![](/screenshots/5d2586a4-6050-407c-8c59-41e6807b7bed.png)
bgitopazdowntown.ddireal.vn
Open in
urlscan Pro
116.118.50.194
Malicious Activity!
Public Scan
Submission: On February 10 via automatic, source openphish — Scanned from DE
Summary
This is the only time bgitopazdowntown.ddireal.vn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: RBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 116.118.50.194 116.118.50.194 | 7602 (SPT-AS-VN...) (SPT-AS-VN Sai gon Postel Corporation) | |
21 | 104.96.137.202 104.96.137.202 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
16 | 91.235.133.77 91.235.133.77 | 30286 (THM) (THM) | |
2 | 2a00:1450:400... 2a00:1450:400d:80e::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 3.99.100.137 3.99.100.137 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 91.235.132.130 91.235.132.130 | 30286 (THM) (THM) | |
1 | 91.235.134.131 91.235.134.131 | 30286 (THM) (THM) | |
63 | 8 |
ASN7602 (SPT-AS-VN Sai gon Postel Corporation, VN)
bgitopazdowntown.ddireal.vn |
ASN16625 (AKAMAI-AS, US)
PTR: a104-96-137-202.deploy.static.akamaitechnologies.com
www1.royalbank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-99-100-137.ca-central-1.compute.amazonaws.com
collect.rbcroyalbank.com |
ASN30286 (THM, US)
4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
royalbank.com
www1.royalbank.com — Cisco Umbrella Rank: 102503 |
328 KB |
16 |
rbc.com
d3tracking.rbc.com — Cisco Umbrella Rank: 126517 |
185 KB |
3 |
ddireal.vn
bgitopazdowntown.ddireal.vn |
30 KB |
2 |
online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3113 4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net |
16 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 41 |
144 KB |
1 |
rbcroyalbank.com
collect.rbcroyalbank.com — Cisco Umbrella Rank: 218319 |
2 KB |
63 | 6 |
Domain | Requested by | |
---|---|---|
21 | www1.royalbank.com |
bgitopazdowntown.ddireal.vn
www1.royalbank.com |
16 | d3tracking.rbc.com |
bgitopazdowntown.ddireal.vn
d3tracking.rbc.com |
3 | bgitopazdowntown.ddireal.vn |
www1.royalbank.com
|
2 | www.googletagmanager.com |
bgitopazdowntown.ddireal.vn
www.googletagmanager.com |
1 | 4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net | |
1 | h.online-metrix.net |
d3tracking.rbc.com
|
1 | collect.rbcroyalbank.com |
bgitopazdowntown.ddireal.vn
|
63 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www1.royalbank.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-03-15 - 2023-03-15 |
a year | crt.sh |
d3tracking.rbc.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-03-16 - 2023-03-16 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-01-31 - 2023-04-25 |
3 months | crt.sh |
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2023-01-09 - 2024-01-23 |
a year | crt.sh |
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2022-06-08 - 2023-07-10 |
a year | crt.sh |
This page contains 6 frames:
Primary Page:
http://bgitopazdowntown.ddireal.vn/wp-content/uploads/wp-file-manager-pro/fm_backup/rbc/email.php?cmd=login_submit&id=7b676d25c9231d78e48f8365f00e40f97b676d25c9231d78e48f8365f00e40f9&session=7b676d25c9231d78e48f8365f00e40f97b676d25c9231d78e48f8365f00e40f9
Frame ID: CFD0C78C3EB4B56F7E829E6435B46C37
Requests: 29 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/check.js;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c&jb=3d3b26266a7367753d556b6c646d75732e68716d3d57696e646f75712d32383938246a736275354368706d6f652468736a3f416a726f6d65253232333930
Frame ID: 05FA21CA841EB142B1BCF8BBF9AE9054
Requests: 27 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/HP?session_id=86d01a8ae3c606708bb74e05dac29589&org_id=4rvrfbxt&nonce=abeaaa665bb8b90c&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: CC38CB6484EFAD877E9DF0DE413EDDDA
Requests: 3 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/ls_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c
Frame ID: 0CC7C4769D22AB56059533F100CBD60E
Requests: 2 HTTP requests in this frame
Frame:
https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c
Frame ID: 29ED1CC6A58A63D898A3DD7344FD0763
Requests: 1 HTTP requests in this frame
Frame:
https://d3tracking.rbc.com/fp/top_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189?org_id=4rvrfbxt&session_id=86d01a8ae3c606708bb74e05dac29589&nonce=abeaaa665bb8b90c
Frame ID: 1300B5AE53809D68F5581FC90F5CC2EC
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/5d2586a4-6050-407c-8c59-41e6807b7bed.png)
Page Title
Verify Your IdentityDetected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
63 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
email.php
bgitopazdowntown.ddireal.vn/wp-content/uploads/wp-file-manager-pro/fm_backup/rbc/ |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA2Vfghjqru_10243220606153550.js
www1.royalbank.com/ |
218 KB 219 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pwrs-bundle.css
www1.royalbank.com/uos/common/css/ |
84 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rbc-icons.css
www1.royalbank.com/uos/3m/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.css
www1.royalbank.com/uos/3m/css/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pwrs-gwen-enhancement.css
www1.royalbank.com/uos/3m/GWEN/ |
1 KB 797 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www1.royalbank.com/uos/external/jquery/2.1.4/ |
82 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utilities.js
www1.royalbank.com/uos/common/javascript/ |
26 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser.js
www1.royalbank.com/uos/common/javascript/ |
1 KB 860 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event.js
www1.royalbank.com/uos/common/javascript/ie/ |
1 KB 664 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event.js
www1.royalbank.com/uos/common/javascript/ |
10 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kiosk.js
www1.royalbank.com/uos/common/javascript/ |
9 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttons.js
www1.royalbank.com/uos/common/javascript/ |
809 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie.js
www1.royalbank.com/uos/common/javascript/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qrcode.js
www1.royalbank.com/uos/3m/GWEN/QR_Code_Generator/ |
55 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dates.js
www1.royalbank.com/uos/common/javascript/ |
436 B 740 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_dates.js
www1.royalbank.com/uos/common/javascript/ |
604 B 907 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tags.js
d3tracking.rbc.com/fp/ |
93 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rbc_royalbank_en-new.gif
www1.royalbank.com/uos/common/images/logos/web/ |
28 KB 28 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info-box.js
www1.royalbank.com/uos/common/javascript/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accessibility.js
www1.royalbank.com/uos/common/javascript/ |
739 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
255 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.js
bgitopazdowntown.ddireal.vn/uos/common/javascript/dom/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
366 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
external-link-small-blue.svg
www1.royalbank.com/uos/3m/images/icons/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Roboto-Medium.ttf
www1.royalbank.com/uos/common/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.js;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 05FA |
580 KB 107 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
collect.js
collect.rbcroyalbank.com/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HP
d3tracking.rbc.com/fp/ Frame CC38 |
19 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
81 B 542 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ls_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 0CC7 |
91 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sid_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189
h.online-metrix.net/fp/ Frame 29ED |
104 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top_fp.html;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 1300 |
90 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net/fp/ Frame 05FA |
81 B 438 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
d6c51342-e21a-45bb-9715-307963fc34a5
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
0 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
06fd1776-a266-4933-bbce-e32bf5ba8272
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
