identity.staging.herokudev.com Open in urlscan Pro
13.32.27.7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://identity.staging.herokudev.com/
Effective URL:
https://identity.staging.herokudev.com/login
Submission: On May 13 via automatic, source certstream-suspicious (May 13th 2025, 3:14:49 am UTC) — Scanned from PL

Summary HTTP 24 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 24 HTTP transactions. The main IP is 13.32.27.7, located in United States and belongs to AMAZON-02, US. The main domain is identity.staging.herokudev.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on November 18th 2024. Valid for: a year.

This is the only time identity.staging.herokudev.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Heroku (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 9	13.32.27.7 13.32.27.7	16509 (AMAZON-02) (AMAZON-02)
7	99.86.4.58 99.86.4.58	16509 (AMAZON-02) (AMAZON-02)
4	151.101.129.145 151.101.129.145	54113 (FASTLY) (FASTLY)
4	3.161.82.35 3.161.82.35	16509 (AMAZON-02) (AMAZON-02)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	5

9 13.32.27.7 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-7.fra56.r.cloudfront.net

identity.staging.herokudev.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 99.86.4.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-58.fra6.r.cloudfront.net

www0.assets.heroku.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.145 (San Francisco, United States)

ASN54113 (FASTLY, US)

developer.salesforce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.161.82.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-82-35.fra56.r.cloudfront.net

www.herokucdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	herokudev.com 1 redirects identity.staging.herokudev.com	29 KB
7	heroku.com www0.assets.heroku.com	531 KB
4	herokucdn.com www.herokucdn.com — Cisco Umbrella Rank: 353313	193 KB
4	salesforce.com developer.salesforce.com — Cisco Umbrella Rank: 356629	24 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 957	249 B
24	5

	Domain	Requested by
9	identity.staging.herokudev.com	1 redirects identity.staging.herokudev.com
7	www0.assets.heroku.com	identity.staging.herokudev.com www0.assets.heroku.com developer.salesforce.com
4	www.herokucdn.com	identity.staging.herokudev.com
4	developer.salesforce.com	identity.staging.herokudev.com
1	geolocation.onetrust.com	www0.assets.heroku.com
24	5

This site contains links to these domains. Also see Links.

Domain
www.heroku.com
sso-staging.heroku.com
heroku.com
www.salesforce.com
www.onetrust.com

Subject Issuer	Validity	Valid
identity.staging.herokudev.com Amazon RSA 2048 M03	`2024-11-18` - `2025-12-17`	a year	crt.sh
*.assets.heroku.com Amazon RSA 2048 M03	`2025-04-10` - `2026-05-09`	a year	crt.sh
developer.salesforce.com DigiCert TLS RSA SHA256 2020 CA1	`2024-09-24` - `2025-09-23`	a year	crt.sh
www.herokucdn.com Amazon RSA 2048 M03	`2024-11-23` - `2025-12-21`	a year	crt.sh
geolocation.onetrust.com WE1	`2025-04-06` - `2025-07-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://identity.staging.herokudev.com/login
Frame ID: 4B3C47EDCBC1AC948E43C9C5C6540764
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Heroku | Login

Page URL History Show full URLs

https://identity.staging.herokudev.com/ HTTP 302
https://identity.staging.herokudev.com/login Page URL

Detected technologies

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

776 kB
Transfer

859 kB
Size

1
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.heroku.com/
Title: Heroku

Search URL Search Domain Scan URL

URL: https://sso-staging.heroku.com/login
Title: Log in via SSO

Search URL Search Domain Scan URL

URL: https://heroku.com/home
Title: Heroku is a company

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/company/legal/sfdc-website-terms-of-service/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/company/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/company/privacy/full_privacy.jsp#nav_info
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/form/other/privacy-request/
Title: Your Privacy Choices

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/company/privacy/full_privacy/
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://identity.staging.herokudev.com/ HTTP 302
https://identity.staging.herokudev.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
identity.staging.herokudev.com/
Redirect Chain

https://identity.staging.herokudev.com/
https://identity.staging.herokudev.com/login

