doc-2g3h.firebaseapp.com Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login Show response doc-2g3h.firebaseapp.com/	3 KB 2 KB	174ms 120ms	Document text/html	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e25b66ce45fb0ecc12184b476343d53b015357b56c6ba8787eed969748b40015 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 cache-control max-age=3600 content-encoding br content-length 1322 content-type text/html; charset=utf-8 date Fri, 17 May 2024 11:49:41 GMT etag "54ff07b8952c9e8f3e19086ec430b32e1c2ccea1849bd3bff7bb409d93ea383c-br" last-modified Wed, 28 Apr 2021 03:30:56 GMT strict-transport-security max-age=31556926; includeSubDomains; preload vary x-fh-requested-host, accept-encoding x-cache MISS x-cache-hits 0 x-served-by cache-fra-eddf8230067-FRA x-timer S1715946581.206847,VS0,VE101
GET H3	200	font-awesome.min.css maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/	28 KB 7 KB	100ms 28ms	Stylesheet text/css	104.18.11.207 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 11:49:41 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 1053 age 5602607 cdn-cachedat 09/24/2023 10:03:53 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:54 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"89916fa773ce96569604016ef25cab50" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 03c32cd711050016a0af8b6c82d222fb timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 885362b5de11bb3b-FRA cdn-requestpullsuccess True
GET H2	200	main.6245805f.chunk.css doc-2g3h.firebaseapp.com/static/css/	67 KB 12 KB	22ms 20ms	Stylesheet text/css	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash dab01a28b920c333bf48bb40ebb0b1c052dedee3e145b7d2f8e48b4449e89f3a Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230067-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Fri, 17 May 2024 11:49:41 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946581.347929,VS0,VE1 etag "8d052e52d664d40ff4a5343d0ad5a50b93cf6cb38f5caa88cfe9362ebc0e3961-br" vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/css; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 12605 x-cache-hits 1
GET H2	200	firebase-app.js Show response doc-2g3h.firebaseapp.com/__/firebase/8.3.3/	21 KB 7 KB	29ms 28ms	Script text/javascript	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/__/firebase/8.3.3/firebase-app.js Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software sffe / Resource Hash bdecc5a4ad9e9d6477d4c62bf3b5a9dcfd87c948fa6d4598bd983e22d5f8270a Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires Sat, 17 May 2025 07:49:09 GMT strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 17 May 2024 11:49:41 GMT content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 6764 x-xss-protection 0 x-served-by cache-fra-eddf8230067-FRA last-modified Mon, 12 Apr 2021 21:41:51 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="firebase-js" x-timer S1715946581.348358,VS0,VE1 vary Accept-Encoding, x-fh-requested-host, accept-encoding report-to {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31556926 accept-ranges bytes x-cache-hits 1
GET H2	200	firebase-analytics.js Show response doc-2g3h.firebaseapp.com/__/firebase/8.3.3/	35 KB 11 KB	32ms 31ms	Script text/javascript	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/__/firebase/8.3.3/firebase-analytics.js Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software sffe / Resource Hash 159ea968ba28e58a05d766547b4c49501f707a118ce5278503d419412206456a Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires Fri, 16 May 2025 16:40:00 GMT strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 17 May 2024 11:49:41 GMT content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 10774 x-xss-protection 0 x-served-by cache-fra-eddf8230067-FRA last-modified Mon, 12 Apr 2021 21:41:51 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="firebase-js" x-timer S1715946581.348219,VS0,VE1 vary Accept-Encoding, x-fh-requested-host, accept-encoding report-to {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31556926 accept-ranges bytes x-cache-hits 1
GET H2	200	init.js Show response doc-2g3h.firebaseapp.com/__/firebase/	408 B 448 B	27ms 26ms	Script text/javascript	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/__/firebase/init.js Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e4ea0f8b1b148d8d8552260289cbf2d41692bd8ed4422861ff0bcf03e5b79928 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230067-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip date Fri, 17 May 2024 11:49:41 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946581.348187,VS0,VE1 etag "38d8dc4963143c1cfdb93e298eff85ca4ce463d3c10ddd2774d031897d58231e" vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/javascript; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 311 x-cache-hits 1
GET H2	200	2.e12e805d.chunk.js Show response doc-2g3h.firebaseapp.com/static/js/	266 KB 70 KB	37ms 36ms	Script text/javascript	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/static/js/2.e12e805d.chunk.js Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 3ed9f2af4bb50530a18d0617cda53feecb4f0039301733777ab900154e2f24d4 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230067-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Fri, 17 May 2024 11:49:41 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946581.348223,VS0,VE2 etag "3edb5eacdc701840777bcf54469d7e564752b97ef40d582edd29cbca5965bc82-br" vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/javascript; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 71741 x-cache-hits 1
GET H2	200	main.8bdfa207.chunk.js Show response doc-2g3h.firebaseapp.com/static/js/	38 KB 5 KB	36ms 35ms	Script text/javascript	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/static/js/main.8bdfa207.chunk.js Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 3d3eb27e71bc6b63aff8734ef26da3bdd1bb91a95d0dfeba7c36f02bf36470d4 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230067-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Fri, 17 May 2024 11:49:41 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946581.348681,VS0,VE1 etag "0b860cfa8860a1fa6d14084e9f200fd845148e53f87f9e999fbbe6d9a16416e8-br" vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/javascript; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 4479 x-cache-hits 1
GET H2	200	css2 fonts.googleapis.com/	7 KB 880 B	80ms 29ms	Stylesheet text/css	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Fira+Sans:wght@200;400&family=Roboto:wght@300&display=swap Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b3bfee4acb0e3195eb9d51099f412b811d7c8c71407b8f510363a33ad21fe724 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Fri, 17 May 2024 11:49:41 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 17 May 2024 11:49:41 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 17 May 2024 11:49:41 GMT
GET H2	200	css2 fonts.googleapis.com/	2 KB 1019 B	79ms 27ms	Stylesheet text/css	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@100&display=swap Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b1b70f805fd03b1c871dc76321d30f6f5bdb93edfc63f990d491f1a25ed64d77 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Fri, 17 May 2024 11:49:41 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 17 May 2024 11:04:57 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 17 May 2024 11:49:41 GMT
GET H3	200	rbc-logo-shield.svg doc-2g3h.firebaseapp.com/	5 KB 3 KB	21ms 20ms	Image image/svg+xml	199.36.158.100 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://doc-2g3h.firebaseapp.com/rbc-logo-shield.svg Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H3 Security QUIC, , AES_256_GCM Server 199.36.158.100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 96b1108b1d9a23174052f3417f90560e8003483a8be17c6dad05924151eba199 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230117-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Fri, 17 May 2024 11:49:41 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946582.518987,VS0,VE1 etag "8fa8a8bded848f87fdda71a0481de0d42484317d0097ff3218341e1f7c322961-br" vary x-fh-requested-host, accept-encoding x-cache HIT content-type image/svg+xml cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 2303 x-cache-hits 0
GET H2	200	rbc-logo-shield-blue.svg www.rbcroyalbank.com/dvl/v1.0/assets/images/logos/	5 KB 5 KB	187ms 42ms	Image image/svg+xml	23.37.40.17 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.rbcroyalbank.com/dvl/v1.0/assets/images/logos/rbc-logo-shield-blue.svg Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.37.40.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-40-17.deploy.static.akamaitechnologies.com Software / Resource Hash f11c73cb61e90c73e1c59aedb39cb2ac5d035d366a861a8dfacf7578bd19d03a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 11:49:41 GMT last-modified Mon, 19 Jun 2023 14:46:45 GMT etag "5fe7c9a7f7f40" x-edgeconnect-cache-status 1 access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control max-age=0 access-control-allow-credentials true accept-ranges bytes content-length 5157 expires Mon, 19 Jun 2023 14:46:48 GMT
