data45190-ca2.web.app Open in urlscan Pro
199.36.158.100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://data45190-ca2.web.app/login
Submission: On October 03 via api (October 3rd 2021, 8:10:15 am UTC) from JP — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 20 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is data45190-ca2.web.app.
TLS certificate: Issued by GTS CA 1D4 on September 20th 2021. Valid for: 3 months.

This is the only time data45190-ca2.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: RBC (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	199.36.158.100 199.36.158.100	54113 (FASTLY) (FASTLY)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.74 142.250.185.74	15169 (GOOGLE) (GOOGLE)
4	23.45.105.114 23.45.105.114	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.45.105.137 23.45.105.137	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.185.131 142.250.185.131	15169 (GOOGLE) (GOOGLE)
1	50.16.248.208 50.16.248.208	14618 (AMAZON-AES) (AMAZON-AES)
20	7

9 199.36.158.100 (United States)

ASN54113 (FASTLY, US)

data45190-ca2.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.45.105.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-105-114.deploy.static.akamaitechnologies.com

www.rbcroyalbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.105.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-105-137.deploy.static.akamaitechnologies.com

www1.royalbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.16.248.208 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-248-208.compute-1.amazonaws.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	web.app data45190-ca2.web.app	186 KB
4	rbcroyalbank.com www.rbcroyalbank.com	47 KB
2	gstatic.com fonts.gstatic.com	38 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	ipify.org api.ipify.org	262 B
1	royalbank.com www1.royalbank.com	2 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	7 KB
20	7

	Domain	Requested by
9	data45190-ca2.web.app	data45190-ca2.web.app
4	www.rbcroyalbank.com	data45190-ca2.web.app
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	data45190-ca2.web.app
1	api.ipify.org	data45190-ca2.web.app
1	www1.royalbank.com	data45190-ca2.web.app
1	maxcdn.bootstrapcdn.com	data45190-ca2.web.app
20	7

This site contains no links.

Subject Issuer	Validity	Valid
web.app GTS CA 1D4	`2021-09-20` - `2021-12-19`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
rbcroyalbank.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-08-24` - `2022-08-24`	a year	crt.sh
www1.royalbank.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-03-13` - `2022-03-18`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2021-01-19` - `2022-02-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://data45190-ca2.web.app/login
Frame ID: BBFE698F9991E391C4754C13CB9F5441
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RBC Royal Bank - Sign In

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

3
Countries

283 kB
Transfer

640 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login Show response
data45190-ca2.web.app/ 3 KB
2 KB 27ms
6ms Document
text/html 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7fe305fd6aeea627b936131b1c3fbf44fd410888e46d4bb7bc91950652a4f756

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: data45190-ca2.web.app
:scheme: https
:path: /login
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "5843719aa259f409f46806e1b8b7608809a83e8d30f7cc37ff16dac35a54162b-br"
last-modified: Fri, 14 May 2021 23:34:54 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Sun, 03 Oct 2021 08:10:11 GMT
x-served-by: cache-hhn4036-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1633248611.174564,VS0,VE1
vary: x-fh-requested-host, accept-encoding
content-length: 1321

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ 28 KB
7 KB 35ms
19ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 08:10:11 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617
age: 16800832
cdn-cachedat: 2021-03-11 11:58:15
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a754e168c4f0fb62e4072354b1d05890
cf-ray: 6984b14c1e4a3233-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 main.6245805f.chunk.css
data45190-ca2.web.app/static/css/ 67 KB
12 KB 8ms
7ms Stylesheet
text/css 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dab01a28b920c333bf48bb40ebb0b1c052dedee3e145b7d2f8e48b4449e89f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:path: /static/css/main.6245805f.chunk.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Fri, 14 May 2021 23:34:54 GMT
x-timer: S1633248611.204503,VS0,VE1
etag: "8d052e52d664d40ff4a5343d0ad5a50b93cf6cb38f5caa88cfe9362ebc0e3961-br"
x-served-by: cache-hhn4036-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
date: Sun, 03 Oct 2021 08:10:11 GMT
accept-ranges: bytes
content-length: 12605
x-cache-hits: 1

GET
H2 200 firebase-app.js Show response
data45190-ca2.web.app/__/firebase/8.3.3/ 21 KB
7 KB 9ms
8ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/__/firebase/8.3.3/firebase-app.js