3 KB
3 KB

434ms
434ms

Document
text/html

13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

fca0ad0868e4647eb094a8b72b5ca846298d6f7cd4a7e92a42df3730ab46eab0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 1449
content-type: text/html;charset=utf-8
date: Tue, 13 May 2025 03:14:44 GMT
referrer-policy: strict-origin-when-cross-origin
request-id: 39197e08-ce5a-bff1-141b-4c7ad9ab1bf2
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-amz-cf-id: -iuCdhvIk9jWIam2D5N2uVFvcT4gc0SG4EGlfrfsLFOREMaDetT3TA==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
content-type: text/html;charset=utf-8
date: Tue, 13 May 2025 03:14:44 GMT
location: https://identity.staging.herokudev.com/login
referrer-policy: strict-origin-when-cross-origin
request-id: fa31111b-837e-0c9d-9b40-f49fc205bbbb
strict-transport-security: max-age=31536000
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-amz-cf-id: 28jhyuGbngYowPmcalFBxBWDxi2zBeyfQrSlIVg9r36osXtXl-MDqQ==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK onetrust.min.css
www0.assets.heroku.com/cookies/2021.05.27/ 15 KB
16 KB 270ms
123ms Stylesheet
text/css 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/onetrust.min.css

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fa920ed2b8d0d0e8f07e8862636788e4ffa07bb3279b93e4183a12e515984bbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: ukKYEEvO7_ctsZlWp2_IxXB2UA_Eh_1K
ETag: "e26d08e6de04b6779020ba9e490ea4c3"
Age: 50651
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: GK-P21MvlN8vQH7YM_1TV4TECeIwUNuRITCTnH5QxvhwwfdkeqTVig==
Date: Mon, 12 May 2025 13:10:34 GMT
Content-Type: text/css
Last-Modified: Thu, 27 May 2021 14:39:56 GMT
Vary: Origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Content-Length: 15493
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

GET
H/1.1 200
OK otSDKStubPlusSfdcWwwBase.js Show response
www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/ 23 KB
24 KB 314ms
63ms Script
application/javascript 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/otSDKStubPlusSfdcWwwBase.js

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a13617f3f74e2c9acaa81b9ecf5b3bd71611412c420c87c47d958cbb309ce558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: H8kJuzx9QYHMI4tkibX55z0xGn7A7Q4_
ETag: "8734619b13d86b6aef6913c8d6ca9a6e"
Age: 67768
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: cN5MvG7MFmM_kH02ZViWk1NTDJAaa3gWrmU-6Gtku2cfDRqfjdl32w==
Date: Mon, 12 May 2025 08:25:16 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 May 2021 14:39:57 GMT
Vary: Origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Content-Length: 23912
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

GET
H2 200 purple.css
identity.staging.herokudev.com/assets/8/ 42 KB
9 KB 416ms
416ms Stylesheet
text/css 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://identity.staging.herokudev.com/assets/8/purple.css

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

8ee70c25f12f48b8f02ce036d3a1d38586b044d4ec9cd9f6255b2d0aecfe15b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/login

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: 1a8dbe82-3576-2e64-b16a-d626f2da47e6
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 7970
x-amz-cf-id: uf1abgw-MI9E12v5kZKJbRJvBBSiExW1q48mEJQPuNfDsOhijYFYvQ==
date: Tue, 13 May 2025 03:14:44 GMT
content-type: text/css;charset=utf-8
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H2 200 modernizr.min.js Show response
identity.staging.herokudev.com/assets/8/ 8 KB
5 KB 338ms
337ms Script
application/javascript 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://identity.staging.herokudev.com/assets/8/modernizr.min.js

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

d81cc127eb0f47ac4f335134dedda6e3077dadfb61a33249173912f52cc577c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/login