5fc9e6fc-398e-47bb-a941-db85daa78a61
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
5ad7570c-ca7a-440e-800d-048709ff4e60
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
95b4275d-6d46-468a-ad61-6aefa2856192
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
4ce9bc76-f73b-4a38-b966-b491ea6295b5
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
d6610718-2080-40f2-a3b3-ee3598ab3e8a
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
2ead4576-3a05-4863-a3f1-9047b05902a8
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
e4b96326-04d4-4317-9ca9-4bb47ff66bdb
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
4ded2538-1351-46de-80b2-99fec214b88a
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
bfb118d8-2309-450d-a151-fa967c6a36af
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
11766bbb-f997-4530-aa5f-3230d5d953ff
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
06ad01e3-7bd1-406d-9662-5f1df578414b
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
2e0be7d1-40d1-4fb8-b24d-dabb12de30b6
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
23df3900-2b41-4367-a6e9-69e707434af9
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
644a0a62-0b29-4046-b3ae-34c1a77f7c17
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
99f317b6-50c2-40cc-9978-83cc3e7d60a1
http://bgitopazdowntown.ddireal.vn/ Frame 05FA |
1 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.js
d3tracking.rbc.com/fp/ Frame CC38 |
209 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 0CC7 |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
d3tracking.rbc.com/fp/ Frame 05FA |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ARF;CIS3SID=F2629C1CCF221F4BE5B655CC9644308D
d3tracking.rbc.com/fp/ Frame CC38 |
35 B 557 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear3.png;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 05FA |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
external-link-small-blue.svg
www1.royalbank.com/uos/3m/images/icons/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_74bb5e07-f3ce-4cb3-b0e2-a67e7cad409f
bgitopazdowntown.ddireal.vn/ |
146 KB 26 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear3.png;CIS3SID=B3428F917BE0DC00A6B0788755482189
d3tracking.rbc.com/fp/ Frame 05FA |
0 219 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www1.royalbank.com
- URL
- https://www1.royalbank.com/uos/common/fonts/Roboto-Medium.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: RBC (Banking)283 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless object| oncontentvisibilityautostatechange object| dataLayer object| dT_ object| dtrum function| $ function| popup function| popupHelp function| popupFlash function| popupPrint function| popupThirdparty function| popupNewbrowser function| popupNonhtml function| stripe function| getElementsByClass function| toggleIcon function| toggleIconFrench function| toggleHelpInline function| toggleHelpInlineFrench function| xstooltip_findPosX function| xstooltip_findPosY function| toggleHelpAbsolute function| toggleHelpAbsoluteForStopPayments function| toggleHelpAbsoluteForStopPaymentsFrench function| toggleHelpAbsoluteFrench function| hidejshideObject function| hidejsaccessiblehideObject function| ddtabcontent function| addLoadEvent function| niceSelect boolean| browser_DOM boolean| browser_NS4 boolean| browser_IE boolean| browser_IE4 boolean| browser_MAC boolean| browser_IE4M string| browser_Path string| browser_BaseDir string| browser_PathDOM string| browser_PathNS4 string| browser_PathIE string| browser_PathIE4 string| browser_PathMAC string| browser_PathIE4M string| browser_PathALL object| browser_JSArray function| browser_IncludeJS function| browser_AddJS function| browser_ExistJS function| event_fix function| event_addOnLoad function| event_remOnLoad function| event_delOnLoad function| event_onLoad function| event_addOnUnload function| event_remOnUnload function| event_delOnUnload function| event_onUnload function| event_addOnFocusForm function| event_remOnFocusForm function| event_delOnFocusForm function| event_onFocusForm function| event_addOnBlurForm function| event_remOnBlurForm function| event_delOnBlurForm function| event_onBlurForm function| event_addOnFocus function| event_remOnFocus function| event_delOnFocus function| event_onFocus function| event_addOnBlur function| event_remOnBlur function| event_delOnBlur function| event_onBlur function| event_addMouseDown function| event_remMouseDown function| event_delMouseDown function| event_mouseDown function| event_addMouseUp function| event_remMouseUp function| event_delMouseUp function| event_mouseUp function| event_addMouseMove function| event_remMouseMove function| event_delMouseMove function| event_mouseMove function| event_addDblClick function| event_remDblClick function| event_delDblClick function| event_dblClick function| event_addKeyPress function| event_remKeyPress function| event_delKeyPress function| event_keyPress function| event_addKeyUp function| event_remKeyUp function| event_delKeyUp function| event_keyUp function| event_addKeyDown function| event_remKeyDown function| event_delKeyDown function| event_keyDown function| event_addValidation function| event_remValidation function| event_delValidation function| event_doEventValidation function| event_doValidation function| event_event function| event_setCurrentField function| event_setCurrentForm function| event_PostValue function| event_addArray function| event_remArray function| event_existArray function| event_mouseOver function| event_ActivateEvents object| event_OnLoadArray object| event_OnUnloadArray object| event_OnFocusFormArray object| event_OnBlurFormArray object| event_OnFocusArray object| event_OnBlurArray object| event_MouseDownArray object| event_MouseUpArray object| event_MouseOverArray object| event_MouseMoveArray object| event_DblClickArray object| event_KeyPressArray object| event_KeyUpArray object| event_KeyDownArray object| event_ValidationArray object| event_CurrentField object| event_CurrentForm string| event_CurrentFieldValue object| event_MESelect number| event_BaseKey number| event_AltKey number| event_CtrlKey number| event_ShiftKey boolean| event_ListenersDone object| google_tag_manager number| kiosk_Type1X number| kiosk_Type1Y number| kiosk_Type1W number| kiosk_Type1H string| kiosk_Type1R string| kiosk_Type1C number| kiosk_Type2X number| kiosk_Type2Y number| kiosk_Type2W number| kiosk_Type2H string| kiosk_Type2R string| kiosk_Type2C number| kiosk_Type3X number| kiosk_Type3Y number| kiosk_Type3W number| kiosk_Type3H string| kiosk_Type3R string| kiosk_Type3C number| kiosk_Type4X number| kiosk_Type4Y number| kiosk_Type4W number| kiosk_Type4H string| kiosk_Type4R string| kiosk_Type4C number| kiosk_Type5X number| kiosk_Type5Y number| kiosk_Type5W number| kiosk_Type5H string| kiosk_Type5R string| kiosk_Type5C number| kiosk_Type6X number| kiosk_Type6Y number| kiosk_Type6W number| kiosk_Type6H string| kiosk_Type6R string| kiosk_Type6C number| kiosk_Type7X number| kiosk_Type7Y number| kiosk_Type7W number| kiosk_Type7H string| kiosk_Type7R string| kiosk_Type7C number| kiosk_Type8X number| kiosk_Type8Y number| kiosk_Type8W number| kiosk_Type8H string| kiosk_Type8R string| kiosk_Type8C number| kiosk_Type9X number| kiosk_Type9Y number| kiosk_Type9W number| kiosk_Type9H string| kiosk_Type9R string| kiosk_Type9C number| kiosk_Type10X number| kiosk_Type10Y number| kiosk_Type10W number| kiosk_Type10H string| kiosk_Type10R string| kiosk_Type10C number| kiosk_Type11X number| kiosk_Type11Y number| kiosk_Type11W number| kiosk_Type11H string| kiosk_Type11R string| kiosk_Type11C string| kiosk_Type12C string| kiosk_Type13R number| kiosk_Type14X number| kiosk_Type14Y string| kiosk_Type14R function| kiosk_SetPropsRTS function| kiosk_SetPropsRTB function| kiosk_SetPropsVCTS function| kiosk_SetPropsVCTB function| kiosk_SetPropsCTS function| kiosk_SetPropsCTB function| kiosk_Open function| kiosk_Close function| kiosk_Win function| kiosk_OpenWinRTS function| kiosk_OpenWinRTB function| kiosk_OpenWinVCTS function| kiosk_OpenWinVCTB function| kiosk_OpenWinCTS function| kiosk_OpenWinCTB function| kiosk_AreYouSure function| buttons_ButtonPreload function| buttons_ButtonPreload_release function| buttons_ButtonPreload_press function| buttons_ButtonPreload_oneClick function| buttons_RadioButtonSubmit function| rbcSetCookie function| rbcDeleteCookie function| rbcGetCookie function| EdsShouldntGetSameSiteNoneFull function| shouldntGetSameSiteNoneFull function| shouldntGetSameSiteNone function| isOlderUcBrowser function| qrcode function| shellExpired function| dates_currentDate function| checkOnFocusForm boolean| oneclickbtn_isClicked object| td_5I boolean| tmx_profiling_started function| tmx_post_session_params_fixed function| td_t function| td_g function| td_j function| td_T function| td_3M function| td_3t function| td_b function| td_Y function| td_h function| td_M function| td_2H function| td_0a function| td_2p function| td_1y function| td_n function| td_Q function| td_4n function| td_k function| td_0p function| tmx_run_page_fingerprinting number| td_y number| td_W number| td_m number| td_G number| td_S object| td_3j number| j function| onYouTubeIframeAPIReady function| checkForPromoParameters object| _etmc object| _etmc_temp string| func_name object| args8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bgitopazdowntown.ddireal.vn/ | Name: PHPSESSID Value: edihiuh1rnpdi8r4q81lju783v |
|
.ddireal.vn/ | Name: dtCookie Value: v_4_srv_-2D43_sn_BMA91LR4V8576OO7NK2CTOSSGAKGAU9Q |
|
.ddireal.vn/ | Name: rxVisitor Value: 1676034225097NV5B09ULO5GPC4TUK54OLAK1N09G4SCG |
|
.ddireal.vn/ | Name: dtLatC Value: 128 |
|
.ddireal.vn/ | Name: dtSa Value: - |
|
d3tracking.rbc.com/ | Name: thx_guid Value: b214de80bed1d9be5bb8cce327e522e7 |
|
.ddireal.vn/ | Name: rxvt Value: 1676036026337|1676034225099 |
|
.ddireal.vn/ | Name: dtPC Value: -43$234225085_224h-vTVUMLKPKWFDRPNMAPFMHBJIHOBCVCCHE-0e0 |
19 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4rvrfbxtiubkjahjjdxcb4i5ahmfkw3a2dupug65abeaaa665bb8b90cam1.e.aa.online-metrix.net
bgitopazdowntown.ddireal.vn
collect.rbcroyalbank.com
d3tracking.rbc.com
h.online-metrix.net
www.googletagmanager.com
www1.royalbank.com
www1.royalbank.com
104.96.137.202
116.118.50.194
2a00:1450:400d:80e::2008
3.99.100.137
91.235.132.130
91.235.133.77
91.235.134.131
07a47aaa3ebc6fe27153d5d779ccbc44fe9fffa17ad5f90eef9b1c7f43be0afc
0b995d2e3153808bdc594cfbc24c7c9c7933353c58bb981d934fc9c4e9677d4b
0c1942df06a8fac676bb61a543e9282a88320c6db60ac7f98fb161fba3757098
0de1fda4ccdc98c71815349366f366dc1a2dd70cc74ceca7ac8c640fa89e0eb0
10571cea5731cddfe7d9e3517b771d62f57465f400c5bc913a3afdf3110dcd44
15e749a52af9d2909b6c58d704295b905059b839d23fb7e0cfa9308265128098
18ae399f81182bc9de916e9c77b195df20cc58d6f2d55a62b085a299f1bf1780
19dd826b0f677cded327297dfe08296e4dd9ce4edb806cf1853eccd5f5403b7f
1a52728c6d5403460fad47e3ff939410380c53fe6b4f7708dd5cf60bfbd94c83
1f065db9676c54d7475dd43571754c4981982f44a75d2b52b52f76b853497622
3d64af0d98e927f41d69c942aaa65c7bf01bcee38383763cc56f2a45a40e2a1b
4470a53cee8eda6d005fe3100deda8e1987945d8b057c175f4142682e1c28edf
4485ce4b2db0b2a5f3606466055bfd8287db01f097f8b3ae20710b5c9411a61d
491ecb078dc81bb8a353f4f77c192e2b586603413618c48a78f29da94e8a3241
4aa8e3502591eeb1edba3ec7ea29a36ba9a07311caf46e68d4178b34ff5fe08f
4b49307ee683cc466f6cb2da1281bc9c81e53b4cba01f08a201ea064c71cddde
6d043f7c8dc205d7cf029d6af525f9ac457a68e23d4e4abe3bb558fbcdee7f2b
7330a1642275f7b86d1b0233846a1c7da4cb7e96bdc855e99c4963a13e68d0e3
8573659e2191285fd760e060f497bcb52a87936f8806251471dbefae13795ca0
86e7aa3655587ed216925fe7887ab3c8d9235235fa0aee1252a6e4970357da02
87b07cf11d9ccf3a7da1c3b4de452315653cde22cc83d6f9aee6cb7be8ec27fa
8d3f4ae7f18161c78bfdb9fbd3efdd9406fd7abeffbd9efdbc0d1746db18e0c0
954f11889044377bc8043db7e1d78defdc3ea669d23a874836e26cb37e0d1e75
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
982fd8fe5426541db5db3b6f3bb4d958a04e2be728ef48b919f0c2dfcb7e765d
9888c85de54e2c47777f282c6f8252122ca51140257fb99e71a8b353fb652679
98c78457205f4d18ac824dbc8c1d2576629d2a5264e8ebbf5a37494d663c3fea
a7dd427e6333524d4c92712847ec26f891d5b7df039672030e37c282f3b8798e
c598aaa7aef72daae3f7faca0adcc821116bbd5f3d315f180cfe645362f5dc13
c5d932452618f147f77bb125860b3bef790eb19a289ecc653597a4ff5b0eeb95
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fc974d9d224af0740613ac26496d7ca98d78b274d8cd5dbb8629a0f5df5037
f1b201fb5356d16b2859b2c59830d05b3a49a45ca2cc81324d01492ed728608d
f23abda8d6d0360ad458ff366415c89425f77204114765ea4d0980ca2759781a
f4756a7869865e55d18877b96192ccf53894557a01b7e0d1c02edaf6492c0ee5
fcee925b86c9dc20c55d6cfe449c5e275bfff1c8b26093049ecd91f7387a6be1