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

sffe /

Resource Hash

bdecc5a4ad9e9d6477d4c62bf3b5a9dcfd87c948fa6d4598bd983e22d5f8270a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /__/firebase/8.3.3/firebase-app.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 6764
x-xss-protection: 0
x-served-by: cache-hhn4036-HHN
last-modified: Mon, 12 Apr 2021 21:41:51 GMT
server: sffe
x-timer: S1633248611.204595,VS0,VE1
date: Sun, 03 Oct 2021 08:10:11 GMT
vary: Accept-Encoding, x-fh-requested-host, accept-encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 02 Oct 2022 12:25:20 GMT
cache-control: max-age=31556926
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="firebase-js"
x-cache-hits: 1

GET
H2 200 firebase-analytics.js Show response
data45190-ca2.web.app/__/firebase/8.3.3/ 35 KB
11 KB 18ms
18ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/__/firebase/8.3.3/firebase-analytics.js

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

sffe /

Resource Hash

159ea968ba28e58a05d766547b4c49501f707a118ce5278503d419412206456a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /__/firebase/8.3.3/firebase-analytics.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 10774
x-xss-protection: 0
x-served-by: cache-hhn4036-HHN
last-modified: Mon, 12 Apr 2021 21:41:51 GMT
server: sffe
x-timer: S1633248611.204642,VS0,VE2
date: Sun, 03 Oct 2021 08:10:11 GMT
vary: Accept-Encoding, x-fh-requested-host, accept-encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 01 Oct 2022 15:23:45 GMT
cache-control: max-age=31556926
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="firebase-js"
x-cache-hits: 1

GET
H2 200 init.js Show response
data45190-ca2.web.app/__/firebase/ 424 B
451 B 7ms
7ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/__/firebase/init.js

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

96f7a7e5e076b64a6ce41fe1fb67ed60f6d8ef776f03d5552b42aa2159e0a31c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:path: /__/firebase/init.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 14 May 2021 23:34:54 GMT
x-timer: S1633248611.204684,VS0,VE1
etag: "0bc1c95c413daeb6424386ea638e213aa699c9234a05e6fa1e2ee981b63f0c02"
x-served-by: cache-hhn4036-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
date: Sun, 03 Oct 2021 08:10:11 GMT
accept-ranges: bytes
content-length: 316
x-cache-hits: 1

GET
H2 200 2.8ee7e101.chunk.js Show response
data45190-ca2.web.app/static/js/ 266 KB
70 KB 9ms
8ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/static/js/2.8ee7e101.chunk.js

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8ef12f8efac189936abe3ba7c156a78d7902f1b79e79554a9a89cf2e844810a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:path: /static/js/2.8ee7e101.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Fri, 14 May 2021 23:34:54 GMT
x-timer: S1633248611.204723,VS0,VE1
etag: "c62bb1c20f39bec695b323fb1209345bc5c5e86bce722faf3af950ed80cab502-br"
x-served-by: cache-hhn4036-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
date: Sun, 03 Oct 2021 08:10:11 GMT
accept-ranges: bytes
content-length: 71647
x-cache-hits: 1

GET
H2 200 main.309bd707.chunk.js Show response
data45190-ca2.web.app/static/js/ 46 KB
5 KB 9ms
8ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/static/js/main.309bd707.chunk.js

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

49e932d0d3f3581a8e9e7b0974a3c9cbb7eceb7ea5239847e07b53d816bdd28e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:path: /static/js/main.309bd707.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Fri, 14 May 2021 23:34:54 GMT
x-timer: S1633248611.204796,VS0,VE1
etag: "a597fc1bb8b9941ebfe8c9982cb475fcc82ec8807a33c7fc3ef4be75ff2cea6b-br"
x-served-by: cache-hhn4036-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
date: Sun, 03 Oct 2021 08:10:11 GMT
accept-ranges: bytes
content-length: 4689
x-cache-hits: 1

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
818 B 39ms
17ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Fira+Sans:wght@200;400&family=Roboto:wght@300&display=swap

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

085613a5a4bc202b9f8fdae567ede44b3d932495965adebe7b5af8334089c596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 03 Oct 2021 08:10:11 GMT
server: ESF
date: Sun, 03 Oct 2021 08:10:11 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sun, 03 Oct 2021 08:10:11 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 38ms
17ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@100&display=swap

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

85e50fe35ea954d81d2feea489b29264aa77b93526409bc630df84d2d11e99ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 03 Oct 2021 08:10:09 GMT
server: ESF
date: Sun, 03 Oct 2021 08:10:11 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sun, 03 Oct 2021 08:10:11 GMT

GET
H2 200 rbc-logo-shield.svg
data45190-ca2.web.app/ 5 KB
2 KB 7ms
7ms Image
image/svg+xml 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://data45190-ca2.web.app/rbc-logo-shield.svg

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

96b1108b1d9a23174052f3417f90560e8003483a8be17c6dad05924151eba199

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:path: /rbc-logo-shield.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Fri, 14 May 2021 23:34:54 GMT
x-timer: S1633248611.283989,VS0,VE1
etag: "8fa8a8bded848f87fdda71a0481de0d42484317d0097ff3218341e1f7c322961-br"
x-served-by: cache-hhn4036-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/svg+xml
cache-control: max-age=3600
date: Sun, 03 Oct 2021 08:10:11 GMT
accept-ranges: bytes
content-length: 2303
x-cache-hits: 1

GET
H2 200 rbc-logo-shield-blue.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/logos/ 5 KB
5 KB 530ms
443ms Image
image/svg+xml 23.45.105.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rbcroyalbank.com/dvl/v1.0/assets/images/logos/rbc-logo-shield-blue.svg
Requested by: Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.105.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-105-114.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 65810b2abb5357e9d521f65bc4270894f90cb4f531b9d48bd202e3562920bfde

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 08:10:11 GMT
last-modified: Thu, 01 Nov 2018 13:37:06 GMT
etag: "5799a83c1e480"
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=0
access-control-allow-credentials: true
x-edgeconnect-cache-status: 1
accept-ranges: bytes
content-length: 5181
expires: Mon, 26 Apr 2021 04:30:46 GMT

GET
H2 200 ui-close-blue.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ 440 B
692 B 604ms
517ms Image
image/svg+xml 23.45.105.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ui-close-blue.svg
Requested by: Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.105.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-105-114.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f072f948a69fa01073e7561ffc54019409436fff0deee7c868ca670b2f4b849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 08:10:11 GMT
last-modified: Thu, 01 Nov 2018 13:37:13 GMT
etag: "5799a842cb440"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=0
access-control-allow-credentials: true
x-edgeconnect-cache-status: 3
accept-ranges: bytes
content-length: 440
expires: Sun, 03 Oct 2021 08:10:11 GMT

GET
H2 200 informational-32.svg
www1.royalbank.com/uos/3m/images/icons/ 2 KB
2 KB 99ms
13ms Image
image/svg+xml 23.45.105.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www1.royalbank.com/uos/3m/images/icons/informational-32.svg
Requested by: Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/login
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.105.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-105-137.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 99749e070e21359e3d5e5f87fa56dbfa49a85d574fb8f2b21d49fe1e267b8f2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 08:10:11 GMT
last-modified: Wed, 13 Mar 2019 19:54:42 GMT
etag: "c5bd87fe-78a-583ff2d368480"
p3p: policyref="https://www1.royalbank.com/w3c/p3p.xml",CP="CAO DSP COR LAW COM NAV INT STA CNT PHY ONL UNI PUR FIN DEM PRE GOV HEA CUR ADM DEV PSA LEG OUR SAMi CONi TELi"
x-edgeconnect-cache-status: 1
accept-ranges: bytes
content-type: image/svg+xml
content-length: 1930

GET
H2 200 ui-menu-white.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ 164 B
416 B 614ms
529ms Image
image/svg+xml 23.45.105.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ui-menu-white.svg
Requested by: Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.105.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-105-114.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c708030bf37dedc81bc1677fa8989fa318327af7840ca919e687d234eb4be845

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 08:10:11 GMT
last-modified: Thu, 01 Nov 2018 13:37:15 GMT
etag: "5799a844b38c0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=0
access-control-allow-credentials: true
x-edgeconnect-cache-status: 3
accept-ranges: bytes
content-length: 164
expires: Sun, 03 Oct 2021 08:10:11 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 30ms
8ms Font
font/woff2 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Fira+Sans:wght@200;400&family=Roboto:wght@300&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://data45190-ca2.web.app
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 315511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:31:40 GMT

GET
H2 200 RBCDisplay-Regular.woff
www.rbcroyalbank.com/dvl/v1.0/assets/fonts/ 39 KB
41 KB 500ms
419ms Font
application/octet-stream 23.45.105.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rbcroyalbank.com/dvl/v1.0/assets/fonts/RBCDisplay-Regular.woff
Requested by: Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.105.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-105-114.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8daf5b7fdb4cc33a16cc65a1faba63f852c676b175fde9660a176cd1c6934c19

Request headers

Referer: https://data45190-ca2.web.app/
Origin: https://data45190-ca2.web.app
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 08:10:11 GMT
content-encoding: gzip
last-modified: Thu, 01 Nov 2018 13:36:07 GMT
etag: "5799a803d9fc0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=0
access-control-allow-credentials: true
x-edgeconnect-cache-status: 1
accept-ranges: bytes
content-length: 41239
expires: Sun, 13 Sep 2020 07:01:56 GMT

