host4.uniservehosting.com
Open in
urlscan Pro
216.113.193.55
Malicious Activity!
Public Scan
Effective URL: http://host4.uniservehosting.com/~doorwin/wp-includes/royalbank/rbsqcgi.php
Submission: On April 04 via automatic, source openphish
Summary
This is the only time host4.uniservehosting.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: RBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 216.113.193.55 216.113.193.55 | 19662 (UNISERVE-...) (UNISERVE-ONLINE - Uniserve On Line) | |
24 | 104.108.35.167 104.108.35.167 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
26 | 2 |
ASN19662 (UNISERVE-ONLINE - Uniserve On Line, CA)
PTR: host4.uniservehosting.com
host4.uniservehosting.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-35-167.deploy.static.akamaitechnologies.com
www1.royalbank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
royalbank.com
www1.royalbank.com |
67 KB |
2 |
uniservehosting.com
host4.uniservehosting.com |
19 KB |
26 | 2 |
Domain | Requested by | |
---|---|---|
24 | www1.royalbank.com |
host4.uniservehosting.com
|
2 | host4.uniservehosting.com |
www1.royalbank.com
|
26 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www1.royalbank.com Symantec Class 3 Secure Server CA - G4 |
2016-09-30 - 2017-10-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://host4.uniservehosting.com/~doorwin/wp-includes/royalbank/rbsqcgi.php
Frame ID: 23419.1
Requests: 26 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
rbsqcgi.php
host4.uniservehosting.com/~doorwin/wp-includes/royalbank/ Redirect Chain
|
19 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.css
www1.royalbank.com/uos/common/css/ |
132 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
legacy.css
www1.royalbank.com/uos/common/css/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main01.css
www1.royalbank.com/uos/common/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main02.css
www1.royalbank.com/uos/common/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tabs.css
www1.royalbank.com/uos/common/css/ |
394 B 394 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utilities.js
www1.royalbank.com/uos/common/javascript/ |
26 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
browser.js
www1.royalbank.com/uos/common/javascript/ |
1 KB 583 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print.css
www1.royalbank.com/uos/common/css/ |
1 KB 542 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.js
www1.royalbank.com/uos/common/javascript/ie/ |
1 KB 373 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.js
www1.royalbank.com/uos/common/javascript/ |
10 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kiosk.js
www1.royalbank.com/uos/common/javascript/ |
9 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
buttons.js
www1.royalbank.com/uos/common/javascript/ |
809 B 809 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookie.js
www1.royalbank.com/uos/common/javascript/ |
1 KB 481 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header_dates.js
www1.royalbank.com/uos/common/javascript/ |
604 B 604 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
safaricss.js
www1.royalbank.com/uos/common/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
date.js
www1.royalbank.com/uos/common/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rbc_royalbank_en.gif
www1.royalbank.com/uos/common/images/logos/web/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.js
host4.uniservehosting.com/uos/common/javascript/dom/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_continue.gif
www1.royalbank.com/uos/common/images/english/ |
1020 B 1020 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_cancel.gif
www1.royalbank.com/uos/common/images/english/ |
803 B 803 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
date.js
www1.royalbank.com/uos/common/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-standard.gif
www1.royalbank.com/uos/common/images/layout/ |
15 KB 15 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
secure-bg.gif
www1.royalbank.com/uos/common/images/header/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
www1.royalbank.com/ |
2 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
www1.royalbank.com/ |
2 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: RBC (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
host4.uniservehosting.com/ | Name: F100 Value: 1/WT8/CuUBBlGGODZoBehs25Pt1crZW9H4m7DIPc4Xd2ip0CUqQB9e4hGeXJ38xwYfZjemjs8rAckNOY2cwqURPXpfNw__/YAAAAA__/S0/PB |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
host4.uniservehosting.com
www1.royalbank.com
104.108.35.167
216.113.193.55
039c3b5639ff16b2440e0d5eed91d3b6c49a63781ad12bf9391f7712ec0fd895
04d0f44f32f7027805eb94d3a77c46adf56bbff1615fd0b2aad4c9228bd56be9
0b601285b417fe95aff99abadebe977e3f7506a57d42d6c2ad8da04971a7bf22
0de1fda4ccdc98c71815349366f366dc1a2dd70cc74ceca7ac8c640fa89e0eb0
252e7a9efba0b935d299903b9c83577bcc54e4fd8514d75b65f3d861a42f9934
36eaf89e51905a0f7788c6d943bfecb6548a736523fefe6eacd8d28fc25604dc
3ba5c75dbbfead088f2599735c2723f2cac7dbfd0fe10c9f5e5e43aaae8b190a
4aa8e3502591eeb1edba3ec7ea29a36ba9a07311caf46e68d4178b34ff5fe08f
4ce04021dcad4967eb75870b28569d812455223682a6dfd6aa948115944c692d
52959d41a6aa710709b4c41ba59ef90d167a8f523585bb69ea07092288030d78
5a9896fd1307cd571282bca32397d18cf3fecb8696503e66bf94edd1434facc4
5ef09b87e0bd5b854561f66cb2b4dcf13817271e20c6591b7a223d18b69a3d9d
60a22a3e93c410bc31c758f048c0c54e408690cb887f4cafc9db3ae54765f198
6a305d558dc77defeea6e5684c20d52d6046c9bcfe87c147a198366bdf48e528
775bd9df2c430495e3622fefc74b708cdb16b1ea9afbe4f185be00aea9151257
7a95814ce0b01d1b9eaca93dfc6237ec810eeecab3b189948478adec28cbc838
8d3f4ae7f18161c78bfdb9fbd3efdd9406fd7abeffbd9efdbc0d1746db18e0c0
954f11889044377bc8043db7e1d78defdc3ea669d23a874836e26cb37e0d1e75
98ba8856cceb8c45e6dd82a88598479d9e46ae0b69343d2e0fc3d06fe3e88cf8
bf9c7101ca9d5ffee69462ed06d29cfe9acfa06e842af900e96fc787690d61b5
d241615f5e2386b980d53f7004b77744928ea2daade075a4a734ec0154df4867