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: 0675b2eb-82df-7b2e-5d0d-9a9ecaa411fe
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 3666
x-amz-cf-id: m6G47JqHUkAQwUBN1S6P0YnUl4f8Ffeq9eaopdQT5n2a-dLhjEVvPQ==
date: Tue, 13 May 2025 03:14:44 GMT
content-type: application/javascript;charset=utf-8
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H2 200 index.css
developer.salesforce.com/shared-components/css/ 25 KB
5 KB 211ms
96ms Stylesheet
text/css 151.101.129.145
FASTLY

General

Check archive.org

Download Go to

Full URL

https://developer.salesforce.com/shared-components/css/index.css

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.145 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9dbec35386c73dd8e0ac48f2f3c981f87bc83de23590c0173e8929f8cdfaaa03

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com
Strict-Transport-Security	max-age=31557600
X-Frame-Options	allow-from .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-request-id: 2937df2004d809e7c6b5bddc2b9de129288e8b02
content-encoding: gzip
etag: cc3c62b3175666f128ae5a4c08137c78
age: 30764
x-cache: HIT
date: Tue, 13 May 2025 03:14:44 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 17 Mar 2025 19:31:25 GMT
x-served-by: cache-fra-eddf8230115-FRA
x-cache-hits: 10
x-frame-options: allow-from *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
strict-transport-security: max-age=31557600
vary: Accept-Encoding, DfcLocale
content-security-policy: frame-ancestors 'self' *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
cache-control: public, max-age=36000, immutable
nel: {"report_to":"network-errors", "max_age":2592000, "success_fraction":0, "failure_fraction":1.0, "include_subdomains":true}
x-timer: S1747106085.740751,VS0,VE2
via: 1.1 spaces-router (60cfadc35250), 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4635

GET
H2 200 import.js Show response
developer.salesforce.com/shared-components/helmet/ 65 B
684 B 248ms
157ms Script
application/javascript 151.101.129.145
FASTLY

General

Check archive.org

Download Go to

Full URL

https://developer.salesforce.com/shared-components/helmet/import.js

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.145 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f01251d56cb954d79a63ee543301905efa96d916df24194063783a70e65c6c2e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com
Strict-Transport-Security	max-age=31557600
X-Frame-Options	allow-from .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://identity.staging.herokudev.com
Referer: https://identity.staging.herokudev.com/

Response headers

x-request-id: ffb54b4f3871e5412f10a2f55d49bc66be910210
etag: d803690b595f0229244bd30391c00370
age: 1380
x-cache: HIT
date: Tue, 13 May 2025 03:14:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 17 Mar 2025 19:31:29 GMT
x-served-by: cache-fra-eddf8230116-FRA
x-cache-hits: 0
x-frame-options: allow-from *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
strict-transport-security: max-age=31557600
vary: Accept-Encoding, DfcLocale
content-security-policy: frame-ancestors 'self' *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
cache-control: public, max-age=36000, immutable
nel: {"report_to":"network-errors", "max_age":2592000, "success_fraction":0, "failure_fraction":1.0, "include_subdomains":true}
x-timer: S1747106085.704576,VS0,VE2
via: 1.1 spaces-router (60cfadc35250), 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 65

GET
H2 200 privacy-choices.svg
identity.staging.herokudev.com/assets/ 2 KB
2 KB 440ms
440ms Image
image/svg+xml 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://identity.staging.herokudev.com/assets/privacy-choices.svg

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/login

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: 7b695264-de85-17fa-9d7f-0aed256d3789
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 787
x-amz-cf-id: kWx89sBZwsulcYa8lpxm1HDuFMynNQ4E3zNyAZJkKQdHPZcY653wjQ==
date: Tue, 13 May 2025 03:14:44 GMT
content-type: image/svg+xml
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H/1.1 200
OK 2273ccf8-8f23-4d20-bca7-8f0b53cd825e.json Show response
www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/consent/2273ccf8-8f23-4d20-bca7-8f0b53cd825e/ 5 KB
5 KB 167ms
73ms XHR
application/json 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/consent/2273ccf8-8f23-4d20-bca7-8f0b53cd825e/2273ccf8-8f23-4d20-bca7-8f0b53cd825e.json

Requested by

Host: www0.assets.heroku.com
URL: https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/otSDKStubPlusSfdcWwwBase.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

68e268099a10375c17685241cfaeceb2600ed9c84e54e5daad56921758807a2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: HvjBn4XcgP7YQ7mQUYJbWRptGJ4z2Cqa
ETag: "e7f87492f8cd6a8b5aa334b568743aca"
Age: 75950
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 3Jb4r4_y23u72Zmob67pPY69nIy9y0LwOyAPF9M0aN9czySU7O5jLQ==
Date: Mon, 12 May 2025 06:08:56 GMT
Content-Type: application/json
Last-Modified: Thu, 27 May 2021 14:40:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 4945
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

GET
H2 200 logo-vertical.png
identity.staging.herokudev.com/assets/ 1 KB
3 KB 322ms
321ms Image
image/png 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://identity.staging.herokudev.com/assets/logo-vertical.png

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

5f59cafcb60c26719f581f961ae3f19d54ab7ba2989a8db1e5a4b572ce6e9c98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/assets/8/purple.css

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: 92aa66a0-9710-7455-c3a4-55dd4958e756
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 1302
x-amz-cf-id: Bm2V4xAFu3EkJLYDr2Zwm8ExdNh-K4j3wxtc7b8Zg9sRDsZ-bKpFsw==
date: Tue, 13 May 2025 03:14:45 GMT
content-type: image/png
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H2 200 icon-username.png
identity.staging.herokudev.com/assets/ 287 B
2 KB 431ms
430ms Image
image/png 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://identity.staging.herokudev.com/assets/icon-username.png

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

b54df4d885604fe5678d5324db7248ea3ea507577131d5ea4e0ae46b6a49a0fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/assets/8/purple.css

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: d134bfe2-a8bd-0497-3ef2-49dea863cdba
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 317
x-amz-cf-id: jq3aAHH2ihCULpDmPmvEkXb2DTJqMcTBB4E-j0sargxWINFilDaJmw==
date: Tue, 13 May 2025 03:14:45 GMT
content-type: image/png
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H2 200 icon-password.png
identity.staging.herokudev.com/assets/ 205 B
1 KB 414ms
413ms Image
image/png 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://identity.staging.herokudev.com/assets/icon-password.png

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

3b06d84d2af9257c894a47fbea58cb27f91065158867274a7b2a52b34b26d65e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/assets/8/purple.css

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: c830c7bc-c74f-d72e-d9b1-863853c265e6
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 231
x-amz-cf-id: O-qOZvzl8_Hzsonplc6kdOfk1l_n06K-VP6EWDlab9tv760s0ryQCg==
date: Tue, 13 May 2025 03:14:45 GMT
content-type: image/png
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H2 200 logo-sfdc.png
identity.staging.herokudev.com/assets/ 3 KB
4 KB 434ms
433ms Image
image/png 13.32.27.7
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://identity.staging.herokudev.com/assets/logo-sfdc.png

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-7.fra56.r.cloudfront.net

Software

Resource Hash

52ac624900170bd014788a565e88b5c98da9a6d4fc354e2601bf088f6d80b5a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/assets/8/purple.css

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
request-id: 6d0051cd-58fa-d353-1943-126d35b0aa3f
via: 1.1 spaces-router (60cfadc35250), 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-cache: Miss from cloudfront
content-length: 2817
x-amz-cf-id: XjNW2PGydibXXkyoDaxl7WAgW_rX5ID8tKnmvUmn31DV_XD90c-X4A==
date: Tue, 13 May 2025 03:14:45 GMT
content-type: image/png
last-modified: Mon, 12 May 2025 18:50:06 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C2

GET
H2 200 bentonsans-book.woff
www.herokucdn.com/fonts/ 71 KB
72 KB 205ms
65ms Font
font/woff 3.161.82.35
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.herokucdn.com/fonts/bentonsans-book.woff
Requested by: Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-35.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 048416fe9c54f2f3523a23f30c6bedd1a961aa6e0c9ad169b7fd429811bf9dce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://identity.staging.herokudev.com
Referer: https://identity.staging.herokudev.com/

Response headers

access-control-max-age: 86400
access-control-expose-headers: ETag
etag: "cb4d66cf19b9c2a847a296072bb084b7"
age: 22226
access-control-allow-methods: GET
expires: Mon, 31 Dec 2029 18:00:00 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: 8vVPKycZx5EapwnN7iztenmFwc7UOC8xelGNCB_8d_MbKKFMTLkLyw==
date: Mon, 12 May 2025 21:04:20 GMT
content-type: font/woff
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
last-modified: Fri, 25 Apr 2025 17:12:03 GMT
cache-control: max-age=86400, public
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 73126
x-amz-cf-pop: FRA56-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bentonsans-medium.woff
www.herokucdn.com/fonts/ 36 KB
37 KB 203ms
64ms Font
font/woff 3.161.82.35
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.herokucdn.com/fonts/bentonsans-medium.woff
Requested by: Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-35.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5cd12715add2d4b76e8eac14da142662e5204b7b60ecbb6ffa78a1ca24546019

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://identity.staging.herokudev.com
Referer: https://identity.staging.herokudev.com/

Response headers

access-control-max-age: 86400
access-control-expose-headers: ETag
etag: "682dfc4bcd67cb851fa3dad68f564761"
age: 22226
access-control-allow-methods: GET
expires: Mon, 31 Dec 2029 18:00:00 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: kI2FJx6rfsd3HrMJ9xkM-wuwTRjjv85XoYSXaqGFtoBwUkEYuNotpQ==
date: Mon, 12 May 2025 21:04:20 GMT
content-type: font/woff
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
last-modified: Fri, 25 Apr 2025 17:12:03 GMT
cache-control: max-age=86400, public
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 37332
x-amz-cf-pop: FRA56-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bentonsans-regular.woff
www.herokucdn.com/fonts/ 33 KB
34 KB 205ms
65ms Font
font/woff 3.161.82.35
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.herokucdn.com/fonts/bentonsans-regular.woff
Requested by: Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/assets/8/purple.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-35.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88dc7d7ac74058797aa836f73826f9a44136f71e4a4b91a6a6c04261ab98f0fd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://identity.staging.herokudev.com
Referer: https://identity.staging.herokudev.com/

Response headers

access-control-max-age: 86400
access-control-expose-headers: ETag
etag: "a3103229fa33543d322525a5669d3b27"
age: 22226
access-control-allow-methods: GET
expires: Mon, 31 Dec 2029 18:00:00 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: oKjnBFRvkfMbYASFkxTWcdtTEeKx93IS2KYOFypIhZvOgtbq-AoYDQ==
date: Mon, 12 May 2025 21:04:20 GMT
content-type: font/woff
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
last-modified: Fri, 25 Apr 2025 17:12:03 GMT
cache-control: max-age=86400, public
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34288
x-amz-cf-pop: FRA56-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 entry-main-0efd60e2.js Show response
developer.salesforce.com/shared-components/helmet/ 233 B
403 B 39ms
39ms Script
application/javascript 151.101.129.145
FASTLY

General

Check archive.org

Download Go to

Full URL

https://developer.salesforce.com/shared-components/helmet/entry-main-0efd60e2.js

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.145 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c7f07f6624464c0cb9d675dbcefd42925b496df17ffcc0bf0d8207838a22fe7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com
Strict-Transport-Security	max-age=31557600
X-Frame-Options	allow-from .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://identity.staging.herokudev.com
Referer: https://developer.salesforce.com/shared-components/helmet/import.js

Response headers

x-request-id: 25ec9e5418d63cacffcd6f28ce64b25496156b4d
etag: 04eb89177d05e33eb40ad1e3ec74a6a6
age: 30584
x-cache: HIT
date: Tue, 13 May 2025 03:14:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 17 Mar 2025 19:31:29 GMT
x-served-by: cache-fra-eddf8230116-FRA
x-cache-hits: 0
x-frame-options: allow-from *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
strict-transport-security: max-age=31557600
vary: Accept-Encoding, DfcLocale
content-security-policy: frame-ancestors 'self' *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
cache-control: max-age=31536000, immutable
nel: {"report_to":"network-errors", "max_age":2592000, "success_fraction":0, "failure_fraction":1.0, "include_subdomains":true}
x-timer: S1747106085.039769,VS0,VE2
via: 1.1 spaces-router (60cfadc35250), 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 233

