doc-2g3h.firebaseapp.com
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Submission: On May 17 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on March 21st 2024. Valid for: 3 months.
This is the only time doc-2g3h.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: RBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
4 | 23.37.40.17 23.37.40.17 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 23.37.40.109 23.37.40.109 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 2a00:1450:400... 2a00:1450:4001:81d::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.67.74.152 172.67.74.152 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 8 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-40-17.deploy.static.akamaitechnologies.com
www.rbcroyalbank.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-40-109.deploy.static.akamaitechnologies.com
www1.royalbank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
firebaseapp.com
doc-2g3h.firebaseapp.com |
252 KB |
4 |
rbcroyalbank.com
www.rbcroyalbank.com — Cisco Umbrella Rank: 72231 |
47 KB |
2 |
gstatic.com
fonts.gstatic.com |
39 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33 |
2 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2924 |
156 B |
1 |
royalbank.com
www1.royalbank.com — Cisco Umbrella Rank: 100634 |
2 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1103 |
7 KB |
21 | 7 |
Domain | Requested by | |
---|---|---|
10 | doc-2g3h.firebaseapp.com |
doc-2g3h.firebaseapp.com
|
4 | www.rbcroyalbank.com |
doc-2g3h.firebaseapp.com
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
doc-2g3h.firebaseapp.com
|
1 | api.ipify.org |
doc-2g3h.firebaseapp.com
|
1 | www1.royalbank.com |
doc-2g3h.firebaseapp.com
|
1 | maxcdn.bootstrapcdn.com |
doc-2g3h.firebaseapp.com
|
21 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2024-03-21 - 2024-06-19 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-03-27 - 2024-06-25 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
rbcroyalbank.com Entrust Certification Authority - L1K |
2023-11-15 - 2024-11-16 |
a year | crt.sh |
www1.royalbank.com Entrust Certification Authority - L1K |
2024-01-09 - 2025-01-10 |
a year | crt.sh |
*.gstatic.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
ipify.org GTS CA 1P5 |
2024-03-21 - 2024-06-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://doc-2g3h.firebaseapp.com/login
Frame ID: 74BDBABA01E2F2016124E14AD6B424C3
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
RBC Royal Bank - Sign InDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
doc-2g3h.firebaseapp.com/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ |
28 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6245805f.chunk.css
doc-2g3h.firebaseapp.com/static/css/ |
67 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-app.js
doc-2g3h.firebaseapp.com/__/firebase/8.3.3/ |
21 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-analytics.js
doc-2g3h.firebaseapp.com/__/firebase/8.3.3/ |
35 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
init.js
doc-2g3h.firebaseapp.com/__/firebase/ |
408 B 448 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.e12e805d.chunk.js
doc-2g3h.firebaseapp.com/static/js/ |
266 KB 70 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.8bdfa207.chunk.js
doc-2g3h.firebaseapp.com/static/js/ |
38 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
7 KB 880 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 1019 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rbc-logo-shield.svg
doc-2g3h.firebaseapp.com/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rbc-logo-shield-blue.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/logos/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui-close-blue.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ |
283 B 526 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
informational-32.svg
www1.royalbank.com/uos/3m/images/icons/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui-menu-white.svg
www.rbcroyalbank.com/dvl/v1.0/assets/images/ui/ |
521 B 763 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v17/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.ada6e6df.woff2
doc-2g3h.firebaseapp.com/static/media/ |
76 KB 77 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RBCDisplay-Regular.woff
www.rbcroyalbank.com/dvl/v1.0/assets/fonts/ |
39 KB 41 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
23 B 156 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aa.ico
doc-2g3h.firebaseapp.com/ |
68 KB 66 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: RBC (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| firebase object| webpackJsonptaz object| regeneratorRuntime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
doc-2g3h.firebaseapp.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.rbcroyalbank.com
www1.royalbank.com
104.18.11.207
172.67.74.152
199.36.158.100
23.37.40.109
23.37.40.17
2620:0:890::100
2a00:1450:4001:810::200a
2a00:1450:4001:81d::2003
159ea968ba28e58a05d766547b4c49501f707a118ce5278503d419412206456a
3d3eb27e71bc6b63aff8734ef26da3bdd1bb91a95d0dfeba7c36f02bf36470d4
3ed9f2af4bb50530a18d0617cda53feecb4f0039301733777ab900154e2f24d4
46ba5519f97e255d38e215f8daf8b8c2b61761fd0704b2bfd563bab6828095bc
6b5aeae5741d1d91d661371bee9d628c6a7f097c4a992558e66aeb4c8aa32834
83b63b4f02357648d4d3cb09548ee9c277df537d4bf4f833ef7114be007b4aff
89ae1743656b75948be30cc4909efd3c61771b7bd9f6d53eb14cd9731d486b57
8daf5b7fdb4cc33a16cc65a1faba63f852c676b175fde9660a176cd1c6934c19
96b1108b1d9a23174052f3417f90560e8003483a8be17c6dad05924151eba199
99749e070e21359e3d5e5f87fa56dbfa49a85d574fb8f2b21d49fe1e267b8f2c
b1b70f805fd03b1c871dc76321d30f6f5bdb93edfc63f990d491f1a25ed64d77
b3bfee4acb0e3195eb9d51099f412b811d7c8c71407b8f510363a33ad21fe724
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
bdecc5a4ad9e9d6477d4c62bf3b5a9dcfd87c948fa6d4598bd983e22d5f8270a
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d3b36634bb7d3f169783a0dd06a852a3a6e7827e087e3389b1f30dd8a1e671f4
dab01a28b920c333bf48bb40ebb0b1c052dedee3e145b7d2f8e48b4449e89f3a
e25b66ce45fb0ecc12184b476343d53b015357b56c6ba8787eed969748b40015
e4ea0f8b1b148d8d8552260289cbf2d41692bd8ed4422861ff0bcf03e5b79928
f11c73cb61e90c73e1c59aedb39cb2ac5d035d366a861a8dfacf7578bd19d03a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef