magical-leakey.34-30-167-80.plesk.page
Open in
urlscan Pro
34.30.167.80
Malicious Activity!
Public Scan
URL:
https://magical-leakey.34-30-167-80.plesk.page/rbc/login.php
Submission: On June 15 via automatic, source openphish — Scanned from GE
Submission: On June 15 via automatic, source openphish — Scanned from GE
Summary
This website contacted 5 IPs
in 2 countries
across 4 domains to perform 42 HTTP transactions.
The main IP is 34.30.167.80, located in
Council Bluffs, United States and
belongs to GOOGLE-CLOUD-PLATFORM, US.
The main domain is magical-leakey.34-30-167-80.plesk.page.
TLS certificate: Issued by R3 on June 10th 2023. Valid for: 3 months.
This is the only time magical-leakey.34-30-167-80.plesk.page was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 10th 2023. Valid for: 3 months.
This is the only time magical-leakey.34-30-167-80.plesk.page was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: RBC (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 21 | 34.30.167.80 34.30.167.80 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 3 | 23.201.253.71 23.201.253.71 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 16 | 91.235.132.130 91.235.132.130 | 30286 (THM) (THM) | |
| 1 | 91.235.134.131 91.235.134.131 | 30286 (THM) (THM) | |
| 42 | 5 |
21
34.30.167.80
(Council Bluffs, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.167.30.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.167.30.34.bc.googleusercontent.com
| magical-leakey.34-30-167-80.plesk.page |
3
23.201.253.71
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-201-253-71.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-201-253-71.deploy.static.akamaitechnologies.com
| secure.royalbank.com | |
| rum.rbc.com |
1
91.235.134.131
(United States)
ASN30286 (THM, US)
ASN30286 (THM, US)
| 4rvrfbxtqcn3syuchpyo2rnb2fog7zmrmmcem3st6625c457d2854bc0am1.e.aa.online-metrix.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
plesk.page
magical-leakey.34-30-167-80.plesk.page |
2 MB |
| 17 |
online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3027 4rvrfbxtqcn3syuchpyo2rnb2fog7zmrmmcem3st6625c457d2854bc0am1.e.aa.online-metrix.net |
179 KB |
| 2 |
rbc.com
rum.rbc.com — Cisco Umbrella Rank: 109640 |
1 KB |
| 1 |
royalbank.com
secure.royalbank.com — Cisco Umbrella Rank: 244170 |
6 KB |
| 42 | 4 |
| Domain | Requested by | |
|---|---|---|
| 21 | magical-leakey.34-30-167-80.plesk.page |
magical-leakey.34-30-167-80.plesk.page
|
| 16 | h.online-metrix.net |
magical-leakey.34-30-167-80.plesk.page
h.online-metrix.net |
| 2 | rum.rbc.com |
magical-leakey.34-30-167-80.plesk.page
|
| 1 | 4rvrfbxtqcn3syuchpyo2rnb2fog7zmrmmcem3st6625c457d2854bc0am1.e.aa.online-metrix.net | |
| 1 | secure.royalbank.com |
magical-leakey.34-30-167-80.plesk.page
|
| 42 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| applinks.rbcroyalbank.com |
| itunes.apple.com |
| www.rbcroyalbank.com |
| www1.royalbank.com |
| www1.rbcbank.com |
| caribbean.rbcroyalbank.com |
| www6.rbc.com |
| www.rbcglobaltrade.rbc.com |
| www.rbc.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| magical-leakey.34-30-167-80.plesk.page R3 |
2023-06-10 - 2023-09-08 |
3 months | crt.sh |
| www1.rbcinsurance.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-06-12 - 2024-06-19 |
a year | crt.sh |
| h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2023-01-09 - 2024-01-23 |
a year | crt.sh |
| *.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2022-06-08 - 2023-07-10 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://magical-leakey.34-30-167-80.plesk.page/rbc/login.php
Frame ID: D86E3603CDFFD7331AAAA449840DBF15
Requests: 30 HTTP requests in this frame
Frame:
https://h.online-metrix.net/Fxn0-kv26fwCaORc?cdcfccfb2b994751=TACuh_81CNihPHyg4G1ws5qBcCWWp4INXuEStm5mpuI4aoY8adUtnfE9WVa_ali6cby4Z9p6kB_Way2wzmYUl36A68mVsJvyGnSDpEuQrxlUJ8IO2V4b1peDk2TS1y6fhbk6NxpB0E2SprqrSqMPqzKMb9jSNhGhA4r9h7TpaO1q7J8l7WfQETbsXRYfxhZDZb8ptv8fQKU&jb=353124246a736f773f55696c6c6f777b266873673d55616c6c6d777325303833302e687162753d416a706f6f6d266a7b623f4360726d65672d3030313136
Frame ID: 3BAADC5F2A494AD368C2EFF19A7D2CC2
Requests: 10 HTTP requests in this frame
Frame:
https://h.online-metrix.net/fp/HP?session_id=d8c31d16bf138d1807e9439c8b01469c&org_id=4rvrfbxt&nonce=6625c457d2854bc0&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 05A153157509FA59601CA295DF9A45E8
Requests: 3 HTTP requests in this frame
Frame:
https://h.online-metrix.net/fp/ls_fp.html;CIS3SID=22EFB27104957621CAB6F4A71256D4CF?org_id=4rvrfbxt&session_id=d8c31d16bf138d1807e9439c8b01469c&nonce=6625c457d2854bc0
Frame ID: 7B5968AC684AA8094517531931D3A5A2
Requests: 2 HTTP requests in this frame
Frame:
https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=22EFB27104957621CAB6F4A71256D4CF?org_id=4rvrfbxt&session_id=d8c31d16bf138d1807e9439c8b01469c&nonce=6625c457d2854bc0
Frame ID: 0D710D7973230B0ED57AC71BF4DCB1C8
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
RBC Royal Bank – Secure Sign InRBCchevron-downDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
URL: https://applinks.rbcroyalbank.com/RtYB
Title: INSTALL
Title: INSTALL
Search URL Search Domain Scan URL
URL: https://itunes.apple.com/ca/app/rbc-mobile/id407597290?mt=8
Title: View
Title: View
Search URL Search Domain Scan URL
URL: https://www.rbcroyalbank.com/onlinebanking/bankingusertips/notices/online-banking-sign-in-page-will-move-to-a-new-url-starting-June-2023.html
Title: The Online Banking sign-in page will move to a new URL starting March 2022 Opens in a new TabOpens in a new Window
Title: The Online Banking sign-in page will move to a new URL starting March 2022 Opens in a new TabOpens in a new Window
Search URL Search Domain Scan URL
URL: https://www.rbcroyalbank.com/onlinebanking/bankingusertips/notices/maint/Weekly.html
Title: Weekend maintenance to affect Online/Mobile Banking Opens in a new TabOpens in a new Window
Title: Weekend maintenance to affect Online/Mobile Banking Opens in a new TabOpens in a new Window
Search URL Search Domain Scan URL
URL: https://www.rbcroyalbank.com/onlinebanking/bankingusertips/notices/maint/Rewards.html
Title: Maintenance to affect RBC Rewards Opens in a new TabOpens in a new Window
Title: Maintenance to affect RBC Rewards Opens in a new TabOpens in a new Window
Search URL Search Domain Scan URL
URL: https://www1.royalbank.com/english/netaction/sgne.html
Title: RBC Direct Investing
Title: RBC Direct Investing
Search URL Search Domain Scan URL
URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&IDP=IVC&LANGUAGE=ENGLISH&SYSTEM=DSIC
Title: Dominion Securities Online
Title: Dominion Securities Online
Search URL Search Domain Scan URL
URL: https://www1.royalbank.com/english/invest-ease/sgne.html
Title: RBC InvestEase
Title: RBC InvestEase
Search URL Search Domain Scan URL
URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?CHOICE=Personal&F21=IB&F22=IB&F6=1&F7=IB&GOTO=RewardsRefresh&LANGUAGE=ENGLISH&REQUEST=ErnexLink
Title: RBC Rewards
Title: RBC Rewards
Search URL Search Domain Scan URL
URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&IDP=IVC&LANGUAGE=ENGLISH&SYSTEM=PHN
Title: PH&N Investment Counsel
Title: PH&N Investment Counsel
Search URL Search Domain Scan URL
URL: https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&IDP=IVC&LANGUAGE=ENGLISH&SYSTEM=ETS
Title: RBC Royal Trust
Title: RBC Royal Trust
Search URL Search Domain Scan URL
