bgitopazdowntown.ddireal.vn
Open in
urlscan Pro
116.118.50.194
Malicious Activity!
Public Scan
URL:
http://bgitopazdowntown.ddireal.vn/wp-content/uploads/wp-file-manager-pro/fm_backup/rbc/email.php?cmd=login_submit&id=7b676d25c9231...
Submission: On February 10 via automatic, source openphish — Scanned from DE
Submission: On February 10 via automatic, source openphish — Scanned from DE
Summary
This website contacted 8 IPs
in 5 countries
across 6 domains to perform 63 HTTP transactions.
The main IP is 116.118.50.194, located in
Ho Chi Minh City, Viet Nam and
belongs to SPT-AS-VN Sai gon Postel Corporation, VN.
The main domain is bgitopazdowntown.ddireal.vn.
This is the only time bgitopazdowntown.ddireal.vn was scanned on urlscan.io!
This is the only time bgitopazdowntown.ddireal.vn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: RBC (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 | 116.118.50.194 116.118.50.194 | 7602 (SPT-AS-VN...) (SPT-AS-VN Sai gon Postel Corporation) | |
| 21 | 104.96.137.202 104.96.137.202 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 16 | 91.235.133.77 91.235.133.77 | 30286 (THM) (THM) | |
| 2 | 2a00:1450:400... 2a00:1450:400d:80e::2008 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 3.99.100.137 3.99.100.137 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 91.235.132.130 91.235.132.130 | 30286 (THM) (THM) | |
| 1 | 91.235.134.131 91.235.134.131 | 30286 (THM) (THM) | |
| 63 | 8 |
3
116.118.50.194
(Ho Chi Minh City, Viet Nam)
ASN7602 (SPT-AS-VN Sai gon Postel Corporation, VN)
ASN7602 (SPT-AS-VN Sai gon Postel Corporation, VN)
| bgitopazdowntown.ddireal.vn |
21
104.96.137.202
(Vienna, Austria)
ASN16625 (AKAMAI-AS, US)
PTR: a104-96-137-202.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-96-137-202.deploy.static.akamaitechnologies.com
| www1.royalbank.com |
1
3.99.100.137
(Montreal, Canada)
ASN16509 (AMAZON-02, US)
PTR: ec2-3-99-100-137.ca-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-3-99-100-137.ca-central-1.compute.amazonaws.com
| collect.rbcroyalbank.com |
1
91.235.134.131
(United States)
ASN30286 (THM, US)
ASN30286 (THM, US)
| 4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
royalbank.com
www1.royalbank.com — Cisco Umbrella Rank: 102503 |
328 KB |
| 16 |
rbc.com
d3tracking.rbc.com — Cisco Umbrella Rank: 126517 |
185 KB |
| 3 |
ddireal.vn
bgitopazdowntown.ddireal.vn |
30 KB |
| 2 |
online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3113 4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net |
16 KB |
| 2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 41 |
144 KB |
| 1 |
rbcroyalbank.com
collect.rbcroyalbank.com — Cisco Umbrella Rank: 218319 |
2 KB |
| 63 | 6 |
| Domain | Requested by | |
|---|---|---|
| 21 | www1.royalbank.com |
bgitopazdowntown.ddireal.vn
www1.royalbank.com |
| 16 | d3tracking.rbc.com |
bgitopazdowntown.ddireal.vn
d3tracking.rbc.com |
| 3 | bgitopazdowntown.ddireal.vn |
www1.royalbank.com
|
| 2 | www.googletagmanager.com |
bgitopazdowntown.ddireal.vn
www.googletagmanager.com |
| 1 | 4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net | |
| 1 | h.online-metrix.net |
d3tracking.rbc.com
|
| 1 | collect.rbcroyalbank.com |
bgitopazdowntown.ddireal.vn
|
| 63 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www1.royalbank.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-03-15 - 2023-03-15 |
a year | crt.sh |
| d3tracking.rbc.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-03-16 - 2023-03-16 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2023-01-31 - 2023-04-25 |
3 months | crt.sh |
| h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2023-01-09 - 2024-01-23 |
a year | crt.sh |
| *.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2022-06-08 - 2023-07-10 |
a year | crt.sh |
This page contains 6 frames:
Primary Page:
http://bgitopazdowntown.ddireal.vn/wp-content/uploads/wp-file-manager-pro/fm_backup/rbc/email.php?cmd=login_submit&id=7b676d25c9231d78e48f8365f00e40f97b676d25c9231d78e48f8365f00e40f9&session=7b676d25c9231d78e48f8365f00e40f97b676d25c9231d78e48f8365f00e40f9
Frame ID: CFD0C78C3EB4B56F7E829E6435B46C37
Requests: 29 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/check.js;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c&jb=3d3b26266a7367753d556b6c646d75732e68716d3d57696e646f75712d32383938246a736275354368706d6f652468736a3f416a726f6d65253232333930
Frame ID: 05FA21CA841EB142B1BCF8BBF9AE9054
Requests: 27 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/HP?session_id=86d01a8ae3c606708bb74e05dac29589&org_id=4rvrfbxt&nonce=abeaaa665bb8b90c&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: CC38CB6484EFAD877E9DF0DE413EDDDA
Requests: 3 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/ls_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c
Frame ID: 0CC7C4769D22AB56059533F100CBD60E
Requests: 2 HTTP requests in this frame
Frame:
https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c
Frame ID: 29ED1CC6A58A63D898A3DD7344FD0763
Requests: 1 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/top_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c
Frame ID: 1300B5AE53809D68F5581FC90F5CC2EC
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Verify Your IdentityDetected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
63 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
email.php
bgitopazdowntown.ddireal.vn/wp-content/uploads/wp-file-manager-pro/fm_backup/rbc/ |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ruxitagentjs_ICA2Vfghjqru_10243220606153550.js
www1.royalbank.com/ |
218 KB 219 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pwrs-bundle.css
www1.royalbank.com/uos/common/css/ |
84 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rbc-icons.css
www1.royalbank.com/uos/3m/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
master.css
www1.royalbank.com/uos/3m/css/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pwrs-gwen-enhancement.css
www1.royalbank.com/uos/3m/GWEN/ |
1 KB 797 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
www1.royalbank.com/uos/external/jquery/2.1.4/ |
82 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
utilities.js
www1.royalbank.com/uos/common/javascript/ |
26 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
browser.js
www1.royalbank.com/uos/common/javascript/ |
1 KB 860 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
event.js
www1.royalbank.com/uos/common/javascript/ie/ |
1 KB 664 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
event.js
www1.royalbank.com/uos/common/javascript/ |
10 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
kiosk.js
www1.royalbank.com/uos/common/javascript/ |
9 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
buttons.js
www1.royalbank.com/uos/common/javascript/ |
809 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cookie.js
www1.royalbank.com/uos/common/javascript/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
qrcode.js
www1.royalbank.com/uos/3m/GWEN/QR_Code_Generator/ |
55 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dates.js
www1.royalbank.com/uos/common/javascript/ |
436 B 740 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
header_dates.js
www1.royalbank.com/uos/common/javascript/ |
604 B 907 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tags.js
d3tracking.rbc.com/fp/ |
93 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rbc_royalbank_en-new.gif
www1.royalbank.com/uos/common/images/logos/web/ |
28 KB 28 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
info-box.js
www1.royalbank.com/uos/common/javascript/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
accessibility.js
www1.royalbank.com/uos/common/javascript/ |
739 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
255 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
event.js
bgitopazdowntown.ddireal.vn/uos/common/javascript/dom/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
366 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
external-link-small-blue.svg
www1.royalbank.com/uos/3m/images/icons/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Roboto-Medium.ttf
www1.royalbank.com/uos/common/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
check.js;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 05FA |
580 KB 107 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
collect.js
collect.rbcroyalbank.com/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HP
d3tracking.rbc.com/fp/ Frame CC38 |
19 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
81 B 542 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ls_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 0CC7 |
91 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sid_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189
h.online-metrix.net/fp/ Frame 29ED |
104 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
top_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 1300 |
90 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net/fp/ Frame 05FA |
81 B 438 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
d6c51342-e21a-45bb-9715-307963fc34a5
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
0 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
06fd1776-a266-4933-bbce-e32bf5ba8272
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
5fc9e6fc-398e-47bb-a941-db85daa78a61
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
5ad7570c-ca7a-440e-800d-048709ff4e60
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
95b4275d-6d46-468a-ad61-6aefa2856192
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
4ce9bc76-f73b-4a38-b966-b491ea6295b5
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
d6610718-2080-40f2-a3b3-ee3598ab3e8a
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
2ead4576-3a05-4863-a3f1-9047b05902a8
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
e4b96326-04d4-4317-9ca9-4bb47ff66bdb
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
4ded2538-1351-46de-80b2-99fec214b88a
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
bfb118d8-2309-450d-a151-fa967c6a36af
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
11766bbb-f997-4530-aa5f-3230d5d953ff
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
06ad01e3-7bd1-406d-9662-5f1df578414b
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
2e0be7d1-40d1-4fb8-b24d-dabb12de30b6
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
23df3900-2b41-4367-a6e9-69e707434af9
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
644a0a62-0b29-4046-b3ae-34c1a77f7c17
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
99f317b6-50c2-40cc-9978-83cc3e7d60a1
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
1 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
check.js
d3tracking.rbc.com/fp/ Frame CC38 |
209 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 0CC7 |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ARF;CIS3SID=F2629C1CCF221F4BE5B655CC9644308D
d3tracking.rbc.com/fp/ Frame CC38 |
35 B 557 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear3.png;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 05FA |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
external-link-small-blue.svg
www1.royalbank.com/uos/3m/images/icons/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
rb_74bb5e07-f3ce-4cb3-b0e2-a67e7cad409f
bgitopazdowntown.ddireal.vn/ |
146 KB 26 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear3.png;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 05FA |
0 219 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www1.royalbank.com
- URL
- https://www1.royalbank.com/uos/common/fonts/Roboto-Medium.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: RBC (Banking)283 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless object| oncontentvisibilityautostatechange object| dataLayer object| dT_ object| dtrum function| $ function| popup function| popupHelp function| popupFlash function| popupPrint function| popupThirdparty function| popupNewbrowser function| popupNonhtml function| stripe function| getElementsByClass function| toggleIcon function| toggleIconFrench function| toggleHelpInline function| toggleHelpInlineFrench function| xstooltip_findPosX function| xstooltip_findPosY function| toggleHelpAbsolute function| toggleHelpAbsoluteForStopPayments function| toggleHelpAbsoluteForStopPaymentsFrench function| toggleHelpAbsoluteFrench function| hidejshideObject function| hidejsaccessiblehideObject function| ddtabcontent function| addLoadEvent function| niceSelect boolean| browser_DOM boolean| browser_NS4 boolean| browser_IE boolean| browser_IE4 boolean| browser_MAC boolean| browser_IE4M string| browser_Path string| browser_BaseDir string| browser_PathDOM string| browser_PathNS4 string| browser_PathIE string| browser_PathIE4 string| browser_PathMAC string| browser_PathIE4M string| browser_PathALL object| browser_JSArray function| browser_IncludeJS function| browser_AddJS function| browser_ExistJS function| event_fix function| event_addOnLoad function| event_remOnLoad function| event_delOnLoad function| event_onLoad function| event_addOnUnload function| event_remOnUnload function| event_delOnUnload function| event_onUnload function| event_addOnFocusForm function| event_remOnFocusForm function| event_delOnFocusForm function| event_onFocusForm function| event_addOnBlurForm function| event_remOnBlurForm function| event_delOnBlurForm function| event_onBlurForm function| event_addOnFocus function| event_remOnFocus function| event_delOnFocus function| event_onFocus function| event_addOnBlur function| event_remOnBlur function| event_delOnBlur function| event_onBlur function| event_addMouseDown function| event_remMouseDown function| event_delMouseDown function| event_mouseDown function| event_addMouseUp function| event_remMouseUp function| event_delMouseUp function| event_mouseUp function| event_addMouseMove function| event_remMouseMove function| event_delMouseMove function| event_mouseMove function| event_addDblClick function| event_remDblClick function| event_delDblClick function| event_dblClick function| event_addKeyPress function| event_remKeyPress function| event_delKeyPress function| event_keyPress function| event_addKeyUp function| event_remKeyUp function| event_delKeyUp function| event_keyUp function| event_addKeyDown function| event_remKeyDown function| event_delKeyDown function| event_keyDown function| event_addValidation function| event_remValidation function| event_delValidation function| event_doEventValidation function| event_doValidation function| event_event function| event_setCurrentField function| event_setCurrentForm function| event_PostValue function| event_addArray function| event_remArray function| event_existArray function| event_mouseOver function| event_ActivateEvents object| event_OnLoadArray object| event_OnUnloadArray object| event_OnFocusFormArray object| event_OnBlurFormArray object| event_OnFocusArray object| event_OnBlurArray object| event_MouseDownArray object| event_MouseUpArray object| event_MouseOverArray object| event_MouseMoveArray object| event_DblClickArray object| event_KeyPressArray object| event_KeyUpArray object| event_KeyDownArray object| event_ValidationArray object| event_CurrentField object| event_CurrentForm string| event_CurrentFieldValue object| event_MESelect number| event_BaseKey number| event_AltKey number| event_CtrlKey number| event_ShiftKey boolean| event_ListenersDone object| google_tag_manager number| kiosk_Type1X number| kiosk_Type1Y number| kiosk_Type1W number| kiosk_Type1H string| kiosk_Type1R string| kiosk_Type1C number| kiosk_Type2X number| kiosk_Type2Y number| kiosk_Type2W number| kiosk_Type2H string| kiosk_Type2R string| kiosk_Type2C number| kiosk_Type3X number| kiosk_Type3Y number| kiosk_Type3W number| kiosk_Type3H string| kiosk_Type3R string| kiosk_Type3C number| kiosk_Type4X number| kiosk_Type4Y number| kiosk_Type4W number| kiosk_Type4H string| kiosk_Type4R string| kiosk_Type4C number| kiosk_Type5X number| kiosk_Type5Y number| kiosk_Type5W number| kiosk_Type5H string| kiosk_Type5R string| kiosk_Type5C number| kiosk_Type6X number| kiosk_Type6Y number| kiosk_Type6W number| kiosk_Type6H string| kiosk_Type6R string| kiosk_Type6C number| kiosk_Type7X number| kiosk_Type7Y number| kiosk_Type7W number| kiosk_Type7H string| kiosk_Type7R string| kiosk_Type7C number| kiosk_Type8X number| kiosk_Type8Y number| kiosk_Type8W number| kiosk_Type8H string| kiosk_Type8R string| kiosk_Type8C number| kiosk_Type9X number| kiosk_Type9Y number| kiosk_Type9W number| kiosk_Type9H string| kiosk_Type9R string| kiosk_Type9C number| kiosk_Type10X number| kiosk_Type10Y number| kiosk_Type10W number| kiosk_Type10H string| kiosk_Type10R string| kiosk_Type10C number| kiosk_Type11X number| kiosk_Type11Y number| kiosk_Type11W number| kiosk_Type11H string| kiosk_Type11R string| kiosk_Type11C string| kiosk_Type12C string| kiosk_Type13R number| kiosk_Type14X number| kiosk_Type14Y string| kiosk_Type14R function| kiosk_SetPropsRTS function| kiosk_SetPropsRTB function| kiosk_SetPropsVCTS function| kiosk_SetPropsVCTB function| kiosk_SetPropsCTS function| kiosk_SetPropsCTB function| kiosk_Open function| kiosk_Close function| kiosk_Win function| kiosk_OpenWinRTS function| kiosk_OpenWinRTB function| kiosk_OpenWinVCTS function| kiosk_OpenWinVCTB function| kiosk_OpenWinCTS function| kiosk_OpenWinCTB function| kiosk_AreYouSure function| buttons_ButtonPreload function| buttons_ButtonPreload_release function| buttons_ButtonPreload_press