![](/screenshots/1ff96761-eb3e-4be4-b0d3-986f57c37364.png)
data45190-ca2.web.app
Open in
urlscan Pro
199.36.158.100
Malicious Activity!
Public Scan
Submission: On October 03 via api from JP — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on September 20th 2021. Valid for: 3 months.
This is the only time data45190-ca2.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: RBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.185.74 142.250.185.74 | 15169 (GOOGLE) (GOOGLE) | |
4 | 23.45.105.114 23.45.105.114 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 23.45.105.137 23.45.105.137 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 142.250.185.131 142.250.185.131 | 15169 (GOOGLE) (GOOGLE) | |
1 | 50.16.248.208 50.16.248.208 | 14618 (AMAZON-AES) (AMAZON-AES) | |
20 | 7 |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net
fonts.googleapis.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-45-105-114.deploy.static.akamaitechnologies.com
www.rbcroyalbank.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-45-105-137.deploy.static.akamaitechnologies.com
www1.royalbank.com |
ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net
fonts.gstatic.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-248-208.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
web.app
data45190-ca2.web.app |
186 KB |
4 |
rbcroyalbank.com
www.rbcroyalbank.com |
47 KB |
2 |
gstatic.com
fonts.gstatic.com |
38 KB |
2 |
googleapis.com
fonts.googleapis.com |
2 KB |
1 |
ipify.org
api.ipify.org |
262 B |
1 |
royalbank.com
www1.royalbank.com |
2 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
7 KB |
20 | 7 |
Domain | Requested by | |
---|---|---|
9 | data45190-ca2.web.app |
data45190-ca2.web.app
|
4 | www.rbcroyalbank.com |
data45190-ca2.web.app
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
data45190-ca2.web.app
|
1 | api.ipify.org |
data45190-ca2.web.app
|
1 | www1.royalbank.com |
data45190-ca2.web.app
|
1 | maxcdn.bootstrapcdn.com |
data45190-ca2.web.app
|
20 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2021-09-20 - 2021-12-19 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
rbcroyalbank.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2021-08-24 - 2022-08-24 |
a year | crt.sh |
www1.royalbank.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2021-03-13 - 2022-03-18 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://data45190-ca2.web.app/login
Frame ID: BBFE698F9991E391C4754C13CB9F5441
Requests: 20 HTTP requests in this frame
Screenshot
![](/screenshots/1ff96761-eb3e-4be4-b0d3-986f57c37364.png)
Page Title
RBC Royal Bank - Sign InDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
data45190-ca2.web.app/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ |
28 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6245805f.chunk.css
data45190-ca2.web.app/static/css/ |
67 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-app.js
data45190-ca2.web.app/__/firebase/8.3.3/ |
21 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-analytics.js
data45190-ca2.web.app/__/firebase/8.3.3/ |
35 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
init.js
data45190-ca2.web.app/__/firebase/ |
424 B 451 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.8ee7e101.chunk.js
data45190-ca2.web.app/static/js/ |
266 KB 70 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.309bd707.chunk.js
data45190-ca2.web.app/static/js/ |
46 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
6 KB 818 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rbc-logo-shield.svg
data45190-ca2.web.app/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rbc-logo-shield-blue.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/logos/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui-close-blue.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ |
440 B 692 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
informational-32.svg
www1.royalbank.com/uos/3m/images/icons/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui-menu-white.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ |
164 B 416 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RBCDisplay-Regular.woff
www.rbcroyalbank.com/dvl/v1.0/assets/fonts/ |
39 KB 41 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.ada6e6df.woff2
data45190-ca2.web.app/static/media/ |
76 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v11/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
24 B 262 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: RBC (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| firebase object| webpackJsonptaz object| regeneratorRuntime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
data45190-ca2.web.app
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.rbcroyalbank.com
www1.royalbank.com
104.18.10.207
142.250.185.131
142.250.185.74
199.36.158.100
23.45.105.114
23.45.105.137
50.16.248.208
085613a5a4bc202b9f8fdae567ede44b3d932495965adebe7b5af8334089c596
159ea968ba28e58a05d766547b4c49501f707a118ce5278503d419412206456a
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3f03ee98a7008d03ad6cd24447537aa890301b5aa061dd1a0d3267801530dfe8
49e932d0d3f3581a8e9e7b0974a3c9cbb7eceb7ea5239847e07b53d816bdd28e
65810b2abb5357e9d521f65bc4270894f90cb4f531b9d48bd202e3562920bfde
7fe305fd6aeea627b936131b1c3fbf44fd410888e46d4bb7bc91950652a4f756
85e50fe35ea954d81d2feea489b29264aa77b93526409bc630df84d2d11e99ae
8daf5b7fdb4cc33a16cc65a1faba63f852c676b175fde9660a176cd1c6934c19
8ef12f8efac189936abe3ba7c156a78d7902f1b79e79554a9a89cf2e844810a1
96b1108b1d9a23174052f3417f90560e8003483a8be17c6dad05924151eba199
96f7a7e5e076b64a6ce41fe1fb67ed60f6d8ef776f03d5552b42aa2159e0a31c
99749e070e21359e3d5e5f87fa56dbfa49a85d574fb8f2b21d49fe1e267b8f2c
a41dd567a7d51dac3d65a716b505f5bba7526e36405ed8a832d72a4ada3665c2
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
bdecc5a4ad9e9d6477d4c62bf3b5a9dcfd87c948fa6d4598bd983e22d5f8270a
c708030bf37dedc81bc1677fa8989fa318327af7840ca919e687d234eb4be845
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
dab01a28b920c333bf48bb40ebb0b1c052dedee3e145b7d2f8e48b4449e89f3a
f072f948a69fa01073e7561ffc54019409436fff0deee7c868ca670b2f4b849b