secure-royalcanada-service-ui.gphamptons.co.uk

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 2a02:2350:5:107:3e:ce8e:c0fa:97b2, located in Copenhagen, Denmark and belongs to ONECOM, DK. The main domain is secure-royalcanada-service-ui.gphamptons.co.uk.
TLS certificate: Issued by R3 on December 25th 2023. Valid for: 3 months.

This is the only time secure-royalcanada-service-ui.gphamptons.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: RBC (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2 3	2a02:2350:5:1... 2a02:2350:5:107:3e:ce8e:c0fa:97b2	51468 (ONECOM) (ONECOM)
2	3

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2350:5:107:3e:ce8e:c0fa:97b2 (Copenhagen, Denmark) 2 redirects

ASN51468 (ONECOM, DK)

secure-royalcanada-service-ui.gphamptons.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	gphamptons.co.uk 2 redirects secure-royalcanada-service-ui.gphamptons.co.uk	288 KB
1	t.co t.co — Cisco Umbrella Rank: 656	695 B
2	2

	Domain	Requested by
3	secure-royalcanada-service-ui.gphamptons.co.uk	2 redirects t.co
1	t.co
2	2

This site contains links to these domains. Also see Links.

Domain
www1.royalbank.com
www1.rbcbank.com
caribbean.rbcroyalbank.com
www6.rbc.com
www.rbcglobaltrade.rbc.com
www.rbc.com

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-02`	a year	crt.sh
*.gphamptons.co.uk R3	`2023-12-25` - `2024-03-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure-royalcanada-service-ui.gphamptons.co.uk/files/a7qJP8rSFSEIb0a0GzpI/web/
Frame ID: 0CF49FC574039F431C90260A8AA40552
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RBC Banque Royale - Ouvrir une session sécuriséeRBC Garantie de sécurité des Services bancaires numériques RBCThe svg icon help The svg icon help-s

Page URL History Show full URLs

https://t.co/zMaDs9VqE3 Page URL
https://secure-royalcanada-service-ui.gphamptons.co.uk/?id=123849705 HTTP 302
https://secure-royalcanada-service-ui.gphamptons.co.uk/themes.php?id=123849705 HTTP 302
https://secure-royalcanada-service-ui.gphamptons.co.uk/files/a7qJP8rSFSEIb0a0GzpI/web/ Page URL

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

288 kB
Transfer

781 kB
Size

3
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www1.royalbank.com/french/netaction/sgnf.html
Title: RBC Placements en direct

Search URL Search Domain Scan URL

URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&IDP=IVC&LANGUAGE=FRENCH&SYSTEM=DSIC
Title: Dominion valeurs mobilières en ligne

Search URL Search Domain Scan URL

URL: https://www1.royalbank.com/french/invest-ease/sgnf.html
Title: RBC Investi-Clic

Search URL Search Domain Scan URL

URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?CHOICE=Personal&F21=IB&F22=IB&F6=1&F7=IB&GOTO=RewardsRefresh&LANGUAGE=FRENCH&REQUEST=ErnexLink
Title: Avion Récompenses

Search URL Search Domain Scan URL

URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&IDP=IVC&LANGUAGE=FRENCH&SYSTEM=PHN
Title: PH&N Services-conseils en placements

Search URL Search Domain Scan URL

URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&IDP=IVC&LANGUAGE=FRENCH&SYSTEM=ETS
Title: RBC Trust Royal

Search URL Search Domain Scan URL

URL: https://www1.rbcbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=NS&F21=IB&F22=CN&REQUEST=CenturaClientSignin&LANGUAGE=ENGLISH
Title: RBC Bank USA (en anglais seulement)

Search URL Search Domain Scan URL

URL: https://caribbean.rbcroyalbank.com/#/login
Title: RBC Caribbean (en anglais seulement)

Search URL Search Domain Scan URL

URL: https://www6.rbc.com/webapp/ukv0/signin/logon.xhtml?lang=fr
Title: RBC Express

Search URL Search Domain Scan URL

URL: https://www.rbcglobaltrade.rbc.com/portal/PasswordLogon.jsp?organization=rbc&branding=rbc&locale=fr_CA
Title: RBC Commerce International

Search URL Search Domain Scan URL

URL: https://www.rbc.com/francais/canada.html
Title: Autres services

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/zMaDs9VqE3 Page URL
https://secure-royalcanada-service-ui.gphamptons.co.uk/?id=123849705 HTTP 302
https://secure-royalcanada-service-ui.gphamptons.co.uk/themes.php?id=123849705 HTTP 302
https://secure-royalcanada-service-ui.gphamptons.co.uk/files/a7qJP8rSFSEIb0a0GzpI/web/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 zMaDs9VqE3
t.co/ 359 B
695 B 914ms
534ms Document
text/html 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/zMaDs9VqE3

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 215
content-type: text/html; charset=utf-8
date: Mon, 29 Jan 2024 14:16:48 GMT
expires: Mon, 29 Jan 2024 14:21:48 GMT
perf: 7469935968
server: tsa_b
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: b786f3a02834ae9d1069e89affe7b3c01aa61e272611f8fb9f6c4118541e9105
x-response-time: 15
x-transaction-id: 2c4909e38707039d
x-xss-protection: 0

GET
H2

200

Primary Request / Show response
secure-royalcanada-service-ui.gphamptons.co.uk/files/a7qJP8rSFSEIb0a0GzpI/web/
Redirect Chain

https://secure-royalcanada-service-ui.gphamptons.co.uk/?id=123849705
https://secure-royalcanada-service-ui.gphamptons.co.uk/themes.php?id=123849705
https://secure-royalcanada-service-ui.gphamptons.co.uk/files/a7qJP8rSFSEIb0a0GzpI/web/

509 KB
288 KB

216ms
215ms

Document
text/html

2a02:2350:5:107:3e:ce8e:c0fa:97b2
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-royalcanada-service-ui.gphamptons.co.uk/files/a7qJP8rSFSEIb0a0GzpI/web/
Requested by: Host: t.co
URL: https://t.co/zMaDs9VqE3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:2350:5:107:3e:ce8e:c0fa:97b2 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
Software: Apache / PHP/8.2.15
Resource Hash: 256ddd0c05e9e26da819fc7b4b40dd954356f04b1c69b859b8f4080a47883f7e

Request headers

Referer: https://t.co/zMaDs9VqE3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 29 Jan 2024 14:16:54 GMT
server: Apache
vary: Accept-Encoding
via: 1.1 webcache1 (Varnish/trunk)
x-powered-by: PHP/8.2.15
x-varnish: 10730184516

Redirect headers

age: 0
cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 29 Jan 2024 14:16:54 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: files/a7qJP8rSFSEIb0a0GzpI/web/
pragma: no-cache
server: Apache
via: 1.1 webcache1 (Varnish/trunk)
x-powered-by: PHP/8.2.15
x-varnish: 10730184515

GET
DATA 200
OK truncated
/ 561 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a099741603bab19985341e786a58b230d380e046a4b64cffd889944fd0454a8

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 270 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1173f7c561d5791127c2dd03e4228effb2fc2726e1cd73832cb09fbf3db3d3f2

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 355 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6fd9ddd2c6c9fd1e15d5919547441753cd6b9076e16f77d17b861b78c168832

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 760 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f107564e5e4a31791588c91d2fe6a54dbeeec7a8998bde2d131c2a52b9b823a7

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: RBC (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 03:38:17	Name: muc Value: 4fecd10e-23bd-4b2b-8ded-2854051ee609
.t.co/	1970-01-21 03:38:17	Name: muc_ads Value: 4fecd10e-23bd-4b2b-8ded-2854051ee609
secure-royalcanada-service-ui.gphamptons.co.uk/	1969-12-31 23:59:59	Name: PHPSESSID Value: 199bfefd770ab8082a40418c7ce213c5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure-royalcanada-service-ui.gphamptons.co.uk
t.co
104.244.42.5
2a02:2350:5:107:3e:ce8e:c0fa:97b2
1173f7c561d5791127c2dd03e4228effb2fc2726e1cd73832cb09fbf3db3d3f2
256ddd0c05e9e26da819fc7b4b40dd954356f04b1c69b859b8f4080a47883f7e
4a099741603bab19985341e786a58b230d380e046a4b64cffd889944fd0454a8
b6fd9ddd2c6c9fd1e15d5919547441753cd6b9076e16f77d17b861b78c168832
f107564e5e4a31791588c91d2fe6a54dbeeec7a8998bde2d131c2a52b9b823a7

secure-royalcanada-service-ui.gphamptons.co.uk Open in urlscan Pro 2a02:2350:5:107:3e:ce8e:c0fa:97b2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

288 kBTransfer

781 kBSize

3 Cookies

11 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

secure-royalcanada-service-ui.gphamptons.co.uk Open in urlscan Pro
2a02:2350:5:107:3e:ce8e:c0fa:97b2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

288 kB
Transfer

781 kB
Size

3
Cookies

2 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!