www.royalegyptian.pk

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 167.114.45.139, located in Montréal, Canada and belongs to OVH, FR. The main domain is www.royalegyptian.pk.

This is the only time www.royalegyptian.pk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	167.114.45.139 167.114.45.139	16276 (OVH) (OVH)
1	54.148.84.95 54.148.84.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2

5 167.114.45.139 (Montréal, Canada)

ASN16276 (OVH, FR)
PTR: itech82.com

www.royalegyptian.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.84.95 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	royalegyptian.pk www.royalegyptian.pk	74 KB
1	sitepoint.com www.sitepoint.com	6 KB
6	2

	Domain	Requested by
5	www.royalegyptian.pk	www.royalegyptian.pk
1	www.sitepoint.com	www.royalegyptian.pk
6	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php
Frame ID: 6FD00E2C2BEDC058F6F895DC039374B9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

80 kB
Transfer

91 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set Up-dating4.php Show response www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/	3 KB 2 KB	838ms 838ms	Document text/html	167.114.45.139 OVH
General Check archive.org Show headers Download Go to Full URL http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Protocol HTTP/1.1 Server 167.114.45.139 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS itech82.com Software Apache / Resource Hash `eebf59e2236489b4c54fff44e8cef8363cc83a7b3a6413e6b7bb876ec63e0270` Request headers Host www.royalegyptian.pk Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 6FD00E2C2BEDC058F6F895DC039374B9 Response headers Date Wed, 04 Jul 2018 22:51:43 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=en8lj2i4k1dvmrh7eo5gq2uvd6; path=/ Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 1346 Keep-Alive timeout=5, max=93 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	MaskedPassword.js Show response www.sitepoint.com/examples/password/MaskedPassword/	17 KB 6 KB	179ms 178ms	Script application/javascript	54.148.84.95 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js Requested by Host: www.royalegyptian.pk URL: http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Protocol HTTP/1.1 Server 54.148.84.95 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-54-148-84-95.us-west-2.compute.amazonaws.com Software Apache/2.2.22 (Debian) / Resource Hash `2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825` Request headers Referer http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 04 Jul 2018 13:45:12 GMT Content-Encoding gzip X-Cache-Lookup HIT from ip-172-31-30-199.us-west-2.compute.internal:3128 Last-Modified Fri, 15 Oct 2010 00:03:45 GMT Server Apache/2.2.22 (Debian) Age 3955 ETag "680936-4208-4929c8f629a40" Vary Accept-Encoding X-Cache HIT from ip-172-31-30-199.us-west-2.compute.internal Content-Type application/javascript Accept-Ranges bytes Content-Length 5767
GET H/1.1	200 OK	bo2.png www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/	12 KB 12 KB	182ms 181ms	Image image/png	167.114.45.139 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/bo2.png Requested by Host: www.royalegyptian.pk URL: http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Protocol HTTP/1.1 Server 167.114.45.139 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS itech82.com Software Apache / Resource Hash `6d8276584e778ded8c1d94897c0cccd08d36f1e7940f418090fe4089e50123e3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.royalegyptian.pk User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Cookie PHPSESSID=en8lj2i4k1dvmrh7eo5gq2uvd6 Connection keep-alive Cache-Control no-cache Referer http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 04 Jul 2018 22:51:43 GMT Last-Modified Wed, 04 Jul 2018 22:45:06 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 12311
GET H/1.1	200 OK	bo1.png www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/	57 KB 57 KB	170ms 169ms	Image image/png	167.114.45.139 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/bo1.png Requested by Host: www.royalegyptian.pk URL: http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Protocol HTTP/1.1 Server 167.114.45.139 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS itech82.com Software Apache / Resource Hash `28b4667350a8bbee3866efb87814c9808d928e667cceff2f86bfa99fca89e5c9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.royalegyptian.pk User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Cookie PHPSESSID=en8lj2i4k1dvmrh7eo5gq2uvd6 Connection keep-alive Cache-Control no-cache Referer http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 04 Jul 2018 22:51:44 GMT Last-Modified Wed, 04 Jul 2018 22:45:06 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 57980
GET H/1.1	200 OK	cancel.png www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/	1 KB 2 KB	172ms 169ms	Image image/png	167.114.45.139 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/cancel.png Requested by Host: www.royalegyptian.pk URL: http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Protocol HTTP/1.1 Server 167.114.45.139 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS itech82.com Software Apache / Resource Hash `8680521eaccf4c2e7b811a9b48eeb1253483addd139d6fc8203d31068336d7e3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.royalegyptian.pk User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Cookie PHPSESSID=en8lj2i4k1dvmrh7eo5gq2uvd6 Connection keep-alive Cache-Control no-cache Referer http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 04 Jul 2018 22:51:44 GMT Last-Modified Wed, 04 Jul 2018 22:45:06 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 1515
GET H/1.1	200 OK	continue.png www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/	2 KB 2 KB	228ms 135ms	Image image/png	167.114.45.139 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/images/continue.png Requested by Host: www.royalegyptian.pk URL: http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Protocol HTTP/1.1 Server 167.114.45.139 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS itech82.com Software Apache / Resource Hash `389beee741855c0e9dc57e8fc0134d0cc39302175245c6647bd8301922eab856` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.royalegyptian.pk User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php Cookie PHPSESSID=en8lj2i4k1dvmrh7eo5gq2uvd6 Connection keep-alive Cache-Control no-cache Referer http://www.royalegyptian.pk/wp-admin/Mini%20Card/d41d8cd98f00b204e9800998ecf8427e/Up-dating4.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 04 Jul 2018 22:51:44 GMT Last-Modified Wed, 04 Jul 2018 22:45:06 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1566

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Bank of America (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword function| unhideBody

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.royalegyptian.pk/	1969-12-31 23:59:59	Name: PHPSESSID Value: en8lj2i4k1dvmrh7eo5gq2uvd6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.royalegyptian.pk
www.sitepoint.com
167.114.45.139
54.148.84.95
28b4667350a8bbee3866efb87814c9808d928e667cceff2f86bfa99fca89e5c9
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
389beee741855c0e9dc57e8fc0134d0cc39302175245c6647bd8301922eab856
6d8276584e778ded8c1d94897c0cccd08d36f1e7940f418090fe4089e50123e3
8680521eaccf4c2e7b811a9b48eeb1253483addd139d6fc8203d31068336d7e3
eebf59e2236489b4c54fff44e8cef8363cc83a7b3a6413e6b7bb876ec63e0270

www.royalegyptian.pk Open in urlscan Pro 167.114.45.139 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

80 kBTransfer

91 kBSize

1 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

www.royalegyptian.pk Open in urlscan Pro
167.114.45.139 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

80 kB
Transfer

91 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!