check-case-05.firebaseapp.com Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer
Effective URL:
https://check-case-05.firebaseapp.com/
Submission: On October 09 via manual (October 9th 2023, 6:14:51 pm UTC) from US — Scanned from GB

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is check-case-05.firebaseapp.com.
TLS certificate: Issued by GTS CA 1D4 on September 11th 2023. Valid for: 3 months.

This is the only time check-case-05.firebaseapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.71.1.62 161.71.1.62	14340 (SALESFORCE) (SALESFORCE)
4	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
7	104.16.168.131 104.16.168.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	3

1 161.71.1.62 (London, United Kingdom) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: dcl3-ncg0-lhr3.um9-lo2.salesforce.com

astra-a-dev-ed.develop.my.salesforce-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

check-case-05.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.16.168.131 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	hcaptcha.com js.hcaptcha.com — Cisco Umbrella Rank: 10514 newassets.hcaptcha.com — Cisco Umbrella Rank: 10576 hcaptcha.com — Cisco Umbrella Rank: 7440	499 KB
4	firebaseapp.com check-case-05.firebaseapp.com	120 KB
1	salesforce-sites.com 1 redirects astra-a-dev-ed.develop.my.salesforce-sites.com	944 B
11	3

	Domain	Requested by
5	newassets.hcaptcha.com	js.hcaptcha.com newassets.hcaptcha.com
4	check-case-05.firebaseapp.com	check-case-05.firebaseapp.com
1	hcaptcha.com	newassets.hcaptcha.com
1	js.hcaptcha.com	check-case-05.firebaseapp.com
1	astra-a-dev-ed.develop.my.salesforce-sites.com	1 redirects
11	5

This site contains no links.

Subject Issuer	Validity	Valid
firebaseapp.com GTS CA 1D4	`2023-09-11` - `2023-12-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-15` - `2024-04-14`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://check-case-05.firebaseapp.com/
Frame ID: EDECE3D0CA47F43B6317BE06BFA3990C
Requests: 5 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html
Frame ID: 6FC16F16DC3C249D1F2E2324408F0556
Requests: 4 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html
Frame ID: F595FD8CEA66F40D4364E5359BC314F0
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Support Case Resolve Program | Support | Meta Inc.

Page URL History Show full URLs

https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer HTTP 301
https://check-case-05.firebaseapp.com/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

5
Subdomains

3
IPs

3
Countries

619 kB
Transfer

2059 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer HTTP 301
https://check-case-05.firebaseapp.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
check-case-05.firebaseapp.com/
Redirect Chain

https://astra-a-dev-ed.develop.my.salesforce-sites.com/developer
https://check-case-05.firebaseapp.com/

950 B
725 B

165ms
43ms

Document
text/html

2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://check-case-05.firebaseapp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

32f8f91a8e8f151e29a7d2674ca7a9f074e181fcf197aaac555369afa3f70c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 357
content-type: text/html; charset=utf-8
date: Mon, 09 Oct 2023 18:14:47 GMT
etag: "71bba8888f68b5695946035fae2ef5c5405311ce230879d006227ada26f9cfcd-br"
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600061-LCY
x-timer: S1696875287.248496,VS0,VE1

Redirect headers

Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private
Content-Security-Policy: upgrade-insecure-requests
Date: Mon, 09 Oct 2023 18:14:47 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://check-case-05.firebaseapp.com/
Referrer-Policy: origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H2 200 main.59923531.js Show response
check-case-05.firebaseapp.com/static/js/ 365 KB
97 KB 45ms
44ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://check-case-05.firebaseapp.com/static/js/main.59923531.js

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

864056ca62851b9bc1b9a9f6b86d6f14063d9f53f2b2e277021bb97d8b9066c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600061-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Mon, 09 Oct 2023 18:14:47 GMT
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
x-timer: S1696875287.295750,VS0,VE2
etag: "27ee6b0afe233cd702019150d68d7033bfb955535a534e842e16f6f0c26c7410-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 99217
x-cache-hits: 1

GET
H2 200 main.908cabbc.css
check-case-05.firebaseapp.com/static/css/ 165 KB
18 KB 106ms
106ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://check-case-05.firebaseapp.com/static/css/main.908cabbc.css

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

31184aec8d38ad9fc4647287fccd37bbc014dfac386fe32c7284e9493aeb3e6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600061-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Mon, 09 Oct 2023 18:14:47 GMT
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
x-timer: S1696875287.295863,VS0,VE3
etag: "d12d41450301c24796014e00e4c7e34e2a707f258affb5bf16cf70f677f8bc62-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18428
x-cache-hits: 1

GET
H2 200 api.js Show response
js.hcaptcha.com/1/ 323 KB
92 KB 157ms
55ms Script
application/javascript 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hcaptcha.com/1/api.js?render=explicit&onload=hcaptchaOnLoad

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/static/js/main.59923531.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02367b7a4b8e6b48392d97d672d2e86b6a317cf463df6d9f3ce4cee9db398e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 36ebde0b08ea3144d51a5c4ebe210c20.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: 3pIXpMinKMlk6Bsz8xK6U73glOfu1iGO
age: 0
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 09:56:55 GMT
server: cloudflare
etag: W/"c921b10630257c59c685419b68dd1f79"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=120
cf-ray: 81389af35a9960ef-LHR
x-amz-cf-id: iJLYzqk6MzjIrNAIwji8BnUAhHcryRflYEkVgymi_GQ8Y-smnGtJHw==

GET
H3 200 news.3a295996e235b214852e.jpg
check-case-05.firebaseapp.com/static/media/ 11 KB
5 KB 45ms
44ms Image
image/jpeg 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://check-case-05.firebaseapp.com/static/media/news.3a295996e235b214852e.jpg

Requested by

Host: check-case-05.firebaseapp.com
URL: https://check-case-05.firebaseapp.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

91902273fcd34c1dc745a12fa2f41a840e8b37949bfef4de0abb1013951986c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://check-case-05.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: cache-lon4279-LON
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Mon, 09 Oct 2023 18:14:47 GMT
last-modified: Mon, 09 Oct 2023 16:54:41 GMT
x-timer: S1696875287.477472,VS0,VE2
etag: "342271e268265b1c396951cec21c65f91fc7353728de4783a9a31c7e8b97dab0-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/jpeg
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4287
x-cache-hits: 1

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/42177c5/static/ Frame 6FC1 2 KB
943 B 67ms
58ms Document
text/html 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js?render=explicit&onload=hcaptchaOnLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29076bafd46813a42c299189c613e843fb39a4c583c31cd7c67a01317d9e69b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://check-case-05.firebaseapp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 119
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 81389af44bc060ef-LHR
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 18:14:47 GMT
last-modified: Mon, 09 Oct 2023 09:56:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 e0389dce33f3ab76770520feb1331814.cloudfront.net (CloudFront)
x-amz-cf-id: 1EyAFfeG7KMCtWPd-w9FNnjTzOb-SNlqgnkwiunT31XwYMOBuu3V6A==
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-amz-version-id: fMlC30DRJaC5GZ_fHZge8E0SRHB8Hx_J
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/42177c5/static/ Frame F595 2 KB
753 B 56ms
56ms Document
text/html 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js?render=explicit&onload=hcaptchaOnLoad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29076bafd46813a42c299189c613e843fb39a4c583c31cd7c67a01317d9e69b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://check-case-05.firebaseapp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 119
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 81389af44bc560ef-LHR
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 18:14:47 GMT
last-modified: Mon, 09 Oct 2023 09:56:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 e0389dce33f3ab76770520feb1331814.cloudfront.net (CloudFront)
x-amz-cf-id: 1EyAFfeG7KMCtWPd-w9FNnjTzOb-SNlqgnkwiunT31XwYMOBuu3V6A==
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-amz-version-id: fMlC30DRJaC5GZ_fHZge8E0SRHB8Hx_J
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/42177c5/ Frame 6FC1 323 KB
91 KB 56ms
55ms Script
application/javascript 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/42177c5/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02367b7a4b8e6b48392d97d672d2e86b6a317cf463df6d9f3ce4cee9db398e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 36ebde0b08ea3144d51a5c4ebe210c20.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: 3pIXpMinKMlk6Bsz8xK6U73glOfu1iGO
age: 121
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 09:56:55 GMT
server: cloudflare
etag: W/"c921b10630257c59c685419b68dd1f79"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 81389af4cc2b60ef-LHR
x-amz-cf-id: iJLYzqk6MzjIrNAIwji8BnUAhHcryRflYEkVgymi_GQ8Y-smnGtJHw==