GET H2	200	ui-close-blue.svg www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/	283 B 526 B	348ms 203ms	Image image/svg+xml	23.37.40.17 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ui-close-blue.svg Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.37.40.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-40-17.deploy.static.akamaitechnologies.com Software / Resource Hash 6b5aeae5741d1d91d661371bee9d628c6a7f097c4a992558e66aeb4c8aa32834 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 11:49:41 GMT last-modified Mon, 19 Jun 2023 14:48:22 GMT etag "5fe7ca0479980" x-edgeconnect-cache-status 3 vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control max-age=0 access-control-allow-credentials true accept-ranges bytes content-length 283 expires Fri, 17 May 2024 11:49:41 GMT
GET H2	200	informational-32.svg www1.royalbank.com/uos/3m/images/icons/	2 KB 2 KB	2694ms 40ms	Image image/svg+xml	23.37.40.109 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www1.royalbank.com/uos/3m/images/icons/informational-32.svg Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/login Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.37.40.109 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-40-109.deploy.static.akamaitechnologies.com Software / Resource Hash 99749e070e21359e3d5e5f87fa56dbfa49a85d574fb8f2b21d49fe1e267b8f2c Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubdomains; Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=63072000; includeSubdomains; date Fri, 17 May 2024 11:49:44 GMT last-modified Wed, 13 Mar 2019 19:54:42 GMT etag "c5bd87fe-78a-583ff2d368480" x-edgeconnect-cache-status 1 content-type image/svg+xml p3p policyref="https://www1.royalbank.com/w3c/p3p.xml",CP="CAO DSP COR LAW COM NAV INT STA CNT PHY ONL UNI PUR FIN DEM PRE GOV HEA CUR ADM DEV PSA LEG OUR SAMi CONi TELi" accept-ranges bytes content-length 1930
GET H2	200	ui-menu-white.svg www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/	521 B 763 B	319ms 176ms	Image image/svg+xml	23.37.40.17 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ui-menu-white.svg Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.37.40.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-40-17.deploy.static.akamaitechnologies.com Software / Resource Hash d3b36634bb7d3f169783a0dd06a852a3a6e7827e087e3389b1f30dd8a1e671f4 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 11:49:41 GMT last-modified Mon, 19 Jun 2023 14:48:24 GMT etag "5fe7ca0661e00" x-edgeconnect-cache-status 3 vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control max-age=0 access-control-allow-credentials true accept-ranges bytes content-length 521 expires Fri, 17 May 2024 11:49:41 GMT
GET H2	200	KFOlCnqEu92Fr1MmSU5fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	82ms 24ms	Font font/woff2	2a00:1450:4001:81d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Fira+Sans:wght@200;400&family=Roboto:wght@300&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://fonts.googleapis.com/ Origin https://doc-2g3h.firebaseapp.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 14:12:21 GMT x-content-type-options nosniff age 250640 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15740 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 14 May 2025 14:12:21 GMT
GET H2	200	va9E4kDNxMZdWfMOD5Vvl4jL.woff2 fonts.gstatic.com/s/firasans/v17/	23 KB 23 KB	84ms 26ms	Font font/woff2	2a00:1450:4001:81d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/firasans/v17/va9E4kDNxMZdWfMOD5Vvl4jL.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Fira+Sans:wght@200;400&family=Roboto:wght@300&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 89ae1743656b75948be30cc4909efd3c61771b7bd9f6d53eb14cd9731d486b57 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://fonts.googleapis.com/ Origin https://doc-2g3h.firebaseapp.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 01:17:25 GMT x-content-type-options nosniff age 556336 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23880 x-xss-protection 0 last-modified Tue, 02 May 2023 14:50:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 11 May 2025 01:17:25 GMT
GET H3	200	fa-solid-900.ada6e6df.woff2 doc-2g3h.firebaseapp.com/static/media/	76 KB 77 KB	22ms 21ms	Font font/woff2	199.36.158.100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/static/media/fa-solid-900.ada6e6df.woff2 Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Protocol H3 Security QUIC, , AES_256_GCM Server 199.36.158.100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Origin https://doc-2g3h.firebaseapp.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230117-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip date Fri, 17 May 2024 11:49:41 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946582.567480,VS0,VE1 etag "1372dcb89880aed93ada00d7bef08bd992d7c949b67007e99f6c0be11eda15e5" vary x-fh-requested-host, accept-encoding x-cache HIT content-type font/woff2 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 78109 x-cache-hits 0
