urlscan.io logo urlscan.io
SecurityTrails logo

secure.royalbnk.com.login.vx-xvz.com Open in urlscan Pro
34.175.45.180  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://boogabearbpk.blogspot.com/
Effective URL: https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Submission: On November 20 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 9 domains to perform 12 HTTP transactions. The main IP is 34.175.45.180, located in Madrid, Spain and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is secure.royalbnk.com.login.vx-xvz.com.
TLS certificate: Issued by R11 on November 18th 2024. Valid for: 3 months.
This is the only time secure.royalbnk.com.login.vx-xvz.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: RBC (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 193.3.19.74 50340 (SELECTEL-...)
4 34.175.45.180 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
12 8
1    2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)
boogabearbpk.blogspot.com
1    2607:f8b0:4006:80e::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2607:f8b0:4006:80e::2009 (United States)

ASN15169 (GOOGLE, US)
resources.blogblog.com
www.blogger.com
2    193.3.19.74 (Russian Federation)

ASN50340 (SELECTEL-MSK JSC Selectel, RU)
clickeraction.com
4    34.175.45.180 (Madrid, Spain)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 180.45.175.34.bc.googleusercontent.com
hjisakdandkspa.com
secure.royalbnk.com.login.vx-xvz.com
1    2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
3 vx-xvz.com
secure.royalbnk.com.login.vx-xvz.com
613 KB
2 clickeraction.com
clickeraction.com
694 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
56 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
31 KB
1 hjisakdandkspa.com
hjisakdandkspa.com
295 B
1 blogger.com
www.blogger.com — Cisco Umbrella Rank: 12722
51 KB
1 blogblog.com
resources.blogblog.com — Cisco Umbrella Rank: 25053
47 KB
1 gstatic.com
www.gstatic.com
3 KB
1 blogspot.com
boogabearbpk.blogspot.com
14 KB
12 9
Domain Requested by
3 secure.royalbnk.com.login.vx-xvz.com hjisakdandkspa.com
secure.royalbnk.com.login.vx-xvz.com
2 clickeraction.com boogabearbpk.blogspot.com
1 cdnjs.cloudflare.com secure.royalbnk.com.login.vx-xvz.com
1 ajax.googleapis.com secure.royalbnk.com.login.vx-xvz.com
1 hjisakdandkspa.com
1 www.blogger.com boogabearbpk.blogspot.com
1 resources.blogblog.com boogabearbpk.blogspot.com
1 www.gstatic.com boogabearbpk.blogspot.com
1 boogabearbpk.blogspot.com
12 9

This site contains links to these domains. Also see Links.

Domain
applinks.rbcroyalbank.com
itunes.apple.com
Subject Issuer Validity Valid
misc-sni.blogspot.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.blogger.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
clicbrand.com
R11		 2024-11-15 -
2025-02-13		 3 months crt.sh
hjisakdandkspa.com
R11		 2024-11-20 -
2025-02-18		 3 months crt.sh
secure.royalbnk.com.login.vx-xvz.com
R11		 2024-11-18 -
2025-02-16		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Frame ID: EE5FC4AF4E38ADA27E148B5F528E4750
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

RBC Royal Bank | Secure Sign In

Page URL History Show full URLs

  1. https://boogabearbpk.blogspot.com/ Page URL
  2. https://clickeraction.com/iyv2r Page URL
  3. https://hjisakdandkspa.com/ Page URL
  4. https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-E... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

12
Requests

100 %
HTTPS

71 %
IPv6

9
Domains

9
Subdomains

8
IPs

3
Countries

817 kB
Transfer

1454 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://boogabearbpk.blogspot.com/ Page URL
  2. https://clickeraction.com/iyv2r Page URL
  3. https://hjisakdandkspa.com/ Page URL
  4. https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
boogabearbpk.blogspot.com/ 		70 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://boogabearbpk.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
176c19c7e910f036e8dfa969f6b3a8dd61e97466622add5e451c76d1f65fb4de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
14435
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 15:54:50 GMT
etag
W/"025a06f194b475217630541333a28d437932807acb7bbb336ec7daa56ca467d6"
expires
Wed, 20 Nov 2024 15:54:50 GMT
last-modified
Mon, 18 Nov 2024 13:27:42 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
clipboard.min.js
www.gstatic.com/external_hosted/clipboardjs/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js
Requested by
Host: boogabearbpk.blogspot.com
URL: https://boogabearbpk.blogspot.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://boogabearbpk.blogspot.com/

Response headers

content-encoding
br
age
0
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 15:54:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 15:54:50 GMT
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=0
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
content-length
3475
x-xss-protection
0
server
sffe
3315978748-indie_compiled.js
resources.blogblog.com/blogblog/data/res/ 		136 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.blogblog.com/blogblog/data/res/3315978748-indie_compiled.js
Requested by
Host: boogabearbpk.blogspot.com
URL: https://boogabearbpk.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2009 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://boogabearbpk.blogspot.com/

Response headers

content-encoding
gzip
age
452365
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options
nosniff
expires
Fri, 22 Nov 2024 10:15:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 10:15:25 GMT
last-modified
Fri, 15 Nov 2024 07:55:09 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
content-length
47800
x-xss-protection
0
server
sffe
984859869-widgets.js
www.blogger.com/static/v1/widgets/ 		144 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/984859869-widgets.js
Requested by
Host: boogabearbpk.blogspot.com
URL: https://boogabearbpk.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2009 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://boogabearbpk.blogspot.com/

