{"report_id":"951f50b7-dfc3-40e2-8d7b-f8c118e203e7","version":6,"status":"done","tags":["rbc_bank","phishing","financial"],"date":"2023-12-05T20:30:31Z","url":{"schema":"https","addr":"rb.gy/p0k05y","fqdn":"rb.gy","domain":"rb.gy","tld":"gy"},"ip":{"addr":"44.207.55.129","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"title":"RBC Royal Bank – Secure Sign In"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T08:56:34Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"rb.gy","ip":{"addr":"34.196.62.157","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2019-09-17","domain_rank":103780,"first_seen":"2019-10-11 21:55:07","last_seen":"2023-12-05 05:35:00","alert_count":0,"request_count":1,"received_data":284,"sent_data":478,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.ciennaclient.com","ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"domain_registered":"2023-05-11","domain_rank":0,"first_seen":"2023-09-11 16:01:33","last_seen":"2023-12-05 21:29:37","alert_count":33,"request_count":33,"received_data":721049,"sent_data":16337,"comment":"","tags":null,"fingerprints":null},{"fqdn":"secure.royalbank.com","ip":{"addr":"2.21.204.174","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Sweden","country_code":"SE"},"domain_registered":"1994-12-01","domain_rank":242380,"first_seen":"2021-10-19 18:30:31","last_seen":"2023-12-04 16:10:59","alert_count":0,"request_count":1,"received_data":2565,"sent_data":469,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T20:30:19Z","timestamp":1701808219,"ip_dst":{"addr":"Client IP","port":42568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.196.62.157","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Observed URL Shortening Service SSL/TLS Cert (rb.gy)","source":"{\"timestamp\":\"2023-12-05T20:30:19.562618+0000\",\"flow_id\":1714055016057197,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"34.196.62.157\",\"src_port\":443,\"dest_ip\":\"10.70.215.137\",\"dest_port\":42568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036628,\"rev\":2,\"signature\":\"ET INFO Observed URL Shortening Service SSL/TLS Cert (rb.gy)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2022_05_19\"],\"former_category\":[\"POLICY\"],\"updated_at\":[\"2022_05_19\"]}},\"tls\":{\"subject\":\"CN=rb.gy\",\"issuerdn\":\"C=US, O=Amazon, CN=Amazon RSA 2048 M01\",\"serial\":\"04:BA:2B:2F:92:13:2B:1D:84:C2:59:33:F2:E6:9D:B4\",\"fingerprint\":\"db:a6:0c:96:5d:05:26:d6:95:bf:cd:a8:79:39:3c:da:cc:7e:93:a5\",\"sni\":\"rb.gy\",\"version\":\"TLS 1.2\",\"notbefore\":\"2023-08-19T00:00:00\",\"notafter\":\"2024-09-16T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"50a9e7b112931e541503e8a2499252b9\",\"string\":\"771,49199,0-11-65281-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1297,\"bytes_toclient\":5864,\"start\":\"2023-12-05T20:30:19.231789+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/wwb18.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d40dd26504e7cbc84b737868662b8407","sha1":"cb673f3a3d5759722ff0dcd935401d96b8e47f9f","sha256":"26b3bd98d6823c8967b77b7222f542def426ffa6679f1a83f27ec51fbaaf988d","sha512":"846626fadff05485aabc787fb11011d9ab097eced300cdd91e5045d570bc5c171a77ac51aed399beae811303d4d0d087388a6ea4ef0051fc3b7f5662587bee71","ssdeep":"96:vzRwNufrjxrjHY1vFyktMTyONve1dBFtBXBvFBn2FOHj2q1:1wNynxn41djOeJZTHj26","tlshash":"dea155dbb050f476828b0fbb01bf0c266471dc94a48699343564e749e838dfa136fa6e","size":4440,"data":"","first_seen":"2023-03-13T22:38:25Z","last_seen":"2026-04-29T03:52:56.976558Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T07:45:48.950283Z","times_seen":14725783,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eventHandler","is_inline":false,"md5":"ef715ec393bf99fb6bf90de577c4405c","sha1":"7b442f4c63aafcbd17e524db6c99d0d67da23761","sha256":"566f59efcbc2de31d2280b04a454dc8fb578d2aaaa0d735e665429a5b4268309","sha512":"779508ddb3123b834ff48d1dd5d92c675da52968d1e536ec6e8c1d5a16b7f2843083fc131e90774d1f551b56e729d3484d48e3173f5694e9f2cadcc73f68c2ca","ssdeep":"","tlshash":"dfa0024620c2f9fc93e9ca964835cc07e1a4d4a524adfdd6d28555c0b5d01ca5650d52","size":66,"data":"","first_seen":"2024-08-20T16:38:49.798778Z","last_seen":"2024-08-20T16:38:51.046214Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/jquery-3.6.0.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-05-06T07:44:41.204027Z","times_seen":462584,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/jquery-ui.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c15b1008dec3c8967ea657a7bb4baaec","sha1":"78489e580adaef931e6e5b131dab556c397e4a1a","sha256":"28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3","sha512":"bada3d9a5433aece7d57020b70b89161e2ca3cf6d2fdb4fbd5d6bf38405813071d35493c8d8232f83d7be91628a29d436be7fd9af918ae68f93022d9584b50b8","ssdeep":"3072:FkHOJD1g7SV7opRBbDrtnAcKYvFJi/5PLO1aG0qF2/nwOW16j:q9/KvjOVlFYQ16j","tlshash":"1f44f74d72003a2296dbe2a5103b2a0fa237515da605805cb53dcedf9e7de4431bbfb9","size":253669,"data":"","first_seen":"2023-03-07T01:19:34Z","last_seen":"2026-05-06T07:08:52.992443Z","times_seen":19750,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rb.gy/p0k05y","fqdn":"rb.gy","domain":"rb.gy","tld":"gy"},"ip":{"addr":"34.196.62.157","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T20:30:19.233Z","timestamp":1701808219233,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rb.gy","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sat, 19 Aug 2023 00:00:00 GMT","end":"Mon, 16 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"DB:A6:0C:96:5D:05:26:D6:95:BF:CD:A8:79:39:3C:DA:CC:7E:93:A5","sha256":"1B:2F:AA:85:6F:81:32:4C:99:59:CA:C0:9E:29:73:5A:60:4C:20:6E:93:EE:5A:3E:2A:39:E6:CA:FF:63:77:E6"}}},"request":{"raw":"GET /p0k05y HTTP/1.1\r\nHost: rb.gy\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 05 Dec 2023 20:30:13 GMT\r\ncontent-length: 0\r\nlocation: https://www.ciennaclient.com/RBC\r\ncache-control: no-cache, no-store\r\nexpires: -1\r\nengine: Rebrandly.redirect, version 2.1\r\nstrict-transport-security: max-age=15552000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T07:45:48.950283Z","times_seen":14725783,"resource_available":true,"data":null}},"time_used":778,"timings":{"blocked":331,"dns":3,"connect":100,"send":0,"wait":109,"receive":3,"ssl":228},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T20:30:19.689Z","timestamp":1701808219689,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 241\r\nlocation: https://www.ciennaclient.com/RBC/\r\nx-server-cache: false\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":241,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"abb9e3ac80f043ac662f16c8d4e15aa1","sha1":"a144f4b2bf185efcf9a971b6f08b53838ba5595d","sha256":"2ccbe9c4f6ed6190ecffcb085754946eea9d383e3ec231589d6114f9c51745aa","sha512":"2ce4d9bf1fa577e9ff9f6be6374f672d51794c5c1d8061a4786aed9ed33b38443db6154a1ac43d2d2070f2ac5f3a2b78acae68b098cdbf8efd4168d75b1422d9","ssdeep":"","tlshash":"a4d097fd978220d1b4833780f9c120e174aa00b0a58658e915eb2848c208072484e0c8","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:30:34Z","times_seen":1,"resource_available":false,"data":null}},"time_used":950,"timings":{"blocked":364,"dns":1,"connect":176,"send":0,"wait":223,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T20:30:20.280Z","timestamp":1701808220280,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/ HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1693\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1693,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"6651fbe0c8d5ecc8fcadce7e94243efe","sha1":"c44cabede1dd87df358365e0bc6cc171d884267c","sha256":"9276c38bb701ecaa344f9e4212221af20701b2a0fddc5a4b4f50bdc63eed0e27","sha512":"ec928a79cf19f0bd088537afcf3281d307b4cfa73089bded3bdb8f591a0b98463bdba37a17ab0ca763ec87c1c9c766bb2e4db0abf6989a3fe3f021832be8fa98","ssdeep":"48:0WtvP1aIaIaJDn8wOz1rWaCTAvjpQkiiqbhnpQkw4vi+pQNwAW+iBmLi4BmrBV5r:taIaIaxnyiKQAWdBuHBuh","tlshash":"46c1dc6390ba8c5f1ab710b168b17b8ae046c3016707ed4492fb7fc3d7d594b99d7a10","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/Untitled1.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page6.html","date":"2023-12-05T20:30:22.317Z","timestamp":1701808222317,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/Untitled1.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 340\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":340,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c5c75fe060c01362b832291770fd6063","sha1":"c76c6d7a7ca8146050809724d135637c389205e9","sha256":"e5c59c0f43c9504ab6cd5be3ac0c2125431be6cee511139c7ec592e8a028332b","sha512":"c57152adda3811fa18b794b371bd64010e929427a5bdb58335c514a489e265e026f1b7226719393aaddbee13fb3a7c23f278913115837aae0d2b681d0fe89c2e","ssdeep":"","tlshash":"f241f159e210529af23b8c1937f76212c73d30a579a28b38ff8c8250dc79154bab278d","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/index.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:20.838Z","timestamp":1701808220838,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/index.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 8766\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8766,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"fd0b624c63ccbdf838e5cbbd3eae7bee","sha1":"32805e4375788b3177ead66aa840442a7a9b3b55","sha256":"af9537ead0045a5a008c45d4544555306bbd5a4a280dfc49903b8c2583809476","sha512":"9e6e40bad7b1358532858e881d0211d420842062f783268fee7c37eeeaa42b6c287d2bd8ea382b42efcd74fa5430d88aaa55e3f1ad45d1f467a5cdb271f19620","ssdeep":"384:I3ggVzmdciM5yL46tnHFBTZBEX71/UuVtXv9hB7/Blq1Czr:+","tlshash":"d2030f9cda249059a333e4805bbb4b65e74749101f06887abfdab313dc7678c15b2fd8","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/wwb18.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.ciennaclient.com/RBC/page2.html","date":"2023-12-05T20:30:22.295Z","timestamp":1701808222295,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/wwb18.min.js HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 1716\r\ncontent-type: application/javascript\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1716,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (519), with CRLF line terminators","md5":"d40dd26504e7cbc84b737868662b8407","sha1":"cb673f3a3d5759722ff0dcd935401d96b8e47f9f","sha256":"26b3bd98d6823c8967b77b7222f542def426ffa6679f1a83f27ec51fbaaf988d","sha512":"846626fadff05485aabc787fb11011d9ab097eced300cdd91e5045d570bc5c171a77ac51aed399beae811303d4d0d087388a6ea4ef0051fc3b7f5662587bee71","ssdeep":"96:vzRwNufrjxrjHY1vFyktMTyONve1dBFtBXBvFBn2FOHj2q1:1wNynxn41djOeJZTHj26","tlshash":"dea155dbb050f476828b0fbb01bf0c266471dc94a48699343564e749e838dfa136fa6e","first_seen":"2023-03-13T22:38:25Z","last_seen":"2026-04-29T03:52:56.976558Z","times_seen":12,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20063645.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:20.846Z","timestamp":1701808220846,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20063645.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 451\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":451,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 20, 8-bit/color RGBA, non-interlaced\\012- data","md5":"26bdf8b27d544d54988fa2903100ceb8","sha1":"4423e9505ced757dd0d11c224fef387f49620bd7","sha256":"64a4ee752fd98cae94ae2522426c58643167e2399a3bc2054ab89ba6b389e77d","sha512":"f1f21248bd035c931dd3e92d15252681d3f1d212bed695c29630b4c6336a908268b5c63dcfc1399a25688b5c588dec1c0302c314d95a167af845bca14a68bcb6","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page3.html","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.615Z","timestamp":1701808221615,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page3.html HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html\r\ncontent-length: 479\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"67753dc9fae9892d6a3854962463d077","sha1":"04385571c9c686643ec0b44d8c83b077a79f6c26","sha256":"5c97c46dad6c8b031632d6d676aae5f7f95e56744ab5c0233d56e870e53e8bbc","sha512":"3c0df364f70cf4b08605392d1ed883e220e1348a026c12f23f7e6f2c0111ca69abee69465e904a4ab5a0fefe4d8636273dfce74b8e2d64b6fecb6bc4c610a746","ssdeep":"","tlshash":"a521d2638439dc0aa734523af58237edc053458a4f73ae09e1db106be188a46951f18d","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"secure.royalbank.com/statics/login-service-ui/favicon.ico","fqdn":"secure.royalbank.com","domain":"royalbank.com","tld":"com"},"ip":{"addr":"2.21.204.174","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.783Z","timestamp":1701808221783,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www1.rbcinsurance.com","organization":"Royal Bank of Canada"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 27 Nov 2023 00:00:00 GMT","end":"Tue, 26 Nov 2024 23:59:59 GMT"},"fingerprint":{"sha1":"42:82:89:9F:C5:8C:17:7C:93:B9:67:41:1D:2D:96:B6:2A:92:97:EB","sha256":"72:C3:AF:1B:54:3A:C7:74:77:3E:FE:41:8C:43:6E:BF:7F:27:A6:1F:E8:5D:BB:00:9B:5E:7F:7C:A8:65:E9:C9"}}},"request":{"raw":"GET /statics/login-service-ui/favicon.ico HTTP/1.1\r\nHost: secure.royalbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\netag: \"b5e87960e5522b05fac649f48c9bb15f:1701347352.63302\"\r\nlast-modified: Thu, 30 Nov 2023 17:29:13 GMT\r\nserver: AkamaiNetStorage\r\ncontent-length: 2238\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2238,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32\\012- data","md5":"b5e87960e5522b05fac649f48c9bb15f","sha1":"85ea38ec274bd884740fd3ee64f5cd6d5e950b54","sha256":"4ce04021dcad4967eb75870b28569d812455223682a6dfd6aa948115944c692d","sha512":"4a9bd07bfce91a6db351f3da7520236d5798936943785a98b2de6ab4b418b6c00b4f3600760695204540655590878173db45b58f2619645fce466019fd3863e0","ssdeep":"","tlshash":"5841b2271712888cd6948936888a886c3354f55b80af7e9133c14e2f6d13feadf5901b","first_seen":"2023-05-02T12:50:38Z","last_seen":"2026-05-05T12:51:33.037599Z","times_seen":241,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":98,"connect":8,"send":0,"wait":14,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%2005422444.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.650Z","timestamp":1701808221650,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%2005422444.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 526612\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":526612,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 683 x 607, 8-bit/color RGBA, non-interlaced\\012- data","md5":"d07e556cf213cff3512475ab75b510b4","sha1":"8a49d1f6fd66783d5e4c3a7de117c99952c045e1","sha256":"fe56990ef69d0e425cf211d02a222b58e486a492345810db16ee346acd70bfe4","sha512":"cccca41c0a1387e75751a3bc706057d10cad5a116561bcf550eda2a429a596657fc61fd35c7f4740967e54691d8031c1771bc51c5e4f0b11d04897030b02be71","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":193,"receive":369,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page2.html","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.630Z","timestamp":1701808221630,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page2.html HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html\r\ncontent-length: 615\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":615,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"bef298edd99fbb6a7e89e78c22fe7000","sha1":"995447b31bc3bf368acb144f77a0977e23f9f0e2","sha256":"d9b9156ae2d16776b6b138e3301790a82421babfc535b22531321933e262d0e7","sha512":"3b8a1c3826b35125af26123198dd18b25790bd20eed25b251d6e0445789e995799719f4312516ad483ffba21e9e68b3bd9933a8a378a98d0d49b93550ffe2330","ssdeep":"","tlshash":"7e3176935439ec2a9735e337f8527bacc02380c91f639d0ce1e70463d4c47868e1aa8c","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/jquery-3.6.0.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:20.840Z","timestamp":1701808220840,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/jquery-3.6.0.min.js HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: application/javascript\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39566,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65447)","md5":"ef34733f263eb8e3cba95f9481d1afad","sha1":"633f5218934396459a90df69e7273e8ba837b69a","sha256":"a36053a6e6b536ad7e42c711d8d15c2bd7beafc9b0a9e75fcab672ab66ecee0f","sha512":"707d8372608f213e5ae5362f769e89fe46ae994b3ffb2d4b10dbda3670365fa23916891b6fb995313723f2d5e3bb180b68b5f9218478097f30a41cb532916fce","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vK:DIh8GgP3hujzwbhd3XvSiDQ47GKY","tlshash":"379309ddb2c6702257a720ba007f510bf236199d6c4d8450f165d8eabcb8a4e827bf7d","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:30:34Z","times_seen":1,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page5.html","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.642Z","timestamp":1701808221642,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page5.html HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html\r\ncontent-length: 481\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":481,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"cc00d34f6736dc0ae45b743614fe07f5","sha1":"ed69d8036eee277c32087dae9b1ad7eb63a8e8c6","sha256":"4beebe4c57f5a5830c32ac90613763f6622cd14ed4d4692971c857cfc8d6e683","sha512":"fa517041853fc7191f1b21015911f8817b425dcc5f0eb97de2cfc15d5b320166cee1d3d168bff16bcecb4425d303e8911cf949487ab42b50214ee96399f7e4e2","ssdeep":"","tlshash":"f721c1638439dc0eab39933af58237eec053498a4f73ad09e1db106bd1d8a56d52f18d","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/jquery-ui.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:20.842Z","timestamp":1701808220842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/jquery-ui.min.js HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: application/javascript\r\ndate: Tue, 05 Dec 2023 20:30:14 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":91915,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (32074)","md5":"0c6a1957e3e4e4f86b75ccb6a09025be","sha1":"8b550e538295540e16736cc8464f25ccbfc68b8d","sha256":"f8e85514dce4e6b9861de7daa0a0950f04b7b4b8d49d0c806ad7a74e24788cbb","sha512":"b1b82c351c6dba813ddf3656c60b106604d43b93aec1c865f593d800117b43107e1416fd589dafd7e69496f4a9ba27f49ff24d45450e9d4b77021df3ed8ca3f6","ssdeep":"3072:FkHOJD1g7SV7opRBbDrtnAcKYvFJi/5PLO1aG0qF2/nwOW16B:q9/KvjOVlFYQ16B","tlshash":"4e44f74d72003a2296dbe2a5103b2a0fa237515da605805cb53dcedf9e7de4431bbfb9","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:30:34Z","times_seen":1,"resource_available":false,"data":null}},"time_used":537,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":537,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Unti22tled.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page3.html","date":"2023-12-05T20:30:21.847Z","timestamp":1701808221847,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Unti22tled.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page3.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 269\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":269,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 20, 8-bit/color RGB, non-interlaced\\012- data","md5":"be738061f6a1a0f4bc073a24f5a597ed","sha1":"4cad0012448c145542e539e102431d393104d915","sha256":"a205d7584b7f6565f90e2c280c24679a1c53d51ecae729aa7937a2ae726f5c91","sha512":"cd283b3ebc54cfe0775ad38947f42bad8c725003183df3f113f522a8ba6c96eceaef08527ca20e54f0b508c7593f51214bb70f0634dbbe994b0db7494a978c5a","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":401,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/Untitled1.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page6.html","date":"2023-12-05T20:30:22.317Z","timestamp":1701808222317,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/Untitled1.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page3.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 340\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":340,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c5c75fe060c01362b832291770fd6063","sha1":"c76c6d7a7ca8146050809724d135637c389205e9","sha256":"e5c59c0f43c9504ab6cd5be3ac0c2125431be6cee511139c7ec592e8a028332b","sha512":"c57152adda3811fa18b794b371bd64010e929427a5bdb58335c514a489e265e026f1b7226719393aaddbee13fb3a7c23f278913115837aae0d2b681d0fe89c2e","ssdeep":"","tlshash":"f241f159e210529af23b8c1937f76212c73d30a579a28b38ff8c8250dc79154bab278d","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20062224.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page3.html","date":"2023-12-05T20:30:21.845Z","timestamp":1701808221845,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20062224.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page3.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1627\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1627,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 181 x 18, 8-bit/color RGBA, non-interlaced\\012- data","md5":"ab54e06f577bc41e54157d37c75ac741","sha1":"5d71145a1dfa5c537db4311a19c64e1c46ff40d7","sha256":"2631e212b4dc7dab04216fede93affd60f9b96b89cff81fe9d7d899a11848656","sha512":"04c9193ae94725ba5ed976b1f1fb66baf4d408fa74fbe5fce04046682a0323dd010944ebd0654afd0883287915b45e057f16e4f3742fcf808cf6144d6dfe6ecd","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page3.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page3.html","date":"2023-12-05T20:30:21.842Z","timestamp":1701808221842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page3.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page3.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 256\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":256,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"3f7d991edf77ba32ec2c5f0a68ba815e","sha1":"fd7c05b9bbc55498db3fac68350b685ae0471182","sha256":"4e420ded99fb67d32ee3a70cf21ab1e584ca64e90cd528c40a7aee157f838084","sha512":"942cb4428e978b17340b8148b200f987861f9f0170310e4fc24f39dc669423e263ba802d371b0dec2775a245ad31f8ea866b509b64f621a875a1094ce1a9e3ec","ssdeep":"","tlshash":"7c0126549f299080f23ec49077baa6b8f70625901f800772fbe17723dc30ba81171b88","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page2.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page2.html","date":"2023-12-05T20:30:22.289Z","timestamp":1701808222289,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page2.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page2.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 278\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":278,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"0b21fb1a946b8c564c391aabeec40adf","sha1":"a7635196d8f95961706c51ea315c1f69b493e804","sha256":"436c380a8e627b6119792457d8c28f8185792f451fc73022a2bf2e7d9143c5fd","sha512":"c3ba4616686a2fc4e45de58727e16ec5244dc696dbe2971f1d02af223a36cd734f73e14e55ef7895b04b3b905a3293ea3b6304457e93d92437ffef97261fe494","ssdeep":"","tlshash":"6011c2946f299090e23dd59077ba96b8f74625905f840676fbe17723dc30ba801b1a88","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20054759.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page2.html","date":"2023-12-05T20:30:22.297Z","timestamp":1701808222297,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20054759.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page2.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 305\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":305,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced\\012- data","md5":"effada7f33eea2168d46c8ef02c674c9","sha1":"ea229146574f7250be5997002916b2eb5a2ea8c8","sha256":"920306bf9f9bef3e20f85089c012f1be7b3c757969811cf447bb4692c6a1afb5","sha512":"1c28db5d583fa392c8acb9495526bbb2d82013d6f138d1c95b316d095793922ec0b955e0dc740c1704c48b43ec6c27f8361966d25fbd3bf0bc78a8afefe26885","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%200549012.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page2.html","date":"2023-12-05T20:30:22.296Z","timestamp":1701808222296,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%200549012.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page2.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2143\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 247 x 27, 8-bit/color RGBA, non-interlaced\\012- data","md5":"30c570f50428e13766f400faff3bceb5","sha1":"7346c98e7591f3a1899a180e57d84b980edad7ef","sha256":"bd47676d4a239b3d1564f405a534ec89d7daafd79951dd7e3f4a74d5221bbd70","sha512":"54a4ea6567a2ad59f3e430ac2eea0a7669164621104c340eae25cb14284ff4160f39e52005d383e95028db8e59305eb0bc3330105cba202b23ecd87a3072f705","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%200542835.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page2.html","date":"2023-12-05T20:30:22.299Z","timestamp":1701808222299,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%200542835.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page2.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 657\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":657,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\\012- data","md5":"5f667dba117d1e4fae1c52d7682276f1","sha1":"35f95c526d1260ed3ce61808e83269ca4326422d","sha256":"6f9cded27a9e23334b10abb9cdc3266f75c63ccf1f8942449f6a2c0c123b373d","sha512":"f55521eb672cc33dfce59249b7517cf3d7e27ee4fc70907b8070f592ab110f84724e78eb244a3422550a9601a8ba2eddc2b64199e30fd52586e5e196aae201d5","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/wwb18.min.js","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.ciennaclient.com/RBC/page2.html","date":"2023-12-05T20:30:22.295Z","timestamp":1701808222295,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/wwb18.min.js HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page2.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 1716\r\ncontent-type: application/javascript\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1716,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (519), with CRLF line terminators","md5":"d40dd26504e7cbc84b737868662b8407","sha1":"cb673f3a3d5759722ff0dcd935401d96b8e47f9f","sha256":"26b3bd98d6823c8967b77b7222f542def426ffa6679f1a83f27ec51fbaaf988d","sha512":"846626fadff05485aabc787fb11011d9ab097eced300cdd91e5045d570bc5c171a77ac51aed399beae811303d4d0d087388a6ea4ef0051fc3b7f5662587bee71","ssdeep":"96:vzRwNufrjxrjHY1vFyktMTyONve1dBFtBXBvFBn2FOHj2q1:1wNynxn41djOeJZTHj26","tlshash":"dea155dbb050f476828b0fbb01bf0c266471dc94a48699343564e749e838dfa136fa6e","first_seen":"2023-03-13T22:38:25Z","last_seen":"2026-04-29T03:52:56.976558Z","times_seen":12,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20061052.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page4.html","date":"2023-12-05T20:30:22.302Z","timestamp":1701808222302,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20061052.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page4.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2385\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2385,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 163 x 51, 8-bit/color RGBA, non-interlaced\\012- data","md5":"82313f90f460927f982f20f85299fc6b","sha1":"3d37408f37310daf62aebc2bbf5f5afe0233306a","sha256":"c985ac526d3dfcd339f915300dadf2d9662bf93e17b385cea39936573f3a67a7","sha512":"2d19ba45ca8ae47b7b8cbac170a626dd839972b5563c94253dcc7a6da0aa8785f9e89b1edc1bb940352ccc8111071bf19ccb1649258bc3e4ef9639e55983cf36","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page4.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page4.html","date":"2023-12-05T20:30:22.301Z","timestamp":1701808222301,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page4.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page4.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 266\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":266,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"8cd62a4b2df69298b372418ede70cc75","sha1":"04bce40ea0361bab2e3c67d155664f7b6d6f747c","sha256":"b0d40df0c6d486b77ef16ad8b723f6e05d94fe8ce85e9fc40ab9f195a07f29e2","sha512":"8b63658d327c1cb7c46404ba13f621aa68db936f1876bc1ba86824086c8e6710230d11b1a789a7e62713d32d84065a91f2746f924ec0fedd445eb045c8374736","ssdeep":"","tlshash":"6011c2946f299090e23dd59077ba96b8f74625905f840676fbe17723dc30ba801b1a88","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20061652.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page4.html","date":"2023-12-05T20:30:22.306Z","timestamp":1701808222306,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20061652.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page4.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 7969\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 344 x 192, 8-bit/color RGBA, non-interlaced\\012- data","md5":"f5a0fac7e794181115882025bddbe529","sha1":"2f555c99aea23034719d624c4dc68f448ea551e4","sha256":"5236d4e4a802e634968aa3ac0fa0c707c972787417fc83b5331f610c392d3573","sha512":"42052a86a9c9e8339af8704fdc2b7575e4a8295124b44f300b67abbc23993bcec9130e8418acb706ed87fadbeaa7d0bdb80725c6dd9377f1b3c2198e433c8fb8","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202-12-04%20061336.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page4.html","date":"2023-12-05T20:30:22.304Z","timestamp":1701808222304,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202-12-04%20061336.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page4.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1840\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1840,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 407 x 81, 8-bit/color RGBA, non-interlaced\\012- data","md5":"b8cdbd18c900965c915f5a09fd0746f7","sha1":"35036dfb0535120185ee158edc448643b5099ef1","sha256":"9843ec434dc3494204572edc071d5ec8b47cf0ff67a602b22c70a5a45a2ec8bd","sha512":"6081e9158f1362212145d6738425ccf874a22d8486c8d9ae347eef7de5983be56565e446071530e2cde68cf8320f57796be36703489ef06909a6a9e4643f93d9","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/Untitled1.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page6.html","date":"2023-12-05T20:30:22.317Z","timestamp":1701808222317,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/Untitled1.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page6.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 340\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":340,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c5c75fe060c01362b832291770fd6063","sha1":"c76c6d7a7ca8146050809724d135637c389205e9","sha256":"e5c59c0f43c9504ab6cd5be3ac0c2125431be6cee511139c7ec592e8a028332b","sha512":"c57152adda3811fa18b794b371bd64010e929427a5bdb58335c514a489e265e026f1b7226719393aaddbee13fb3a7c23f278913115837aae0d2b681d0fe89c2e","ssdeep":"","tlshash":"f241f159e210529af23b8c1937f76212c73d30a579a28b38ff8c8250dc79154bab278d","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Unti22tled.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page3.html","date":"2023-12-05T20:30:21.847Z","timestamp":1701808221847,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Unti22tled.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page5.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 269\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":269,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 20, 8-bit/color RGB, non-interlaced\\012- data","md5":"be738061f6a1a0f4bc073a24f5a597ed","sha1":"4cad0012448c145542e539e102431d393104d915","sha256":"a205d7584b7f6565f90e2c280c24679a1c53d51ecae729aa7937a2ae726f5c91","sha512":"cd283b3ebc54cfe0775ad38947f42bad8c725003183df3f113f522a8ba6c96eceaef08527ca20e54f0b508c7593f51214bb70f0634dbbe994b0db7494a978c5a","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":401,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20065154.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page6.html","date":"2023-12-05T20:30:22.319Z","timestamp":1701808222319,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20065154.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page6.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 12825\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12825,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 405 x 352, 8-bit/color RGBA, non-interlaced\\012- data","md5":"bc0ad1661c69f9fb8e1e4889c1b3f0d1","sha1":"c76e8091da0448f71a4871d519525bc3a38f7477","sha256":"e1d509405800944d6828d023f579c1e4c813a2f9e64dc32028a66aebe9d4e9fd","sha512":"8abcfe2a481b17c0a5aa636323527a33b946a778ffe30375ec5362f548c8ae432cc1a1cf629e8eb85bac889351b208168f275c7620f3db28b2ac4eebb01ef33c","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":323,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/images/Screenshot%202023-12-04%20064318.png","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.ciennaclient.com/RBC/page5.html","date":"2023-12-05T20:30:22.310Z","timestamp":1701808222310,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/images/Screenshot%202023-12-04%20064318.png HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page5.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\ncontent-length: 908\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-type: image/png\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":908,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 73 x 19, 8-bit/color RGBA, non-interlaced\\012- data","md5":"6dbf3b2553527b54819705fb7f699325","sha1":"3bc6e2e35c872f7d8c4afc78447b7c2230d40ffe","sha256":"3a6f8989b627361880ad9cbb13b7f8820b183ed9da92c3c12f788f3c99ef9c5d","sha512":"0a0218e772f811d48323249a8c08d440b7dfccc29ffef319c51942a9176292a8359105cfc2be7181bf85fc6285ee758e7fbc99caac35a4af203b858cbcf55d92","ssdeep":"","tlshash":"","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page6.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page6.html","date":"2023-12-05T20:30:22.318Z","timestamp":1701808222318,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page6.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page6.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 252\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":252,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"fe926d81de7e3dde3d0904fb2dc49944","sha1":"c472fe1e499c20ded1ef6cc04016fcd152add85d","sha256":"585591db4801ef3b333b95b8c362715a4348d312773bb8d0ea5afefd4c14caf9","sha512":"364a723cf1551897feb71dca7894fe734fbdc3d81ea8e9bb2910ddd9c22ff99a729c3f3371add2e543fd7468f1ccd87a20b0dc7d14ede14e6e9796ed7985e0bd","ssdeep":"","tlshash":"e5f05c54df698080f23ec85073bb96a4f30625901f800b35fbd17762dc30ba41571b8c","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page5.css","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.ciennaclient.com/RBC/page5.html","date":"2023-12-05T20:30:22.309Z","timestamp":1701808222309,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page5.css HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/page5.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\ncontent-length: 256\r\ncontent-type: text/css\r\ndate: Tue, 05 Dec 2023 20:30:16 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":256,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"e86c26b02554646f1e139ea1a340616e","sha1":"37a987ab6c10ecfc4aff8a20033ca32be3d13ccc","sha256":"ff0cf519db7067742d70fa9795d4f64a8275ee284a907ce07ddcac31f3130a9f","sha512":"9991c6900c9ded6064560614edae6c784293c90f8dd8827268c6b9bc5cd17d6e2790fb650ee85ac89352cfa44d63febb67d2c93f32303bd69969c02a8bea5220","ssdeep":"","tlshash":"b801d6549f698090f23ed99077ba96b8f74625905f840776fbe17723dc30b681171b88","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":360,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page4.html","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.637Z","timestamp":1701808221637,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page4.html HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html\r\ncontent-length: 506\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1395,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1517), with no line terminators","md5":"f3c4d5cc0c4a02df000f839c505be8e6","sha1":"ff999ab1da9f7070b6e7f5aa7ec5698e975f51c9","sha256":"99daaedee729ff040dc10ce198017f18360b02b207cbce5f87a3822f051e587b","sha512":"e16f27c107bba9d4cbed90eb49f26322ad9e83d6093d86a4b2181d0d5180b468e2bb0c46d17a6972e5d845f02dbf0aae611006b3316154fa9a6c9b2fbe172c06","ssdeep":"","tlshash":"ce311f538874f00e9724b60fa9613d7ac09aa5498f71990a52df183ac0c9b649b3e3d8","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:36:12Z","times_seen":2,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.ciennaclient.com/RBC/page6.html","fqdn":"www.ciennaclient.com","domain":"ciennaclient.com","tld":"com"},"ip":{"addr":"70.40.216.51","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.ciennaclient.com/RBC/","date":"2023-12-05T20:30:21.644Z","timestamp":1701808221644,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.ciennaclient.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Nov 2023 14:01:15 GMT","end":"Fri, 09 Feb 2024 14:01:14 GMT"},"fingerprint":{"sha1":"7F:56:AC:1E:5F:9B:15:5E:3D:9D:80:01:DF:B5:62:56:2D:D2:4A:36","sha256":"7E:94:80:AB:D4:DD:E2:CC:AC:18:08:EF:E2:85:81:C0:0D:6F:8D:5D:9A:BC:76:F1:39:B2:C6:10:C7:A0:96:E4"}}},"request":{"raw":"GET /RBC/page6.html HTTP/1.1\r\nHost: www.ciennaclient.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.ciennaclient.com/RBC/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 20:30:15 GMT\r\nserver: nginx/1.21.6\r\ncontent-type: text/html\r\ncontent-length: 430\r\nlast-modified: Tue, 05 Dec 2023 02:13:15 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nhost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==\r\nx-endurance-cache-level: 0\r\nx-nginx-cache: WordPress\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":991,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1077), with no line terminators","md5":"ecba7df4eeae094722a2984060775e64","sha1":"4dcf81c2d48b2237f74d62738a781db20122c66d","sha256":"4e337912a0aac0bd16abc677e9edfa71d77a05934e385ad8a247eaf505c5e0bd","sha512":"051aa2be7a6a2d1c21a2d512ff1788a01788406bdd1aa4346e619ac7dc24b1e1712a0da59dea490db1222b462b59824f7b91a0f6d3933fa4b4f861fbe8a29c24","ssdeep":"","tlshash":"ae112047c864f00d2f25a60fa5a13d3fc08fed4c4f71d806919f142dc0d9b614a2e2e9","first_seen":"2023-12-05T21:30:34Z","last_seen":"2023-12-05T21:30:34Z","times_seen":1,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - RBC Royal Bank","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with RBC Royal Bank phishing","tags":["rbc_bank","phishing","financial"],"meta":null}]}}]}