function| buttons_ButtonPreload_oneClick function| buttons_RadioButtonSubmit function| rbcSetCookie function| rbcDeleteCookie function| rbcGetCookie function| EdsShouldntGetSameSiteNoneFull function| shouldntGetSameSiteNoneFull function| shouldntGetSameSiteNone function| isOlderUcBrowser function| qrcode function| shellExpired function| dates_currentDate function| checkOnFocusForm boolean| oneclickbtn_isClicked object| td_5I boolean| tmx_profiling_started function| tmx_post_session_params_fixed function| td_t function| td_g function| td_j function| td_T function| td_3M function| td_3t function| td_b function| td_Y function| td_h function| td_M function| td_2H function| td_0a function| td_2p function| td_1y function| td_n function| td_Q function| td_4n function| td_k function| td_0p function| tmx_run_page_fingerprinting number| td_y number| td_W number| td_m number| td_G number| td_S object| td_3j number| j function| onYouTubeIframeAPIReady function| checkForPromoParameters object| _etmc object| _etmc_temp string| func_name object| args8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| bgitopazdowntown.ddireal.vn/ | Name: PHPSESSID Value: edihiuh1rnpdi8r4q81lju783v |
|
| .ddireal.vn/ | Name: dtCookie Value: v_4_srv_-2D43_sn_BMA91LR4V8576OO7NK2CTOSSGAKGAU9Q |
|
| .ddireal.vn/ | Name: rxVisitor Value: 1676034225097NV5B09ULO5GPC4TUK54OLAK1N09G4SCG |
|
| .ddireal.vn/ | Name: dtLatC Value: 128 |
|
| .ddireal.vn/ | Name: dtSa Value: - |
|
| d3tracking.rbc.com/ | Name: thx_guid Value: b214de80bed1d9be5bb8cce327e522e7 |
|
| .ddireal.vn/ | Name: rxvt Value: 1676036026337|1676034225099 |
|
| .ddireal.vn/ | Name: dtPC Value: -43$234225085_224h-vTVUMLKPKWFDRPNMAPFMHBJIHOBCVCCHE-0e0 |
19 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net
bgitopazdowntown.ddireal.vn
collect.rbcroyalbank.com
d3tracking.rbc.com
h.online-metrix.net
www.googletagmanager.com
www1.royalbank.com
www1.royalbank.com
104.96.137.202
116.118.50.194
2a00:1450:400d:80e::2008
3.99.100.137
91.235.132.130
91.235.133.77
91.235.134.131
07a47aaa3ebc6fe27153d5d779ccbc44fe9fffa17ad5f90eef9b1c7f43be0afc
0b995d2e3153808bdc594cfbc24c7c9c7933353c58bb981d934fc9c4e9677d4b
0c1942df06a8fac676bb61a543e9282a88320c6db60ac7f98fb161fba3757098
0de1fda4ccdc98c71815349366f366dc1a2dd70cc74ceca7ac8c640fa89e0eb0
10571cea5731cddfe7d9e3517b771d62f57465f400c5bc913a3afdf3110dcd44
15e749a52af9d2909b6c58d704295b905059b839d23fb7e0cfa9308265128098
18ae399f81182bc9de916e9c77b195df20cc58d6f2d55a62b085a299f1bf1780
19dd826b0f677cded327297dfe08296e4dd9ce4edb806cf1853eccd5f5403b7f
1a52728c6d5403460fad47e3ff939410380c53fe6b4f7708dd5cf60bfbd94c83
1f065db9676c54d7475dd43571754c4981982f44a75d2b52b52f76b853497622
3d64af0d98e927f41d69c942aaa65c7bf01bcee38383763cc56f2a45a40e2a1b
4470a53cee8eda6d005fe3100deda8e1987945d8b057c175f4142682e1c28edf
4485ce4b2db0b2a5f3606466055bfd8287db01f097f8b3ae20710b5c9411a61d
491ecb078dc81bb8a353f4f77c192e2b586603413618c48a78f29da94e8a3241
4aa8e3502591eeb1edba3ec7ea29a36ba9a07311caf46e68d4178b34ff5fe08f
4b49307ee683cc466f6cb2da1281bc9c81e53b4cba01f08a201ea064c71cddde
6d043f7c8dc205d7cf029d6af525f9ac457a68e23d4e4abe3bb558fbcdee7f2b
7330a1642275f7b86d1b0233846a1c7da4cb7e96bdc855e99c4963a13e68d0e3
8573659e2191285fd760e060f497bcb52a87936f8806251471dbefae13795ca0
86e7aa3655587ed216925fe7887ab3c8d9235235fa0aee1252a6e4970357da02
87b07cf11d9ccf3a7da1c3b4de452315653cde22cc83d6f9aee6cb7be8ec27fa
8d3f4ae7f18161c78bfdb9fbd3efdd9406fd7abeffbd9efdbc0d1746db18e0c0
954f11889044377bc8043db7e1d78defdc3ea669d23a874836e26cb37e0d1e75
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
982fd8fe5426541db5db3b6f3bb4d958a04e2be728ef48b919f0c2dfcb7e765d
9888c85de54e2c47777f282c6f8252122ca51140257fb99e71a8b353fb652679
98c78457205f4d18ac824dbc8c1d2576629d2a5264e8ebbf5a37494d663c3fea
a7dd427e6333524d4c92712847ec26f891d5b7df039672030e37c282f3b8798e
c598aaa7aef72daae3f7faca0adcc821116bbd5f3d315f180cfe645362f5dc13
c5d932452618f147f77bb125860b3bef790eb19a289ecc653597a4ff5b0eeb95
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fc974d9d224af0740613ac26496d7ca98d78b274d8cd5dbb8629a0f5df5037
f1b201fb5356d16b2859b2c59830d05b3a49a45ca2cc81324d01492ed728608d
f23abda8d6d0360ad458ff366415c89425f77204114765ea4d0980ca2759781a
f4756a7869865e55d18877b96192ccf53894557a01b7e0d1c02edaf6492c0ee5
fcee925b86c9dc20c55d6cfe449c5e275bfff1c8b26093049ecd91f7387a6be1