GET
H2 200 fa-solid-900.ada6e6df.woff2
data45190-ca2.web.app/static/media/ 76 KB
76 KB 8ms
7ms Font
font/woff2 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://data45190-ca2.web.app/static/media/fa-solid-900.ada6e6df.woff2

Requested by

Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:path: /static/media/fa-solid-900.ada6e6df.woff2
pragma: no-cache
origin: https://data45190-ca2.web.app
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: data45190-ca2.web.app
referer: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://data45190-ca2.web.app/static/css/main.6245805f.chunk.css
Origin: https://data45190-ca2.web.app
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 14 May 2021 23:34:54 GMT
x-timer: S1633248611.291412,VS0,VE1
etag: "1372dcb89880aed93ada00d7bef08bd992d7c949b67007e99f6c0be11eda15e5"
x-served-by: cache-hhn4036-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: font/woff2
cache-control: max-age=3600
date: Sun, 03 Oct 2021 08:10:11 GMT
accept-ranges: bytes
content-length: 78109
x-cache-hits: 1

GET
H2 200 va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v11/ 22 KB
22 KB 32ms
12ms Font
font/woff2 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v11/va9E4kDNxMZdWfMOD5Vvl4jL.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Fira+Sans:wght@200;400&family=Roboto:wght@300&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

a41dd567a7d51dac3d65a716b505f5bba7526e36405ed8a832d72a4ada3665c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://data45190-ca2.web.app
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 05:13:52 GMT
x-content-type-options: nosniff
age: 183379
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22748
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 22:05:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Oct 2022 05:13:52 GMT

GET
H/1.1 200
OK / Show response
api.ipify.org/ 24 B
262 B 393ms
98ms Fetch
application/json 50.16.248.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: data45190-ca2.web.app
URL: https://data45190-ca2.web.app/static/js/main.309bd707.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.248.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-248-208.compute-1.amazonaws.com
Software: Cowboy /
Resource Hash: 3f03ee98a7008d03ad6cd24447537aa890301b5aa061dd1a0d3267801530dfe8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://data45190-ca2.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sun, 03 Oct 2021 08:10:11 GMT
Via: 1.1 vegur
Server: Cowboy
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://data45190-ca2.web.app
Connection: keep-alive
Content-Length: 24

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: RBC (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
data45190-ca2.web.app
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.rbcroyalbank.com
www1.royalbank.com
104.18.10.207
142.250.185.131
142.250.185.74
199.36.158.100
23.45.105.114
23.45.105.137
50.16.248.208
085613a5a4bc202b9f8fdae567ede44b3d932495965adebe7b5af8334089c596
159ea968ba28e58a05d766547b4c49501f707a118ce5278503d419412206456a
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3f03ee98a7008d03ad6cd24447537aa890301b5aa061dd1a0d3267801530dfe8
49e932d0d3f3581a8e9e7b0974a3c9cbb7eceb7ea5239847e07b53d816bdd28e
65810b2abb5357e9d521f65bc4270894f90cb4f531b9d48bd202e3562920bfde
7fe305fd6aeea627b936131b1c3fbf44fd410888e46d4bb7bc91950652a4f756
85e50fe35ea954d81d2feea489b29264aa77b93526409bc630df84d2d11e99ae
8daf5b7fdb4cc33a16cc65a1faba63f852c676b175fde9660a176cd1c6934c19
8ef12f8efac189936abe3ba7c156a78d7902f1b79e79554a9a89cf2e844810a1
96b1108b1d9a23174052f3417f90560e8003483a8be17c6dad05924151eba199
96f7a7e5e076b64a6ce41fe1fb67ed60f6d8ef776f03d5552b42aa2159e0a31c
99749e070e21359e3d5e5f87fa56dbfa49a85d574fb8f2b21d49fe1e267b8f2c
a41dd567a7d51dac3d65a716b505f5bba7526e36405ed8a832d72a4ada3665c2
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
bdecc5a4ad9e9d6477d4c62bf3b5a9dcfd87c948fa6d4598bd983e22d5f8270a
c708030bf37dedc81bc1677fa8989fa318327af7840ca919e687d234eb4be845
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
dab01a28b920c333bf48bb40ebb0b1c052dedee3e145b7d2f8e48b4449e89f3a
f072f948a69fa01073e7561ffc54019409436fff0deee7c868ca670b2f4b849b

data45190-ca2.web.app Open in urlscan Pro 199.36.158.100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

7 IPs

3 Countries

283 kBTransfer

640 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

data45190-ca2.web.app Open in urlscan Pro
199.36.158.100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

3
Countries

283 kB
Transfer

640 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!