GET
H2 200 vendor-7d264656.js Show response
developer.salesforce.com/shared-components/helmet/ 56 KB
18 KB 55ms
54ms Script
application/javascript 151.101.129.145
FASTLY

General

Check archive.org

Download Go to

Full URL

https://developer.salesforce.com/shared-components/helmet/vendor-7d264656.js

Requested by

Host: identity.staging.herokudev.com
URL: https://identity.staging.herokudev.com/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.145 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

002c421ca97d4458b540da33251a611edcae45678fd8a8aabf2ca8af1466cbfc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com
Strict-Transport-Security	max-age=31557600
X-Frame-Options	allow-from .salesforce.com .force.com .trailhead.sfdc.sh .salesforce-setup.com

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://identity.staging.herokudev.com
Referer: https://developer.salesforce.com/shared-components/helmet/import.js

Response headers

x-request-id: 9586cf7b96bca35e4db933ea6492177185e1a42d
content-encoding: gzip
etag: bd18eafdc5720cc714969d6c50d2c535
age: 30584
x-cache: HIT
date: Tue, 13 May 2025 03:14:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 17 Mar 2025 19:31:29 GMT
x-served-by: cache-fra-eddf8230116-FRA
x-cache-hits: 0
x-frame-options: allow-from *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
strict-transport-security: max-age=31557600
vary: Accept-Encoding, DfcLocale
content-security-policy: frame-ancestors 'self' *.salesforce.com *.force.com *.trailhead.sfdc.sh *.salesforce-setup.com
cache-control: max-age=31536000, immutable
nel: {"report_to":"network-errors", "max_age":2592000, "success_fraction":0, "failure_fraction":1.0, "include_subdomains":true}
x-timer: S1747106085.054294,VS0,VE2
via: 1.1 spaces-router (60cfadc35250), 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18190

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 79 B
249 B 1048ms
231ms Script
text/javascript 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www0.assets.heroku.com
URL: https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/otSDKStubPlusSfdcWwwBase.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5a6884bf01a174d156b97dc02ef3d75a9444ece793d98516531f5d4ea339f14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 93eefccd7a07ecb8-WAW
content-encoding: gzip
date: Tue, 13 May 2025 03:14:46 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H/1.1 200
OK otBannerSdk.js Show response
www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/ 377 KB
377 KB 50ms
50ms Script
application/javascript 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/otBannerSdk.js

Requested by

Host: developer.salesforce.com
URL: https://developer.salesforce.com/shared-components/helmet/vendor-7d264656.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f1f8d4204b80f61987126d563bbb88a3036f6fd55f8e98da95a8b9e542f9c495

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: A9EXXjNcGVbWSkxHCMLL.ilGyoAdrseP
ETag: "975f2d75e78f7db7bec50d2d8508154a"
Age: 53810
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: V2ewNkz06w9QhGRRlDBBEjnk7B4BYMo4gb9KqudHzSh9-5ilpeL6lA==
Date: Mon, 12 May 2025 12:17:57 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 May 2021 14:39:59 GMT
Vary: Origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Content-Length: 385853
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

GET
H/1.1 200
OK en.json Show response
www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/consent/2273ccf8-8f23-4d20-bca7-8f0b53cd825e/9271b9d0-7992-4364-9721-eac93d9415b0/ 51 KB
52 KB 46ms
46ms Fetch
application/json 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/consent/2273ccf8-8f23-4d20-bca7-8f0b53cd825e/9271b9d0-7992-4364-9721-eac93d9415b0/en.json

Requested by

Host: www0.assets.heroku.com
URL: https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/otBannerSdk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5488b4146baa797e2e20f3ad2a35b13ab3fdd9754f5383b58b6604a1f955bea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: dENRMmr8zzoMy1ljtNJjeWEOT.UNuYjB
ETag: "3853c6cf711d8ef348ccadfed9a1f81b"
Age: 44151
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: mP_Zi-O8dSgDXYnJ4a1BPt_JNer5rjt6bI-0YIDf-zhQcSKqPShGtA==
Date: Mon, 12 May 2025 14:58:56 GMT
Content-Type: application/json
Last-Modified: Thu, 27 May 2021 14:39:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 52532
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

GET
H2 200 favicon.ico
www.herokucdn.com/ 49 KB
49 KB 164ms
64ms Other
image/vnd.microsoft.icon 3.161.82.35
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://www.herokucdn.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-35.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e274c0b7f1a9ef32495b508a13a20f14716477ae2fc378c7106acbe53fdb33d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

etag: "2b420d8e50f804849fc9f459e4ffc4cb"
age: 85839
expires: Mon, 31 Dec 2029 18:00:00 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: A2X8EbgxpDRikhsgjmlSPhjji5_m1IWG51bnBgRBkch9UeOzyURC_A==
date: Mon, 12 May 2025 03:24:08 GMT
content-type: image/vnd.microsoft.icon
vary: accept-encoding
last-modified: Fri, 25 Apr 2025 17:12:03 GMT
cache-control: max-age=86400, public
via: 1.1 de11a38373aee7f9d5ba9d586bb8bfd2.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 50198
x-amz-cf-pop: FRA56-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK otCenterRounded.json Show response
www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/assets/ 9 KB
10 KB 59ms
58ms Fetch
application/json 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/assets/otCenterRounded.json

Requested by

Host: www0.assets.heroku.com
URL: https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/otBannerSdk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cfed96db853cb6e2053513daf02c9dec0e5c052e268d2b7f47c245c17ba5cdec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: tZb3I3iNDxaDVZ6NTOlyib3aUO2U6Crm
ETag: "d31abd208a51eeeeb42c3b64bbb3d9ca"
Age: 70371
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: Yw3eF-W7HkAs-KGT9w42KZaEqqTt9EMvQMX5TFjKpN5Utc4-YP8Jpg==
Date: Mon, 12 May 2025 07:41:56 GMT
Content-Type: application/json
Last-Modified: Thu, 27 May 2021 14:40:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 9499
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

GET
H/1.1 200
OK otPcTab.json Show response
www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/assets/v2/ 46 KB
46 KB 103ms
41ms Fetch
application/json 99.86.4.58
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/assets/v2/otPcTab.json

Requested by

Host: www0.assets.heroku.com
URL: https://www0.assets.heroku.com/cookies/2021.05.27/oneTrust_production/scripttemplates/6.17.0/otBannerSdk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.58 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-58.fra6.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

85189c3a0ebc37dda89a5ef811071b5d4aeb7df093afbbe9ae58e81d96e22398

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://identity.staging.herokudev.com/

Response headers

x-amz-version-id: 8fAncySG9QGrwmhGxr3_rM7W.m0Rtll7
ETag: "cec337b395898b23de46cb63ea52d363"
Age: 26544
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: QbgimFOBNMrV6WEF-tkcJa1xh1WTCySzkzsN7rJ-qbpg7FK9tVnaNA==
Date: Mon, 12 May 2025 19:52:23 GMT
Content-Type: application/json
Last-Modified: Thu, 27 May 2021 14:38:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 46989
X-Amz-Cf-Pop: FRA6-C1
Server: AmazonS3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Heroku (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			identity.staging.herokudev.com/	1970-01-21 06:01:38	Name: identity-session Value: gAAAAABoIrklFdRbXAZ6VGlMdp4TaGZkTpddliFuJJbiGjAY6_nsJu_oDixvkFKkpY6lZiDe2f22uZuyaxzUFEXP4AA_8E5dPKdx_aO9fqOOpM89dd8Ghr0RxuSlBINOcnLeIGYi_OtAYe2TvF5YN_7NxrDMP4QzimNmeE6R8dRNmktTsiUFTlZpaaz5pr6UD8Wt2Sw1_MqCW5NMffNVU78WCZpuuNmQjFPJ9u3WSrpO8TqB_NbxOD7RkrvhC1rXmlrlb7MhwmKJR0P4cl2NpB0ZPW66Zlair7RBKsOjSnDMj6nqFKZSJgZrdH7COxZ-yUTmivmZIQAuYGq_7vIqmg1gygl7VzVBaeqpbc3bl-OcMUwmngYY4lw1z6zWsKxbAfXyWqYfgoEsi_v03soL_UtUK-1CT9MgKZKZsSfVKgSHDsfang-bgUyIHPz_Ykj26Us5vsY8bYvXnMj_yUpEFqSTtSt5XR_jfWlYAw9gCGl2_qT9tfV2UdA0JHqVeHcllg3JLYxldyIoSXuYabJUWLn2aQvKeSvW5KWepcmPcRtZBlpW1GfoYns%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

developer.salesforce.com
geolocation.onetrust.com
identity.staging.herokudev.com
www.herokucdn.com
www0.assets.heroku.com
13.32.27.7
151.101.129.145
172.64.155.119
3.161.82.35
99.86.4.58
002c421ca97d4458b540da33251a611edcae45678fd8a8aabf2ca8af1466cbfc
048416fe9c54f2f3523a23f30c6bedd1a961aa6e0c9ad169b7fd429811bf9dce
3b06d84d2af9257c894a47fbea58cb27f91065158867274a7b2a52b34b26d65e
52ac624900170bd014788a565e88b5c98da9a6d4fc354e2601bf088f6d80b5a1
5488b4146baa797e2e20f3ad2a35b13ab3fdd9754f5383b58b6604a1f955bea7
5cd12715add2d4b76e8eac14da142662e5204b7b60ecbb6ffa78a1ca24546019
5f59cafcb60c26719f581f961ae3f19d54ab7ba2989a8db1e5a4b572ce6e9c98
68e268099a10375c17685241cfaeceb2600ed9c84e54e5daad56921758807a2c
85189c3a0ebc37dda89a5ef811071b5d4aeb7df093afbbe9ae58e81d96e22398
86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba
88dc7d7ac74058797aa836f73826f9a44136f71e4a4b91a6a6c04261ab98f0fd
8ee70c25f12f48b8f02ce036d3a1d38586b044d4ec9cd9f6255b2d0aecfe15b4
9dbec35386c73dd8e0ac48f2f3c981f87bc83de23590c0173e8929f8cdfaaa03
a13617f3f74e2c9acaa81b9ecf5b3bd71611412c420c87c47d958cbb309ce558
b54df4d885604fe5678d5324db7248ea3ea507577131d5ea4e0ae46b6a49a0fc
c7f07f6624464c0cb9d675dbcefd42925b496df17ffcc0bf0d8207838a22fe7c
cfed96db853cb6e2053513daf02c9dec0e5c052e268d2b7f47c245c17ba5cdec
d81cc127eb0f47ac4f335134dedda6e3077dadfb61a33249173912f52cc577c0
e274c0b7f1a9ef32495b508a13a20f14716477ae2fc378c7106acbe53fdb33d8
f01251d56cb954d79a63ee543301905efa96d916df24194063783a70e65c6c2e
f1f8d4204b80f61987126d563bbb88a3036f6fd55f8e98da95a8b9e542f9c495
f5a6884bf01a174d156b97dc02ef3d75a9444ece793d98516531f5d4ea339f14
fa920ed2b8d0d0e8f07e8862636788e4ffa07bb3279b93e4183a12e515984bbb
fca0ad0868e4647eb094a8b72b5ca846298d6f7cd4a7e92a42df3730ab46eab0

identity.staging.herokudev.com Open in urlscan Pro 13.32.27.7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

776 kBTransfer

859 kBSize

1 Cookies

9 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

identity.staging.herokudev.com Open in urlscan Pro
13.32.27.7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

776 kB
Transfer

859 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!