Report - rb.gy/p0k05y

Report Overview

Visited public
2023-12-05 20:30:31
Tags
rbc_bank phishing financial
Submit Tags
URL
rb.gy/p0k05y
Finishing URL
www.ciennaclient.com/RBC/
IP / ASN
44.207.55.129
#14618 AMAZON-AES
Title
RBC Royal Bank – Secure Sign In
Phishing - RBC Royal Bank

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rb.gy	103780	2019-09-17	2019-10-11 21:55:07	2023-12-05 05:35:00	478 B	284 B	34.196.62.157
www.ciennaclient.com	unknown	2023-05-11	2023-09-11 16:01:33	2023-12-05 21:29:37	16 kB	721 kB	70.40.216.51
secure.royalbank.com	242380	1994-12-01	2021-10-19 18:30:31	2023-12-04 16:10:59	469 B	2.6 kB	2.21.204.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 20:30:19	low	34.196.62.157	Client IP	ET INFO Observed URL Shortening Service SSL/TLS Cert (rb.gy)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	www.ciennaclient.com/RBC/wwb18.min.js	ScriptElement	4.4 kB	2023-03-13	2025-04-24
Pretty URL www.ciennaclient.com/RBC/wwb18.min.js IP 70.40.216.51 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 22:38 Last Seen2025-04-24 14:11 Times Seen6 Hash d40dd26504e7cbc84b737868662b8407 cb673f3a3d5759722ff0dcd935401d96b8e47f9f 26b3bd98d6823c8967b77b7222f542def426ffa6679f1a83f27ec51fbaaf988d Loading...

	www.ciennaclient.com/RBC/	ScriptElement	0 B	0001-01-01	2025-07-15
Pretty URL www.ciennaclient.com/RBC/ IP 70.40.216.51 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-15 19:27 Times Seen5430847 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	EventHandler	66 B	2024-08-20	2024-08-20
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 16:38 Last Seen2024-08-20 16:38 Times Seen2 Hash ef715ec393bf99fb6bf90de577c4405c 7b442f4c63aafcbd17e524db6c99d0d67da23761 566f59efcbc2de31d2280b04a454dc8fb578d2aaaa0d735e665429a5b4268309 Loading...

	www.ciennaclient.com/RBC/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-07-15
Pretty URL www.ciennaclient.com/RBC/jquery-3.6.0.min.js IP 70.40.216.51 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-15 19:27 Times Seen244394 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.ciennaclient.com/RBC/jquery-ui.min.js	ScriptElement	254 kB	2023-03-07	2025-07-15
Pretty URL www.ciennaclient.com/RBC/jquery-ui.min.js IP 70.40.216.51 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19 Last Seen2025-07-15 13:59 Times Seen6074 Hash c15b1008dec3c8967ea657a7bb4baaec 78489e580adaef931e6e5b131dab556c397e4a1a 28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3 Loading...

HTTP Transactions (35)

URL IP Response Size

GET rb.gy/p0k05y

34.196.62.157

301 Moved Permanently

0 B

URL User Request GET HTTP/2
rb.gy/p0k05y
IP
34.196.62.157:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectrb.gy
FingerprintDB:A6:0C:96:5D:05:26:D6:95:BF:CD:A8:79:39:3C:DA:CC:7E:93:A5
ValiditySat, 19 Aug 2023 00:00:00 GMT - Mon, 16 Sep 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p0k05y HTTP/1.1
Host: rb.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 20:30:13 GMT
content-length: 0
location: https://www.ciennaclient.com/RBC
cache-control: no-cache, no-store
expires: -1
engine: Rebrandly.redirect, version 2.1
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC

70.40.216.51

301 Moved Permanently

241 B

URL User Request GET HTTP/2
www.ciennaclient.com/RBC
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
241 B (241 bytes)
Hash
abb9e3ac80f043ac662f16c8d4e15aa1
a144f4b2bf185efcf9a971b6f08b53838ba5595d
2ccbe9c4f6ed6190ecffcb085754946eea9d383e3ec231589d6114f9c51745aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 20:30:14 GMT
server: nginx/1.21.6
content-type: text/html; charset=iso-8859-1
content-length: 241
location: https://www.ciennaclient.com/RBC/
x-server-cache: false
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/

70.40.216.51

200 OK

1.7 kB

URL User Request GET HTTP/2
www.ciennaclient.com/RBC/
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.7 kB (1693 bytes)
Hash
6651fbe0c8d5ecc8fcadce7e94243efe
c44cabede1dd87df358365e0bc6cc171d884267c
9276c38bb701ecaa344f9e4212221af20701b2a0fddc5a4b4f50bdc63eed0e27

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/ HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 20:30:14 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 1693
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/Untitled1.css

70.40.216.51

200 OK

340 B

URL GET HTTP/2
www.ciennaclient.com/RBC/Untitled1.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page6.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
340 B (340 bytes)
Hash
c5c75fe060c01362b832291770fd6063
c76c6d7a7ca8146050809724d135637c389205e9
e5c59c0f43c9504ab6cd5be3ac0c2125431be6cee511139c7ec592e8a028332b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/Untitled1.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 340
content-type: text/css
date: Tue, 05 Dec 2023 20:30:14 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/index.css

70.40.216.51

200 OK

8.8 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/index.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
8.8 kB (8766 bytes)
Hash
fd0b624c63ccbdf838e5cbbd3eae7bee
32805e4375788b3177ead66aa840442a7a9b3b55
af9537ead0045a5a008c45d4544555306bbd5a4a280dfc49903b8c2583809476

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/index.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 8766
content-type: text/css
date: Tue, 05 Dec 2023 20:30:14 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/wwb18.min.js

70.40.216.51

200 OK

1.7 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/wwb18.min.js
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page2.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with very long lines (519), with CRLF line terminators
Size
1.7 kB (1716 bytes)
Hash
d40dd26504e7cbc84b737868662b8407
cb673f3a3d5759722ff0dcd935401d96b8e47f9f
26b3bd98d6823c8967b77b7222f542def426ffa6679f1a83f27ec51fbaaf988d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/wwb18.min.js HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1716
content-type: application/javascript
date: Tue, 05 Dec 2023 20:30:14 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20063645.png

70.40.216.51

200 OK

451 B

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20063645.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 14 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
451 B (451 bytes)
Hash
26bdf8b27d544d54988fa2903100ceb8
4423e9505ced757dd0d11c224fef387f49620bd7
64a4ee752fd98cae94ae2522426c58643167e2399a3bc2054ab89ba6b389e77d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20063645.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 451
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:14 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page3.html

70.40.216.51

200 OK

479 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page3.html
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
479 B (479 bytes)
Hash
67753dc9fae9892d6a3854962463d077
04385571c9c686643ec0b44d8c83b077a79f6c26
5c97c46dad6c8b031632d6d676aae5f7f95e56744ab5c0233d56e870e53e8bbc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page3.html HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 20:30:15 GMT
server: nginx/1.21.6
content-type: text/html
content-length: 479
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

GET secure.royalbank.com/statics/login-service-ui/favicon.ico

2.21.204.174

200 OK

2.2 kB

URL GET HTTP/2
secure.royalbank.com/statics/login-service-ui/favicon.ico
IP
2.21.204.174:443
ASN
#16625 AKAMAI-AS

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerDigiCert Inc
Subjectwww1.rbcinsurance.com
Fingerprint42:82:89:9F:C5:8C:17:7C:93:B9:67:41:1D:2D:96:B6:2A:92:97:EB
ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32\012- data
Size
2.2 kB (2238 bytes)
Hash
b5e87960e5522b05fac649f48c9bb15f
85ea38ec274bd884740fd3ee64f5cd6d5e950b54
4ce04021dcad4967eb75870b28569d812455223682a6dfd6aa948115944c692d

HTTP Headers

GET /statics/login-service-ui/favicon.ico HTTP/1.1
Host: secure.royalbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/x-icon
etag: "b5e87960e5522b05fac649f48c9bb15f:1701347352.63302"
last-modified: Thu, 30 Nov 2023 17:29:13 GMT
server: AkamaiNetStorage
content-length: 2238
date: Tue, 05 Dec 2023 20:30:15 GMT
cache-control: public, max-age=31536000, immutable
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%2005422444.png

70.40.216.51

200 OK

527 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%2005422444.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 683 x 607, 8-bit/color RGBA, non-interlaced\012- data
Size
527 kB (526612 bytes)
Hash
d07e556cf213cff3512475ab75b510b4
8a49d1f6fd66783d5e4c3a7de117c99952c045e1
fe56990ef69d0e425cf211d02a222b58e486a492345810db16ee346acd70bfe4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%2005422444.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 526612
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:15 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page2.html

70.40.216.51

200 OK

615 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page2.html
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
615 B (615 bytes)
Hash
bef298edd99fbb6a7e89e78c22fe7000
995447b31bc3bf368acb144f77a0977e23f9f0e2
d9b9156ae2d16776b6b138e3301790a82421babfc535b22531321933e262d0e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page2.html HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 20:30:15 GMT
server: nginx/1.21.6
content-type: text/html
content-length: 615
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/jquery-3.6.0.min.js

70.40.216.51

200 OK

40 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/jquery-3.6.0.min.js
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with very long lines (65447)
Size
40 kB (39566 bytes)
Hash
ef34733f263eb8e3cba95f9481d1afad
633f5218934396459a90df69e7273e8ba837b69a
a36053a6e6b536ad7e42c711d8d15c2bd7beafc9b0a9e75fcab672ab66ecee0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/jquery-3.6.0.min.js HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Tue, 05 Dec 2023 20:30:14 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page5.html

70.40.216.51

200 OK

481 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page5.html
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
481 B (481 bytes)
Hash
cc00d34f6736dc0ae45b743614fe07f5
ed69d8036eee277c32087dae9b1ad7eb63a8e8c6
4beebe4c57f5a5830c32ac90613763f6622cd14ed4d4692971c857cfc8d6e683

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page5.html HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 20:30:15 GMT
server: nginx/1.21.6
content-type: text/html
content-length: 481
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/jquery-ui.min.js

70.40.216.51

200 OK

92 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/jquery-ui.min.js
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with very long lines (32074)
Size
92 kB (91915 bytes)
Hash
0c6a1957e3e4e4f86b75ccb6a09025be
8b550e538295540e16736cc8464f25ccbfc68b8d
f8e85514dce4e6b9861de7daa0a0950f04b7b4b8d49d0c806ad7a74e24788cbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/jquery-ui.min.js HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Tue, 05 Dec 2023 20:30:14 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Unti22tled.png

70.40.216.51

200 OK

269 B

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Unti22tled.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page3.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 16 x 20, 8-bit/color RGB, non-interlaced\012- data
Size
269 B (269 bytes)
Hash
be738061f6a1a0f4bc073a24f5a597ed
4cad0012448c145542e539e102431d393104d915
a205d7584b7f6565f90e2c280c24679a1c53d51ecae729aa7937a2ae726f5c91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Unti22tled.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page3.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 269
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:15 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/Untitled1.css

70.40.216.51

200 OK

340 B

URL GET HTTP/2
www.ciennaclient.com/RBC/Untitled1.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page6.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
340 B (340 bytes)
Hash
c5c75fe060c01362b832291770fd6063
c76c6d7a7ca8146050809724d135637c389205e9
e5c59c0f43c9504ab6cd5be3ac0c2125431be6cee511139c7ec592e8a028332b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/Untitled1.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page3.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 340
content-type: text/css
date: Tue, 05 Dec 2023 20:30:15 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20062224.png

70.40.216.51

200 OK

1.6 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20062224.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page3.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 181 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1627 bytes)
Hash
ab54e06f577bc41e54157d37c75ac741
5d71145a1dfa5c537db4311a19c64e1c46ff40d7
2631e212b4dc7dab04216fede93affd60f9b96b89cff81fe9d7d899a11848656

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20062224.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page3.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 1627
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:15 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page3.css

70.40.216.51

200 OK

256 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page3.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page3.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
256 B (256 bytes)
Hash
3f7d991edf77ba32ec2c5f0a68ba815e
fd7c05b9bbc55498db3fac68350b685ae0471182
4e420ded99fb67d32ee3a70cf21ab1e584ca64e90cd528c40a7aee157f838084

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page3.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page3.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 256
content-type: text/css
date: Tue, 05 Dec 2023 20:30:15 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page2.css

70.40.216.51

200 OK

278 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page2.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page2.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
278 B (278 bytes)
Hash
0b21fb1a946b8c564c391aabeec40adf
a7635196d8f95961706c51ea315c1f69b493e804
436c380a8e627b6119792457d8c28f8185792f451fc73022a2bf2e7d9143c5fd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page2.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 278
content-type: text/css
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20054759.png

70.40.216.51

200 OK

305 B

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20054759.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page2.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
305 B (305 bytes)
Hash
effada7f33eea2168d46c8ef02c674c9
ea229146574f7250be5997002916b2eb5a2ea8c8
920306bf9f9bef3e20f85089c012f1be7b3c757969811cf447bb4692c6a1afb5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20054759.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 305
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%200549012.png

70.40.216.51

200 OK

2.1 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%200549012.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page2.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 247 x 27, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2143 bytes)
Hash
30c570f50428e13766f400faff3bceb5
7346c98e7591f3a1899a180e57d84b980edad7ef
bd47676d4a239b3d1564f405a534ec89d7daafd79951dd7e3f4a74d5221bbd70

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%200549012.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 2143
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%200542835.png

70.40.216.51

200 OK

657 B

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%200542835.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page2.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
657 B (657 bytes)
Hash
5f667dba117d1e4fae1c52d7682276f1
35f95c526d1260ed3ce61808e83269ca4326422d
6f9cded27a9e23334b10abb9cdc3266f75c63ccf1f8942449f6a2c0c123b373d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%200542835.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 657
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/wwb18.min.js

70.40.216.51

200 OK

1.7 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/wwb18.min.js
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page2.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with very long lines (519), with CRLF line terminators
Size
1.7 kB (1716 bytes)
Hash
d40dd26504e7cbc84b737868662b8407
cb673f3a3d5759722ff0dcd935401d96b8e47f9f
26b3bd98d6823c8967b77b7222f542def426ffa6679f1a83f27ec51fbaaf988d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/wwb18.min.js HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1716
content-type: application/javascript
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20061052.png

70.40.216.51

200 OK

2.4 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20061052.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page4.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 163 x 51, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2385 bytes)
Hash
82313f90f460927f982f20f85299fc6b
3d37408f37310daf62aebc2bbf5f5afe0233306a
c985ac526d3dfcd339f915300dadf2d9662bf93e17b385cea39936573f3a67a7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20061052.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page4.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 2385
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page4.css

70.40.216.51

200 OK

266 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page4.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page4.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
266 B (266 bytes)
Hash
8cd62a4b2df69298b372418ede70cc75
04bce40ea0361bab2e3c67d155664f7b6d6f747c
b0d40df0c6d486b77ef16ad8b723f6e05d94fe8ce85e9fc40ab9f195a07f29e2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page4.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page4.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 266
content-type: text/css
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20061652.png

70.40.216.51

200 OK

8.0 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20061652.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page4.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 344 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7969 bytes)
Hash
f5a0fac7e794181115882025bddbe529
2f555c99aea23034719d624c4dc68f448ea551e4
5236d4e4a802e634968aa3ac0fa0c707c972787417fc83b5331f610c392d3573

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20061652.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page4.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 7969
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202-12-04%20061336.png

70.40.216.51

200 OK

1.8 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202-12-04%20061336.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page4.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 407 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1840 bytes)
Hash
b8cdbd18c900965c915f5a09fd0746f7
35036dfb0535120185ee158edc448643b5099ef1
9843ec434dc3494204572edc071d5ec8b47cf0ff67a602b22c70a5a45a2ec8bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202-12-04%20061336.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page4.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 1840
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/Untitled1.css

70.40.216.51

200 OK

340 B

URL GET HTTP/2
www.ciennaclient.com/RBC/Untitled1.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page6.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
340 B (340 bytes)
Hash
c5c75fe060c01362b832291770fd6063
c76c6d7a7ca8146050809724d135637c389205e9
e5c59c0f43c9504ab6cd5be3ac0c2125431be6cee511139c7ec592e8a028332b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/Untitled1.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page6.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 340
content-type: text/css
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Unti22tled.png

70.40.216.51

200 OK

269 B

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Unti22tled.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page3.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 16 x 20, 8-bit/color RGB, non-interlaced\012- data
Size
269 B (269 bytes)
Hash
be738061f6a1a0f4bc073a24f5a597ed
4cad0012448c145542e539e102431d393104d915
a205d7584b7f6565f90e2c280c24679a1c53d51ecae729aa7937a2ae726f5c91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Unti22tled.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page5.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 269
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20065154.png

70.40.216.51

200 OK

13 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20065154.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page6.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 405 x 352, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12825 bytes)
Hash
bc0ad1661c69f9fb8e1e4889c1b3f0d1
c76e8091da0448f71a4871d519525bc3a38f7477
e1d509405800944d6828d023f579c1e4c813a2f9e64dc32028a66aebe9d4e9fd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20065154.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page6.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 12825
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20064318.png

70.40.216.51

200 OK

908 B

URL GET HTTP/2
www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20064318.png
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page5.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
PNG image data, 73 x 19, 8-bit/color RGBA, non-interlaced\012- data
Size
908 B (908 bytes)
Hash
6dbf3b2553527b54819705fb7f699325
3bc6e2e35c872f7d8c4afc78447b7c2230d40ffe
3a6f8989b627361880ad9cbb13b7f8820b183ed9da92c3c12f788f3c99ef9c5d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/images/Screenshot%202023-12-04%20064318.png HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page5.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
content-length: 908
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page6.css

70.40.216.51

200 OK

252 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page6.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page6.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
252 B (252 bytes)
Hash
fe926d81de7e3dde3d0904fb2dc49944
c472fe1e499c20ded1ef6cc04016fcd152add85d
585591db4801ef3b333b95b8c362715a4348d312773bb8d0ea5afefd4c14caf9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page6.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page6.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 252
content-type: text/css
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page5.css

70.40.216.51

200 OK

256 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page5.css
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/page5.html
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
ASCII text, with CRLF line terminators
Size
256 B (256 bytes)
Hash
e86c26b02554646f1e139ea1a340616e
37a987ab6c10ecfc4aff8a20033ca32be3d13ccc
ff0cf519db7067742d70fa9795d4f64a8275ee284a907ce07ddcac31f3130a9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page5.css HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/page5.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 256
content-type: text/css
date: Tue, 05 Dec 2023 20:30:16 GMT
server: Apache
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page4.html

70.40.216.51

200 OK

1.4 kB

URL GET HTTP/2
www.ciennaclient.com/RBC/page4.html
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1517), with no line terminators
Size
1.4 kB (1395 bytes)
Hash
f3c4d5cc0c4a02df000f839c505be8e6
ff999ab1da9f7070b6e7f5aa7ec5698e975f51c9
99daaedee729ff040dc10ce198017f18360b02b207cbce5f87a3822f051e587b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page4.html HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 20:30:15 GMT
server: nginx/1.21.6
content-type: text/html
content-length: 506
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

GET www.ciennaclient.com/RBC/page6.html

70.40.216.51

200 OK

991 B

URL GET HTTP/2
www.ciennaclient.com/RBC/page6.html
IP
70.40.216.51:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.ciennaclient.com/RBC/
Certificate
IssuerLet's Encrypt
Subjectautodiscover.ciennaclient.com
Fingerprint7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36
ValiditySat, 11 Nov 2023 14:01:15 GMT - Fri, 09 Feb 2024 14:01:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1077), with no line terminators
Size
991 B (991 bytes)
Hash
ecba7df4eeae094722a2984060775e64
4dcf81c2d48b2237f74d62738a781db20122c66d
4e337912a0aac0bd16abc677e9edfa71d77a05934e385ad8a247eaf505c5e0bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - RBC Royal Bank

HTTP Headers

GET /RBC/page6.html HTTP/1.1
Host: www.ciennaclient.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ciennaclient.com/RBC/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 20:30:15 GMT
server: nginx/1.21.6
content-type: text/html
content-length: 430
last-modified: Tue, 05 Dec 2023 02:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash