![](/screenshots/1e2453e7-4563-4ffd-9130-8aeaca675964.png)
rctws.org
Open in
urlscan Pro
162.222.225.71
Malicious Activity!
Public Scan
Submission: On April 23 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 26th 2024. Valid for: 3 months.
This is the only time rctws.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 12 | 162.222.225.71 162.222.225.71 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
7 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-222-225-71.unifiedlayer.com
rctws.org |
Domain | Requested by | |
---|---|---|
12 | rctws.org |
5 redirects
rctws.org
|
7 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rctws.org R3 |
2024-02-26 - 2024-05-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://rctws.org/kla/egangs.html?AspxAutoDetectCookieSupport=1
Frame ID: 4E8F477AD2491DCC113E29B63972602A
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://rctws.org/kla/src/common_auth.css HTTP 302
- https://rctws.org/kla/src/common_auth.css?AspxAutoDetectCookieSupport=1
- https://rctws.org/kla/src/bidm.css HTTP 302
- https://rctws.org/kla/src/bidm.css?AspxAutoDetectCookieSupport=1
- https://rctws.org/kla/src/3625.css HTTP 302
- https://rctws.org/kla/src/3625.css?AspxAutoDetectCookieSupport=1
- https://rctws.org/kla/logo21.svg HTTP 302
- https://rctws.org/kla/logo21.svg?AspxAutoDetectCookieSupport=1
- https://rctws.org/kla/logo1.png HTTP 302
- https://rctws.org/kla/logo1.png?AspxAutoDetectCookieSupport=1
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
egangs.html
rctws.org/kla/ |
21 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_auth.css
rctws.org/kla/src/ Redirect Chain
|
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bidm.css
rctws.org/kla/src/ Redirect Chain
|
42 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3625.css
rctws.org/kla/src/ Redirect Chain
|
4 KB 879 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo21.svg
rctws.org/kla/ Redirect Chain
|
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo1.png
rctws.org/kla/ Redirect Chain
|
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
240 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo21.svg
rctws.org/kla/ |
2 KB 2 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rctws.org/ | Name: AspxAutoDetectCookieSupport Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rctws.org
162.222.225.71
08f4f701110858ef66acdf89202cfe646b59fe610da792f22a97d1aea3490d32
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
5499d1051a1473ca03676c7057c4b534fbcb43ce7ba0413dddaa019d0b6c7322
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
7fbcb3628e9d79d89e9350ee5d075818cf0f6763d5fa8763ea78c13902d6691b
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437