www.rtech.co.th - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 27.254.86.9, located in Thailand and belongs to CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH. The main domain is www.rtech.co.th.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 26th 2022. Valid for: a year.

This is the only time www.rtech.co.th was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.169.200.225 35.169.200.225	14618 (AMAZON-AES) (AMAZON-AES)
1	27.254.86.9 27.254.86.9	9891 (CSLOX-IDC...) (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.)
1	2

1 35.169.200.225 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-200-225.compute-1.amazonaws.com

australiabb-s-school.thinkific.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 27.254.86.9 (Thailand)

ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: cs62.hostneverdie.com

www.rtech.co.th	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	rtech.co.th www.rtech.co.th	67 KB
1	thinkific.com 1 redirects australiabb-s-school.thinkific.com	827 B
1	2

	Domain	Requested by
1	www.rtech.co.th
1	australiabb-s-school.thinkific.com	1 redirects
1	2

This site contains no links.

Subject Issuer	Validity	Valid
rtech.co.th Sectigo RSA Domain Validation Secure Server CA	`2022-01-26` - `2023-01-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.rtech.co.th/wp-content/Home/
Frame ID: 55CFBA9BC1454A61B1B8A1E11382BBB7
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign-in - myGov

Page URL History Show full URLs

https://australiabb-s-school.thinkific.com/ HTTP 302
https://www.rtech.co.th/wp-content/Home/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

67 kB
Transfer

350 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://australiabb-s-school.thinkific.com/ HTTP 302
https://www.rtech.co.th/wp-content/Home/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.rtech.co.th/wp-content/Home/ Redirect Chain https://australiabb-s-school.thinkific.com/ https://www.rtech.co.th/wp-content/Home/	233 KB 67 KB	1610ms 244ms	Document text/html	27.254.86.9 CSLOX-IDC-AS-AP C...
General Check archive.org Show headers Download Go to Full URL https://www.rtech.co.th/wp-content/Home/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 27.254.86.9 , Thailand, ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH), Reverse DNS cs62.hostneverdie.com Software Apache/2 / Resource Hash `24f487e722e8f6b31bf6d7580faf5b74d4b5ff20993decae07fa59a79c4dd585` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Accept-Ranges bytes Connection close Content-Encoding gzip Content-Type text/html Date Wed, 16 Nov 2022 20:04:06 GMT ETag "3a3ce-5ed8bf0affb0a-gzip" Last-Modified Wed, 16 Nov 2022 00:56:17 GMT Server Apache/2 Transfer-Encoding chunked Vary Accept-Encoding,User-Agent Redirect headers cache-control no-cache content-type text/html; charset=utf-8 date Wed, 16 Nov 2022 20:04:02 GMT location https://www.rtech.co.th/wp-content/Home/ referrer-policy strict-origin-when-cross-origin server openresty strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-download-options noopen x-frame-options SAMEORIGIN x-permitted-cross-domain-policies none x-request-id f199b6e0e02a596c3e72e2b9a77a1e06 x-runtime 0.068171 x-xss-protection 1; mode=block
GET DATA	200 OK	truncated /	113 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721` Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb` Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	742 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22` Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	844 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `428f159a75c5ab70e22fa870b75a7409a87b7954c427a8ca22dc996af4098c5a` Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
australiabb-s-school.thinkific.com/	1969-12-31 23:59:59	Name: visitor_id Value: 1603591629
australiabb-s-school.thinkific.com/	1970-01-20 16:16:05	Name: split Value: %7B%22beta_checkout%22%3A%22control%22%7D
australiabb-s-school.thinkific.com/	1969-12-31 23:59:59	Name: _thinkific_session Value: dnJiUGJlK2ZwZ05DdnFIaE1CbWNZK2VKaXVJazJIa1NwN0RKMkd0THNvaGJvNXNTcy81OXdXZ2ZSRDNXdkV5SndySXNMYzVrcjJIWDFud1VXSlNKenpnYW9VTC9BeDZncGYxczNSQ21QRk05L3kvWmJOZHI1bHM0WFhCNUhnVTRxU254aVFUME5HVFhWT0FTeXpHZGJNWWlrVXR4ZmtvLzd6b01OaS9hMmxGWVlyTEFwZnp4OXJNdWxUMVN4OFJYLS1sNDlQUFVNRUNvUzNmZEQrRTdGSm9BPT0%3D--08471b1e9828b6c4a520b54d5abed5b583380174

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

australiabb-s-school.thinkific.com
www.rtech.co.th
27.254.86.9
35.169.200.225
24f487e722e8f6b31bf6d7580faf5b74d4b5ff20993decae07fa59a79c4dd585
428f159a75c5ab70e22fa870b75a7409a87b7954c427a8ca22dc996af4098c5a
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22

www.rtech.co.th Open in urlscan Pro 27.254.86.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

67 kBTransfer

350 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

3 Cookies

Indicators

www.rtech.co.th Open in urlscan Pro
27.254.86.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

67 kB
Transfer

350 kB
Size

3
Cookies

1 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!