GET H2	200	RBCDisplay-Regular.woff www.rbcroyalbank.com/dvl/v1.0/assets/fonts/	39 KB 41 KB	356ms 259ms	Font application/octet-stream	23.37.40.17 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.rbcroyalbank.com/dvl/v1.0/assets/fonts/RBCDisplay-Regular.woff Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/static/css/main.6245805f.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.37.40.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-40-17.deploy.static.akamaitechnologies.com Software / Resource Hash 8daf5b7fdb4cc33a16cc65a1faba63f852c676b175fde9660a176cd1c6934c19 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Origin https://doc-2g3h.firebaseapp.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 11:49:41 GMT content-encoding gzip last-modified Mon, 19 Jun 2023 14:48:46 GMT etag "5fe7ca1b5cf80" x-edgeconnect-cache-status 1 vary Accept-Encoding access-control-allow-methods GET content-type text/plain access-control-allow-origin * cache-control max-age=0 access-control-allow-credentials true accept-ranges bytes content-length 41239 expires Mon, 19 Jun 2023 15:12:14 GMT
GET H2	200	/ Show response api.ipify.org/	23 B 156 B	237ms 178ms	Fetch application/json	172.67.74.152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: doc-2g3h.firebaseapp.com URL: https://doc-2g3h.firebaseapp.com/static/js/main.8bdfa207.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83b63b4f02357648d4d3cb09548ee9c277df537d4bf4f833ef7114be007b4aff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 11:49:41 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 885362b72e7c2c5d-FRA content-length 23
GET H3	200	aa.ico doc-2g3h.firebaseapp.com/	68 KB 66 KB	92ms 92ms	Other image/x-icon	199.36.158.100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://doc-2g3h.firebaseapp.com/aa.ico Protocol H3 Security QUIC, , AES_256_GCM Server 199.36.158.100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 46ba5519f97e255d38e215f8daf8b8c2b61761fd0704b2bfd563bab6828095bc Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://doc-2g3h.firebaseapp.com/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-served-by cache-fra-eddf8230117-FRA strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip date Fri, 17 May 2024 11:49:44 GMT last-modified Wed, 28 Apr 2021 03:30:56 GMT x-timer S1715946584.229614,VS0,VE72 etag "924bfc8606607dac0fe02b5431232c3fc8c103982cdcaaa1caac5bb62cdea096" vary x-fh-requested-host, accept-encoding x-cache MISS content-type image/x-icon cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 67217 x-cache-hits 0

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: RBC (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| firebase object| webpackJsonptaz object| regeneratorRuntime

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://doc-2g3h.firebaseapp.com/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
doc-2g3h.firebaseapp.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.rbcroyalbank.com
www1.royalbank.com
104.18.11.207
172.67.74.152
199.36.158.100
23.37.40.109
23.37.40.17
2620:0:890::100
2a00:1450:4001:810::200a
2a00:1450:4001:81d::2003
159ea968ba28e58a05d766547b4c49501f707a118ce5278503d419412206456a
3d3eb27e71bc6b63aff8734ef26da3bdd1bb91a95d0dfeba7c36f02bf36470d4
3ed9f2af4bb50530a18d0617cda53feecb4f0039301733777ab900154e2f24d4
46ba5519f97e255d38e215f8daf8b8c2b61761fd0704b2bfd563bab6828095bc
6b5aeae5741d1d91d661371bee9d628c6a7f097c4a992558e66aeb4c8aa32834
83b63b4f02357648d4d3cb09548ee9c277df537d4bf4f833ef7114be007b4aff
89ae1743656b75948be30cc4909efd3c61771b7bd9f6d53eb14cd9731d486b57
8daf5b7fdb4cc33a16cc65a1faba63f852c676b175fde9660a176cd1c6934c19
96b1108b1d9a23174052f3417f90560e8003483a8be17c6dad05924151eba199
99749e070e21359e3d5e5f87fa56dbfa49a85d574fb8f2b21d49fe1e267b8f2c
b1b70f805fd03b1c871dc76321d30f6f5bdb93edfc63f990d491f1a25ed64d77
b3bfee4acb0e3195eb9d51099f412b811d7c8c71407b8f510363a33ad21fe724
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
bdecc5a4ad9e9d6477d4c62bf3b5a9dcfd87c948fa6d4598bd983e22d5f8270a
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d3b36634bb7d3f169783a0dd06a852a3a6e7827e087e3389b1f30dd8a1e671f4
dab01a28b920c333bf48bb40ebb0b1c052dedee3e145b7d2f8e48b4449e89f3a
e25b66ce45fb0ecc12184b476343d53b015357b56c6ba8787eed969748b40015
e4ea0f8b1b148d8d8552260289cbf2d41692bd8ed4422861ff0bcf03e5b79928
f11c73cb61e90c73e1c59aedb39cb2ac5d035d366a861a8dfacf7578bd19d03a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef