royalbank.waysforbank.net Open in urlscan Pro
2606:4700:3031::681b:8c97 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://royalbank.waysforbank.net/rbaccess/index.php
Submission: On July 17 via api (July 17th 2020, 7:28:36 am UTC) from TW

Summary HTTP 4 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3031::681b:8c97, located in United States and belongs to CLOUDFLARENET, US. The main domain is royalbank.waysforbank.net.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 16th 2020. Valid for: a year.

This is the only time royalbank.waysforbank.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: RBC (Banking)

Domain & IP information

	IP Address		AS Autonomous System
4	2606:4700:303... 2606:4700:3031::681b:8c97		13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2

4 2606:4700:3031::681b:8c97 (United States)

ASN13335 (CLOUDFLARENET, US)

royalbank.waysforbank.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	waysforbank.net royalbank.waysforbank.net	437 KB
4	1

	Domain	Requested by
4	royalbank.waysforbank.net	royalbank.waysforbank.net
4	1

This site contains links to these domains. Also see Links.

Domain
www.rbcgam.com
www.rbccm.com
www.rbcits.com
www.rbc.com
www.rbcroyalbank.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-16` - `2021-07-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://royalbank.waysforbank.net/rbaccess/index.php
Frame ID: E5918C617F5EAE62335E1BF966BB5E46
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

557 kB
Transfer

1339 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: http://www.rbcgam.com/landing.html
Title: Global Asset Management

Search URL Search Domain Scan URL

URL: https://www.rbccm.com/en/
Title: Capital Markets

Search URL Search Domain Scan URL

URL: https://www.rbcits.com/en/
Title: Investor Services

Search URL Search Domain Scan URL

URL: https://www.rbc.com/labs/index.html
Title: RBC Labs

Search URL Search Domain Scan URL

URL: http://www.rbc.com/canada.html
Title: About RBC

Search URL Search Domain Scan URL

URL: https://www.rbcroyalbank.com/customer-service/index.html?RefURL=/cgi-bin/rbaccess/rbcgi3m01&NoEmailSend=DisplayMsg
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
27 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response royalbank.waysforbank.net/rbaccess/	870 KB 394 KB	102ms 42ms	Document text/html	2606:4700:3031::681b:8c97 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://royalbank.waysforbank.net/rbaccess/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681b:8c97 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0b4d5fffe7a610f8ba6fd3b60fd564f3bbeef9a91d48264981de1fd96c9ec258` Request headers :method GET :authority royalbank.waysforbank.net :scheme https :path /rbaccess/index.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Fri, 17 Jul 2020 07:28:02 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d26721fde7b2f0ab82d1b24ddf41e64851594970882; expires=Sun, 16-Aug-20 07:28:02 GMT; path=/; domain=.waysforbank.net; HttpOnly; SameSite=Lax; Secure vary Accept-Encoding cf-cache-status DYNAMIC cf-request-id 03fd4559c5000096b625887200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5b423e6faa8096b6-FRA content-encoding br
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4ad25cca003756c56d16dbc0b68bc7bf4449a33aeb046eb4d0552990a2cfdb9a` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	508 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6a4cefca46eb1ca796a81fd90f6c8a5c5dc4a8526bde1a9634a833b47221bb3c` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	836 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `78920a7468b87496f5d9d3e5ec2bae5ba070c741c6d71eb1e7b3214a92bb353c` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `65810b2abb5357e9d521f65bc4270894f90cb4f531b9d48bd202e3562920bfde` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	440 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f072f948a69fa01073e7561ffc54019409436fff0deee7c868ca670b2f4b849b` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	23 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	8 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bd9f2a9bacc79d0c23c957e53f8ccb9d344f05be3bdcab7494e748aab37b42e6` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	8 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `89975a8d2b12c99b630a8a3fe1706c153c6be0a7774a7903b74e1ae00802e6b1` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	17 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f2cce4ff7e8ebb8c1f11507496360275b8fa81877209e344db62daf65ddd749d` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	53 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f936c6e03bcd5a1a955e66327e9d13a0a78272359ec9ec1c9f0d49fe02bce69a` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	28 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0ef2e50df6bfbe5633c9211a8f50d224a3286133f6a48a7eb1bc987857ae9c86` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	28 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7b6b8e7317cab19dee07b5b71622bbd17921fd4aded4768810ff8473d7d93671` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	28 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7f4d18392bb9ce81f4f568c184c8191987203acf66d9e293f383b07b01f2de8e` Request headers Origin https://royalbank.waysforbank.net Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	398 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `657af7581552bd71f795ce717ae163c62507c7fc12dfefae0cf4ed4811f3f2eb` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	427 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1c323c6269a284f42a11ab70483a7ef20003570cde175735da4b1e2b0d12b5a7` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	21 KB 21 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f9bc132980c62433dfd76631f5a602fd1bf318141d67ebb6b70b4d3cc92555b0` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer Origin https://royalbank.waysforbank.net Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	21 KB 21 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2b56e3544de25a2bc015f2df367a527d3e1f5691510605d7cb5d06d8c2e7fd6d` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer Origin https://royalbank.waysforbank.net Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	259 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5ebd4e99e10ea98455582e5949a0d1bda24645b23971cd3e322eeea55f9b1c48` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H2	200	hashtable.js Show response royalbank.waysforbank.net/rbaccess/	13 KB 3 KB	39ms 38ms	Script application/javascript	2606:4700:3031::681b:8c97 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://royalbank.waysforbank.net/rbaccess/hashtable.js Requested by Host: royalbank.waysforbank.net URL: https://royalbank.waysforbank.net/rbaccess/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681b:8c97 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `96befaf05cf6ca6a182303f85e7e73fbbaef4cb6b564468dfcc5c0e48643b766` Request headers Referer https://royalbank.waysforbank.net/rbaccess/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 17 Jul 2020 07:28:02 GMT content-encoding br cf-cache-status EXPIRED last-modified Thu, 26 Sep 2019 15:22:40 GMT server cloudflare etag W/"3572-5937657157000-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5b423e70bb7696b6-FRA cf-request-id 03fd455a6e000096b625894200000001
GET H2	200	fp.js Show response royalbank.waysforbank.net/rbaccess/	36 KB 10 KB	41ms 41ms	Script application/javascript	2606:4700:3031::681b:8c97 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://royalbank.waysforbank.net/rbaccess/fp.js Requested by Host: royalbank.waysforbank.net URL: https://royalbank.waysforbank.net/rbaccess/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681b:8c97 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0162b06a26916e4a1a828ccffe099e8f96297c4745ac17c5d84277853c2a4943` Request headers Referer https://royalbank.waysforbank.net/rbaccess/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 17 Jul 2020 07:28:02 GMT content-encoding br cf-cache-status EXPIRED last-modified Fri, 27 Sep 2019 14:12:34 GMT server cloudflare etag W/"9197-593897a3a5880-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5b423e70bb7896b6-FRA cf-request-id 03fd455a6f000096b625895200000001
GET H2	200	jq.js Show response royalbank.waysforbank.net/rbaccess/	85 KB 29 KB	57ms 56ms	Script application/javascript	2606:4700:3031::681b:8c97 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://royalbank.waysforbank.net/rbaccess/jq.js Requested by Host: royalbank.waysforbank.net URL: https://royalbank.waysforbank.net/rbaccess/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681b:8c97 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Referer https://royalbank.waysforbank.net/rbaccess/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 17 Jul 2020 07:28:02 GMT content-encoding br cf-cache-status EXPIRED last-modified Fri, 15 Feb 2019 14:25:10 GMT server cloudflare etag W/"1538f-581ef8ad5fd80-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5b423e70bb7996b6-FRA cf-request-id 03fd455a6f000096b625896200000001
GET DATA	200 OK	truncated /	443 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a51aaa34a0ed0bbfa7cd4cbfb5060f0c0a277825702f9f87ec921bb1deb0022d` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `169b2c80c3cf9bba841ccd21f0a32cd56cf82b55917b228f0d9354fa5e312479` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `208bd303e33d60639dbebdf5a93db4f0fb2999bda5c34bb8408679bbb8243197` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	149 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `463c807898d95421f1d1b08aa1cf30873aa2cfeec128f65946107a2d27700f5b` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `776c50dabbcf9967aef068d7ffa38e199a2b9a7e87697750a22ea70344072f32` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8573659e2191285fd760e060f497bcb52a87936f8806251471dbefae13795ca0` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	42 KB 42 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `128376a684bdd753a94481e70b3f65ab665afb60d56eca7263d9c5ad87e5e3dd` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer Origin https://royalbank.waysforbank.net Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	14 KB 14 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d96aa24745416f71ce3f0dffea32971e52793c1fc2059005b1ab90819fa72e15` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer Origin https://royalbank.waysforbank.net Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	22 KB 22 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d0759263025ff6b8f33da27562e5f1fa2194294bd70a26240fa13fe3b97ccf4d` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer Origin https://royalbank.waysforbank.net Response headers Content-Type application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: RBC (Banking)

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.waysforbank.net/	1970-01-19 11:46:02	Name: __cfduid Value: d26721fde7b2f0ab82d1b24ddf41e64851594970882

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

royalbank.waysforbank.net
2606:4700:3031::681b:8c97
0162b06a26916e4a1a828ccffe099e8f96297c4745ac17c5d84277853c2a4943
0b4d5fffe7a610f8ba6fd3b60fd564f3bbeef9a91d48264981de1fd96c9ec258
0ef2e50df6bfbe5633c9211a8f50d224a3286133f6a48a7eb1bc987857ae9c86
128376a684bdd753a94481e70b3f65ab665afb60d56eca7263d9c5ad87e5e3dd
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
169b2c80c3cf9bba841ccd21f0a32cd56cf82b55917b228f0d9354fa5e312479
1c323c6269a284f42a11ab70483a7ef20003570cde175735da4b1e2b0d12b5a7
208bd303e33d60639dbebdf5a93db4f0fb2999bda5c34bb8408679bbb8243197
2b56e3544de25a2bc015f2df367a527d3e1f5691510605d7cb5d06d8c2e7fd6d
463c807898d95421f1d1b08aa1cf30873aa2cfeec128f65946107a2d27700f5b
4ad25cca003756c56d16dbc0b68bc7bf4449a33aeb046eb4d0552990a2cfdb9a
5ebd4e99e10ea98455582e5949a0d1bda24645b23971cd3e322eeea55f9b1c48
657af7581552bd71f795ce717ae163c62507c7fc12dfefae0cf4ed4811f3f2eb
65810b2abb5357e9d521f65bc4270894f90cb4f531b9d48bd202e3562920bfde
6a4cefca46eb1ca796a81fd90f6c8a5c5dc4a8526bde1a9634a833b47221bb3c
776c50dabbcf9967aef068d7ffa38e199a2b9a7e87697750a22ea70344072f32
78920a7468b87496f5d9d3e5ec2bae5ba070c741c6d71eb1e7b3214a92bb353c
7b6b8e7317cab19dee07b5b71622bbd17921fd4aded4768810ff8473d7d93671
7f4d18392bb9ce81f4f568c184c8191987203acf66d9e293f383b07b01f2de8e
8573659e2191285fd760e060f497bcb52a87936f8806251471dbefae13795ca0
89975a8d2b12c99b630a8a3fe1706c153c6be0a7774a7903b74e1ae00802e6b1
96befaf05cf6ca6a182303f85e7e73fbbaef4cb6b564468dfcc5c0e48643b766
a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742
a51aaa34a0ed0bbfa7cd4cbfb5060f0c0a277825702f9f87ec921bb1deb0022d
bd9f2a9bacc79d0c23c957e53f8ccb9d344f05be3bdcab7494e748aab37b42e6
d0759263025ff6b8f33da27562e5f1fa2194294bd70a26240fa13fe3b97ccf4d
d96aa24745416f71ce3f0dffea32971e52793c1fc2059005b1ab90819fa72e15
f072f948a69fa01073e7561ffc54019409436fff0deee7c868ca670b2f4b849b
f2cce4ff7e8ebb8c1f11507496360275b8fa81877209e344db62daf65ddd749d
f936c6e03bcd5a1a955e66327e9d13a0a78272359ec9ec1c9f0d49fe02bce69a
f9bc132980c62433dfd76631f5a602fd1bf318141d67ebb6b70b4d3cc92555b0

royalbank.waysforbank.net Open in urlscan Pro 2606:4700:3031::681b:8c97 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

557 kBTransfer

1339 kBSize

1 Cookies

6 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 27 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

royalbank.waysforbank.net Open in urlscan Pro
2606:4700:3031::681b:8c97 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

557 kB
Transfer

1339 kB
Size

1
Cookies

4 HTTP transactions
27 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!