check-case-05.firebaseapp.com
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Effective URL: https://check-case-05.firebaseapp.com/
Submission: On October 09 via manual from US — Scanned from GB
Summary
TLS certificate: Issued by GTS CA 1D4 on September 11th 2023. Valid for: 3 months.
This is the only time check-case-05.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 161.71.2.190 161.71.2.190 | 14340 (SALESFORCE) (SALESFORCE) | |
4 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
6 | 104.16.169.131 104.16.169.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.16.168.131 104.16.168.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 4 |
ASN14340 (SALESFORCE, US)
PTR: dcl6-ncg0-lhr3.um9-lo2.salesforce.com
astra-a-dev-ed.develop.my.salesforce-sites.com |
ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com | |
newassets.hcaptcha.com | |
hcaptcha.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 10514 newassets.hcaptcha.com — Cisco Umbrella Rank: 10576 hcaptcha.com — Cisco Umbrella Rank: 7440 |
499 KB |
4 |
firebaseapp.com
check-case-05.firebaseapp.com |
120 KB |
1 |
salesforce-sites.com
1 redirects
astra-a-dev-ed.develop.my.salesforce-sites.com |
944 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
5 | newassets.hcaptcha.com |
js.hcaptcha.com
newassets.hcaptcha.com |
4 | check-case-05.firebaseapp.com |
check-case-05.firebaseapp.com
|
1 | hcaptcha.com |
newassets.hcaptcha.com
|
1 | js.hcaptcha.com |
check-case-05.firebaseapp.com
|
1 | astra-a-dev-ed.develop.my.salesforce-sites.com | 1 redirects |
11 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2023-09-11 - 2023-12-10 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-15 - 2024-04-14 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://check-case-05.firebaseapp.com/
Frame ID: B296E2A0E8031A8EFAC4D52ED2760658
Requests: 5 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
Frame ID: 490D1790C932C4730470F197DD583343
Requests: 4 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/5e1864d/static/hcaptcha.html
Frame ID: 9268B103898AFC1FE2A96FEA01985A33
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Support Case Resolve Program | Support | Meta Inc.Page URL History Show full URLs
-
https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer
HTTP 301
https://check-case-05.firebaseapp.com/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer
HTTP 301
https://check-case-05.firebaseapp.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
check-case-05.firebaseapp.com/ Redirect Chain
|
950 B 723 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.59923531.js
check-case-05.firebaseapp.com/static/js/ |
365 KB 97 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.908cabbc.css
check-case-05.firebaseapp.com/static/css/ |
165 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
js.hcaptcha.com/1/ |
323 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
news.3a295996e235b214852e.jpg
check-case-05.firebaseapp.com/static/media/ |
11 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/5e1864d/static/ Frame 490D |
2 KB 885 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/5e1864d/static/ Frame 9268 |
2 KB 763 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/5e1864d/ Frame 490D |
323 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/5e1864d/ Frame 9268 |
323 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9268 |
798 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checksiteconfig
hcaptcha.com/ Frame 490D |
759 B 944 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hsw.js
newassets.hcaptcha.com/c/7a7fc3d/ Frame 490D |
542 KB 222 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| webpackChunkmy_app number| 2f1acc6c3a606b082e5eef5e54414ffb function| hcaptchaOnLoad object| Raven object| hcaptcha object| grecaptcha4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
astra-a-dev-ed.develop.my.salesforce-sites.com/ | Name: CookieConsentPolicy Value: 0:1 |
|
astra-a-dev-ed.develop.my.salesforce-sites.com/ | Name: LSKey-c$CookieConsentPolicy Value: 0:1 |
|
astra-a-dev-ed.develop.my.salesforce-sites.com/ | Name: BrowserId Value: 4q7vgWbQEe6CdYU0nLLkPQ |
|
astra-a-dev-ed.develop.my.salesforce-sites.com/ | Name: BrowserId_sec Value: 4q7vgWbQEe6CdYU0nLLkPQ |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
astra-a-dev-ed.develop.my.salesforce-sites.com
check-case-05.firebaseapp.com
hcaptcha.com
js.hcaptcha.com
newassets.hcaptcha.com
104.16.168.131
104.16.169.131
161.71.2.190
2620:0:890::100
0467c07191a65c7f9366a97b15dcf941b53f94a80956e2b7515b3c4e7b688e76
0e47ae96e7f8481f6e53c3bdd7882a622e914628d362c2375fbf0237d445b198
31184aec8d38ad9fc4647287fccd37bbc014dfac386fe32c7284e9493aeb3e6f
32f8f91a8e8f151e29a7d2674ca7a9f074e181fcf197aaac555369afa3f70c89
5669013f3948209a71c46af7a735ec7a2cc8e905daeaa6f62eb95a2a2f409e3b
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
864056ca62851b9bc1b9a9f6b86d6f14063d9f53f2b2e277021bb97d8b9066c7
91902273fcd34c1dc745a12fa2f41a840e8b37949bfef4de0abb1013951986c0
f5b61a0f51e14cf9c360329736f08563446ee3946d03db8a1307516d4778838d