URL: https://www1.rbcbank.com//cgi-bin/rbaccess/rbunxcgi?F6=1&F7=NS&F21=IB&F22=CN&REQUEST=CenturaClientSignin&LANGUAGE=ENGLISH
Title: RBC Bank USA
Title: RBC Bank USA
Search URL Search Domain Scan URL
URL: https://caribbean.rbcroyalbank.com/#/login
Title: RBC Caribbean
Title: RBC Caribbean
Search URL Search Domain Scan URL
URL: https://www6.rbc.com/webapp/ukv0/signin/logon.xhtml?lang=en
Title: RBC Express
Title: RBC Express
Search URL Search Domain Scan URL
URL: https://www.rbcglobaltrade.rbc.com/portal/PasswordLogon.jsp?organization=rbc&branding=rbc&locale=en_CA
Title: RBC Global Trade
Title: RBC Global Trade
Search URL Search Domain Scan URL
URL: https://www.rbc.com/canada.html
Title: Other Services
Title: Other Services
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
42 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login.php
magical-leakey.34-30-167-80.plesk.page/rbc/ |
2 MB 206 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
51 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
429 KB 84 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm(1).js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
310 KB 82 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rbc_common.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
300 KB 162 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
504 KB 185 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
62 KB 23 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.801054fd5d6d80ce02bb.css
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
286 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
409b2c7acb786f7f_complete.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
231 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
23-es2015.63316f1abae2c5260b39.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
4 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
0-es2015.8730972180d2683e8215.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
403 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1-es2015.099a3fb287d0d1d4572c.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
18 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
common-es2015.20f652858533e1f6638a.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
5-es2015.f835223b9b9ce7577b68.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
451 KB 44 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
servicenotice.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
27 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
marketing-new.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
8 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pubnotice.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
3 KB 981 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
uafrvvj1wu5i4gak.js
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
94 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rbc_logo_center.PNG
secure.royalbank.com/statics/login-service-ui/assets/media/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
441 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
561 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
760 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
signin-landing-branding.b8b3e1443ca549d81fdb.jpg
magical-leakey.34-30-167-80.plesk.page/rbc/images/ |
589 KB 590 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
355 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js.download
magical-leakey.34-30-167-80.plesk.page/rbc/id_files/ |
62 KB 23 KB |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rbc-app-icon.e5eb0da3a5c3a7df6f81.svg
magical-leakey.34-30-167-80.plesk.page/rbc/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
cac66252-db1e-4fbb-aa14-4023d7e72f97
https://magical-leakey.34-30-167-80.plesk.page/ |
2 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
89 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Fxn0-kv26fwCaORc
h.online-metrix.net/ Frame 3BAA |
596 KB 111 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
3YuL6XZMBEp-6rpP
h.online-metrix.net/ Frame 3BAA |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ZKWZlHuaHsvPLDMh
h.online-metrix.net/ Frame 3BAA |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
HP
h.online-metrix.net/fp/ Frame 05A1 |
19 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
h.online-metrix.net/fp/ Frame 3BAA |
81 B 554 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ls_fp.html;CIS3SID=22EFB27104957621CAB6F4A71256D4CF
h.online-metrix.net/fp/ Frame 7B59 |
91 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
h.online-metrix.net/fp/ Frame 3BAA |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sid_fp.html;CIS3SID=22EFB27104957621CAB6F4A71256D4CF
h.online-metrix.net/fp/ Frame 0D71 |
104 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
h.online-metrix.net/fp/ Frame 3BAA |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
4rvrfbxtqcn3syuchpyo2rnb2fog7zmrmmcem3st6625c457d2854bc0am1.e.aa.online-metrix.net/fp/ Frame 3BAA |
81 B 438 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear1.png;CIS3SID=22EFB27104957621CAB6F4A71256D4CF
h.online-metrix.net/fp/ Frame 3BAA |
0 400 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
check.js
h.online-metrix.net/fp/ Frame 05A1 |
209 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
h.online-metrix.net/fp/ Frame 7B59 |
0 388 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear1.png;CIS3SID=22EFB27104957621CAB6F4A71256D4CF
h.online-metrix.net/fp/ Frame 0D71 |
0 401 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear3.png;CIS3SID=22EFB27104957621CAB6F4A71256D4CF
h.online-metrix.net/fp/ Frame 3BAA |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
h.online-metrix.net/fp/ Frame 3BAA |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ARF;CIS3SID=C2C6A5B2DF0A848E62A7EE63FE3147F5
h.online-metrix.net/fp/ Frame 05A1 |
35 B 557 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
74bb5e07-f3ce-4cb3-b0e2-a67e7cad409f
rum.rbc.com/bf/ |
718 B 872 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
74bb5e07-f3ce-4cb3-b0e2-a67e7cad409f
rum.rbc.com/bf/ |
205 B 358 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: RBC (Banking)96 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless object| onbeforetoggle object| onscrollend function| _0xfbb5 function| _0x422e06 function| _0x24a9 function| _0x4113f1 boolean| _0x3d5a22 string| _0x372795 string| _0x33815a string| _0x53dfa1 string| _0x4c00cc string| _0x115d62 object| _0x8a6867 string| _0x148c45 string| _0xf45469 string| _0x49f4fe string| _0x22863e string| _0x419f12 string| _0x40b358 string| _0x82319d string| _0x4d38fb string| _0x588036 undefined| _0x1ce90c function| _0x575ed7 function| _0xb606a3 function| _0x4d1ab3 object| JssC function| i90 function| _0x4cb7 function| _0x5687ff boolean| _0x1d03c9 function| _0x30afa9 string| _0x9ecdbf string| _0x10216f string| _0x5bde9f string| _0x443574 string| _0x267b80 string| _0x514a4e string| _0x254484 string| _0x142ceb string| _0x363f9d string| _0x5c80ea string| _0x1af2fe string| _0x31d81a string| _0x5d52b4 string| _0x10f7a2 string| _0x1e7377 number| _0x38378c number| _0x18d28a string| _0x10e7c2 string| _0x4c81e6 object| _0x1db7ac object| _0x3438ea undefined| _0x5ada15 function| _0x4606 function| _0xe3765b function| _0x5a3b77 function| wp0 object| dT_ object| dtrum function| Notice number| numberofnotices object| notices number| numberOfTopLinks object| topLinkDate object| topLinkText object| topLinkURL object| topLinkPub object| topStart object| topExpiry object| topKiosk number| numberOfMidImages object| midImageName object| midImageURL object| midAlt object| midStart object| midExpiry number| numberOfBotImages object| botImageName object| botImageURL object| botAlt object| botStart object| botExpiry boolean| tmx_profiling_started function| tmx_run_page_fingerprinting function| tmx_post_session_params_fixed object| google_tag_data function| ga object| gaplugins object| google_tag_manager object| dataLayer function| onYouTubeIframeAPIReady function| checkForPromoParameters6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .34-30-167-80.plesk.page/ | Name: rxVisitor Value: 1686787987690L6H7KRQ72OPNO6H473Q4LBV24FR99DE2 |
|
| .34-30-167-80.plesk.page/ | Name: dtLatC Value: 247 |
|
| .34-30-167-80.plesk.page/ | Name: dtSa Value: - |
|
| .34-30-167-80.plesk.page/ | Name: rxvt Value: 1686789788341|1686787987691 |
|
| .34-30-167-80.plesk.page/ | Name: dtPC Value: -31$187987687_185h-vIQRPTHRJFAKLAQMMAVLJRHHHKHBHBQRW-0e0 |
|
| .34-30-167-80.plesk.page/ | Name: dtCookie Value: v_4_srv_4_sn_ED96164534444F7220AE0B5ED978C23D_app-3A409b2c7acb786f7f_1_ol_0_perc_100000_mul_1 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4rvrfbxtqcn3syuchpyo2rnb2fog7zmrmmcem3st6625c457d2854bc0am1.e.aa.online-metrix.net
h.online-metrix.net
magical-leakey.34-30-167-80.plesk.page
rum.rbc.com
secure.royalbank.com
23.201.253.71
34.30.167.80
91.235.132.130
91.235.134.131
04c88a978bb1242f0fdf73605f99a3181f4fcba8cbe46ef5996b005ae28e88c9
04ca992565bed60322d5a700ea38cc1cd3a99b8b14fca7909082768c7055dd1b
089a4ff58077321d7f7ebd759c3bcb389e9841c91a9c750e211b0c8868ab45e2
0ad4d7f2999a44d25fbe4d02177fe4718328adbbb5f7b39b5e33085e99787c53
0be4169f4190373039e68c3d6ce495e002365437dc5746903325de4040515677
18c0bef84b3e666dac37727e8660ff8bfc68daaaf1bca276a05b8b02f3ab9310
1c44cb0ae430bf368cf8df1c527a91dd2f402b54a9435a0e3bfd2d2e394d793c
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
23bf23d30de1fd09bfaa08e588e95a45762cebd3f5cbfbc4507702abdf3c7a80
32d1b2a47c7c94e46c5d4b8d26a596bb6bab1228a664ab66e1af5fc4cb81df1f
4a099741603bab19985341e786a58b230d380e046a4b64cffd889944fd0454a8
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
587899d9d4a48c8b7f820590c96ee224de562f0ac9eb867db3f705dbe368fa9c
66275e28ccd27d90494a2256632d7c87be93f1078f3da259b3a0841fce191cbf
67e1a36a2948f9cd94af1f390bc4297763c81f2b2b73143f448faaed89242161
6b4b5c9039f0730e31b777d34767e3341996389831374acdce071d7f56bac17b
75a048beb0091c37ea9e8b7c5b310678c2ebe88bb937ec6525002e5a2bc2cc24
7d05b8116a52aafb8e8f2ae9601e75fe38e7e73b7584e606d3355b782ffa06f3
7fa7893ccad1fe48d65f905edcf5fc3a454ff90c82e98a1e746eade411008916
86a1db5bb84e16d96847bd2006d74ff9760aecc38e263314b3387bc558b21254
88df41fbabf9d9f3c322e54792cf7da953c890fc511a256d090f4b0399c5824b
8a567e943f599b3efede58d3ea63b59042373b2b08497ea22cba12ac7df628fb
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
99f26edad1d8c08f52aef24b697259c904d49662d1aae0007da502288a516d40
aa78f941fad055ff3ee821a040dc6157a03d30e5e3c1a6e3c6de6269be7a197c
b277ea9ac2098c7bccf9553dd470b99d05df3c528b29b996510ac302a20b8259
b6fd9ddd2c6c9fd1e15d5919547441753cd6b9076e16f77d17b861b78c168832
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
d185ce865d6f2506b87e2f307fbe8169b22179562b832c92493fd22242c31f41
d399fb5feb8f721843c838394fb8478a9655f375533b2b610ed9ab0ea7c0cd81
e1cb5456cca0d499682746a682004a626dca7f2942622a8cae3df80776ee2245
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
f107564e5e4a31791588c91d2fe6a54dbeeec7a8998bde2d131c2a52b9b823a7
f1b4bc811a5b1348d3afa08886c05dacdf5d9264e93342aaece13905f5e2624c
f31f0feed4442887e7ca4baad0c8a30be2f984e3513d1a3a188fb014887c713f
f447041cbf58eb72f8c23d08f79669549a80515bdc3894388cfeae73b91af5b8