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/42177c5/ Frame F595 323 KB
91 KB 50ms
50ms Script
application/javascript 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/42177c5/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02367b7a4b8e6b48392d97d672d2e86b6a317cf463df6d9f3ce4cee9db398e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 36ebde0b08ea3144d51a5c4ebe210c20.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: 3pIXpMinKMlk6Bsz8xK6U73glOfu1iGO
age: 121
x-amz-cf-pop: LHR50-P7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 09:56:55 GMT
server: cloudflare
etag: W/"c921b10630257c59c685419b68dd1f79"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 81389af4cc2e60ef-LHR
x-amz-cf-id: iJLYzqk6MzjIrNAIwji8BnUAhHcryRflYEkVgymi_GQ8Y-smnGtJHw==

GET
DATA 200
OK truncated
/ Frame F595 798 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 checksiteconfig Show response
hcaptcha.com/ Frame 6FC1 759 B
946 B 84ms
71ms XHR
application/json 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/checksiteconfig?v=42177c5&host=check-case-05.firebaseapp.com&sitekey=d660cb81-152a-428c-9c68-e2322e02aba5&sc=1&swa=1&spst=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/42177c5/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48d3c7aa1f70a4c6b0a0432540d18a34bec5c4adbdf4aa0070b237c14be88519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Oct 2023 18:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 81389af5bd3060ef-LHR
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass: 2
alt-svc: h3=":443"; ma=86400

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/7a7fc3d/ Frame 6FC1 542 KB
222 KB 54ms
54ms Script
application/javascript 104.16.168.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/7a7fc3d/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/42177c5/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5b61a0f51e14cf9c360329736f08563446ee3946d03db8a1307516d4778838d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/42177c5/static/hcaptcha.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 18:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7599c9263666c70e7c78c161a02a07f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: GrY6itVPYVnvjrogJQ1yOXAjKYbv.j8P
age: 319
x-amz-cf-pop: HEL51-P1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Sep 2023 15:04:07 GMT
server: cloudflare
etag: W/"b16c715f27a9a8d8768373c4de6f00ce"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 81389af63baa653f-LHR
x-amz-cf-id: H0WSjg2joWxQsAoBPe8i80nhi09roLbVFRAJQG2utInDuVKcJ7MDPw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: CookieConsentPolicy Value: 0:1
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: LSKey-c$CookieConsentPolicy Value: 0:1
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: BrowserId Value: uqbJdmbPEe6ntXfFtTyWlA
astra-a-dev-ed.develop.my.salesforce-sites.com/	1970-01-21 00:06:51	Name: BrowserId_sec Value: uqbJdmbPEe6ntXfFtTyWlA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

astra-a-dev-ed.develop.my.salesforce-sites.com
check-case-05.firebaseapp.com
hcaptcha.com
js.hcaptcha.com
newassets.hcaptcha.com
104.16.168.131
161.71.1.62
2620:0:890::100
02367b7a4b8e6b48392d97d672d2e86b6a317cf463df6d9f3ce4cee9db398e4b
29076bafd46813a42c299189c613e843fb39a4c583c31cd7c67a01317d9e69b8
31184aec8d38ad9fc4647287fccd37bbc014dfac386fe32c7284e9493aeb3e6f
32f8f91a8e8f151e29a7d2674ca7a9f074e181fcf197aaac555369afa3f70c89
48d3c7aa1f70a4c6b0a0432540d18a34bec5c4adbdf4aa0070b237c14be88519
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
864056ca62851b9bc1b9a9f6b86d6f14063d9f53f2b2e277021bb97d8b9066c7
91902273fcd34c1dc745a12fa2f41a840e8b37949bfef4de0abb1013951986c0
f5b61a0f51e14cf9c360329736f08563446ee3946d03db8a1307516d4778838d

check-case-05.firebaseapp.com Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

33 %IPv6

3 Domains

5 Subdomains

3 IPs

3 Countries

619 kBTransfer

2059 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

check-case-05.firebaseapp.com Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

5
Subdomains

3
IPs

3
Countries

619 kB
Transfer

2059 kB
Size

4
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!