b09ca3fe33dac.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: GrY6itVPYVnvjrogJQ1yOXAjKYbv.j8P
age: 117906
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Sep 2023 15:04:07 GMT
server: cloudflare
etag: W/"b16c715f27a9a8d8768373c4de6f00ce"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 8138a717588b075e-MAN
x-amz-cf-id: 8gc927LN7FjsFqvyoV8DQyEFUlgEKCNtxpT0HNRjHQm7EvtR1FaJcg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: CookieConsentPolicy Value: 0:1
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: LSKey-c$CookieConsentPolicy Value: 0:1
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: BrowserId Value: 4q7vgWbQEe6CdYU0nLLkPQ
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: BrowserId_sec Value: 4q7vgWbQEe6CdYU0nLLkPQ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

astra-a-dev-ed.develop.my.salesforce-sites.com
check-case-05.firebaseapp.com
hcaptcha.com
js.hcaptcha.com
newassets.hcaptcha.com
104.16.168.131
104.16.169.131
161.71.2.190
2620:0:890::100
0467c07191a65c7f9366a97b15dcf941b53f94a80956e2b7515b3c4e7b688e76
0e47ae96e7f8481f6e53c3bdd7882a622e914628d362c2375fbf0237d445b198
31184aec8d38ad9fc4647287fccd37bbc014dfac386fe32c7284e9493aeb3e6f
32f8f91a8e8f151e29a7d2674ca7a9f074e181fcf197aaac555369afa3f70c89
5669013f3948209a71c46af7a735ec7a2cc8e905daeaa6f62eb95a2a2f409e3b
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
864056ca62851b9bc1b9a9f6b86d6f14063d9f53f2b2e277021bb97d8b9066c7
91902273fcd34c1dc745a12fa2f41a840e8b37949bfef4de0abb1013951986c0
f5b61a0f51e14cf9c360329736f08563446ee3946d03db8a1307516d4778838d

check-case-05.firebaseapp.com Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

25 %IPv6

3 Domains

5 Subdomains

4 IPs

3 Countries

619 kBTransfer

2059 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

check-case-05.firebaseapp.com Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

619 kB
Transfer

2059 kB
Size

4
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!