Response headers

content-encoding
gzip
age
420260
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 19:10:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 19:10:30 GMT
last-modified
Fri, 15 Nov 2024 07:55:09 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
content-length
51859
x-xss-protection
0
server
sffe
iyv2r
clickeraction.com/ 		67 B
347 B 		Document
General
Check archive.org
Download Go to
Full URL
https://clickeraction.com/iyv2r?
Requested by
Host: boogabearbpk.blogspot.com
URL: https://boogabearbpk.blogspot.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.3.19.74 , Russian Federation, ASN50340 (SELECTEL-MSK JSC Selectel, RU),
Reverse DNS
Software
nginx /
Resource Hash
2d6c91e1d6c69bb799a18263bb0eef698e75ebe1f973b9c0ccb35c8e17c274e5

Request headers

Referer
https://boogabearbpk.blogspot.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
67
Content-Type
text/html; charset=UTF-8
Date
Wed, 20 Nov 2024 15:54:50 GMT
ETag
"43-627566d9d78cf"
Keep-Alive
timeout=60
Last-Modified
Wed, 20 Nov 2024 11:26:59 GMT
Server
nginx
/
hjisakdandkspa.com/ 		194 B
295 B 		Document
General
Check archive.org
Download Go to
Full URL
https://hjisakdandkspa.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.175.45.180 Madrid, Spain, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
180.45.175.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
08df5f6b03b43c4d0c82262c930c9b90af3859842286d832e8eb99f2426c3854

Request headers

Referer
https://clickeraction.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
185
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 15:54:51 GMT
server
nginx
vary
Accept-Encoding
favicon.ico
clickeraction.com/ 		67 B
347 B 		Other
General
Check archive.org
Download Go to
Full URL
https://clickeraction.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.3.19.74 , Russian Federation, ASN50340 (SELECTEL-MSK JSC Selectel, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://clickeraction.com/iyv2r?

Response headers

ETag
"43-627566d9d78cf"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
67
Keep-Alive
timeout=60
Date
Wed, 20 Nov 2024 15:54:50 GMT
Content-Type
text/html; charset=UTF-8
Last-Modified
Wed, 20 Nov 2024 11:26:59 GMT
Server
nginx
Primary Request /
secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/ 		164 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Requested by
Host: hjisakdandkspa.com
URL: https://hjisakdandkspa.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.175.45.180 Madrid, Spain, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
180.45.175.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a84b8c211da1137c12f9d06d6e6b8392d73272fc57c6e24ec021b6a2b97408b5

Request headers

Referer
https://hjisakdandkspa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
20714
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 15:54:52 GMT
server
nginx
vary
Accept-Encoding
truncated
/ 		441 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa78f941fad055ff3ee821a040dc6157a03d30e5e3c1a6e3c6de6269be7a197c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		561 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a099741603bab19985341e786a58b230d380e046a4b64cffd889944fd0454a8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
signin-landing-branding.b8b3e1443ca549d81fdb.jpg
secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/frontend/img/ 		589 KB
590 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/frontend/img/signin-landing-branding.b8b3e1443ca549d81fdb.jpg
Requested by
Host: secure.royalbnk.com.login.vx-xvz.com
URL: https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.175.45.180 Madrid, Spain, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
180.45.175.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
99f26edad1d8c08f52aef24b697259c904d49662d1aae0007da502288a516d40

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/

Response headers

cache-control
max-age=315360000
etag
"673a5ef6-9341c"
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
content-length
603164
date
Wed, 20 Nov 2024 15:54:53 GMT
content-type
image/jpeg
last-modified
Sun, 17 Nov 2024 21:24:06 GMT
server
nginx
truncated
/ 		355 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6fd9ddd2c6c9fd1e15d5919547441753cd6b9076e16f77d17b861b78c168832

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		760 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f107564e5e4a31791588c91d2fe6a54dbeeec7a8998bde2d131c2a52b9b823a7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: secure.royalbnk.com.login.vx-xvz.com
URL: https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.royalbnk.com.login.vx-xvz.com/

Response headers

content-encoding
gzip
age
501557
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Fri, 14 Nov 2025 20:35:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 20:35:36 GMT
last-modified
Fri, 08 May 2020 07:05:03 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
31021
x-xss-protection
0
server
sffe
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/ 		248 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: secure.royalbnk.com.login.vx-xvz.com
URL: https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://secure.royalbnk.com.login.vx-xvz.com
Referer

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03ec4-3dee5"
age
510862
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmXIpPHaGHVfsCHUVtZ6R4UCuQ5u2G3qS9WAZYA4IRWHcMh01BvEnh4v9YIx9vwiGMkfzKWAxTKe3WiP9l7dp3z%2FdLhXsAHitXS5WHUVuVHQNBc%2FLnmqLxneef%2BKoanzH5%2FP90AGvlX51iSTA7D0O%2BnL"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Mon, 10 Nov 2025 15:54:53 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 15:54:53 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:11:48 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8e599f021b8fde9b-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
57137
server
cloudflare
favicon.ico
secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/frontend/img/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/frontend/img/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.175.45.180 Madrid, Spain, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
180.45.175.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
4ce04021dcad4967eb75870b28569d812455223682a6dfd6aa948115944c692d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/

Response headers

cache-control
max-age=315360000
etag
"673a5ef6-8be"
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
content-length
2238
date
Wed, 20 Nov 2024 15:54:53 GMT
content-type
image/x-icon
last-modified
Sun, 17 Nov 2024 21:24:06 GMT
server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: RBC (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| saveMe function| setInputFilter function| toPasswordForm function| toQuestionsForm function| evokeLoader

0 Cookies

3 Console Messages

Source Level URL
Text
network error URL: https://clickeraction.com/iyv2r?
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://clickeraction.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation verbose URL: https://secure.royalbnk.com.login.vx-xvz.com/login-service-ui/full/statics/4NCkwODk5Ni44TczMDU5NTY2xNzM/signin-LANGUAGE-ENGLISH/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block