urlscan.io logo urlscan.io
SecurityTrails logo

63.rw Open in urlscan Pro
192.185.75.50  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://63.rw/Chase/otp.html
Submission: On May 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 192.185.75.50, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is 63.rw.
TLS certificate: Issued by R3 on April 19th 2024. Valid for: 3 months.
This is the only time 63.rw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

IP Address AS Autonomous System
8 192.185.75.50 19871 (NETWORK-S...)
4 95.100.146.27 20940 (AKAMAI-ASN1)
12 2
Apex Domain
Subdomains		 Transfer
8 63.rw
63.rw
168 KB
4 chasecdn.com
static.chasecdn.com — Cisco Umbrella Rank: 8342
609 KB
12 2
Domain Requested by
8 63.rw 63.rw
4 static.chasecdn.com 63.rw
static.chasecdn.com
12 2

This site contains no links.

Subject Issuer Validity Valid
63.rw
R3		 2024-04-19 -
2024-07-18		 3 months crt.sh
static2.chasecdn.com
Entrust Certification Authority - L1M		 2024-04-08 -
2025-04-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://63.rw/Chase/otp.html
Frame ID: FA7244E28A1582830B8327FB13CF7AC8
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in - chase.com

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

776 kB
Transfer

2444 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request otp.html
63.rw/Chase/ 		17 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
b630d3be4edb5008b48aac30bddd636840f9ed5e39f5a6e3512dad02cbf0d82a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
4067
content-type
text/html
date
Fri, 17 May 2024 16:27:36 GMT
last-modified
Sat, 15 Apr 2023 20:36:00 GMT
server
Apache
vary
Accept-Encoding
mds-chase-icons.css
63.rw/Chase/css/ 		25 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/css/mds-chase-icons.css
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
d5dc1e864e5ef335e96dee19fba2c93a8e9fcdbe06f97229e1cdbdbaffc93f33

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/otp.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
content-encoding
gzip
last-modified
Thu, 08 Dec 2022 22:21:18 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
5095
blue-ui.css
static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/ 		498 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.27 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-27.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
3303fd8e3e10ea99269b96fcffa1370d6e40a21f02a712920f875b04a91e3205
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=86400 ; preload
X-Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors 'none'
content-security-policy
frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
date
Fri, 17 May 2024 16:27:36 GMT
strict-transport-security
max-age=86400 ; preload
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715963256180_1600426519_2717652326_35_7573_13_0_255";dur=1
content-length
44646
x-xss-protection
1; mode=block
x-trace-id
ZCOSyNb430GLAHNzvR_gTQAAALk
last-modified
Wed, 29 Mar 2023 01:25:47 GMT
server
Akamai Resource Optimizer
etag
"7c8f3-5db121f070000"
x-amzn-trace-id
0.1792645f.1715963256.a1fc1566
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Mar 2024 01:22:16 GMT
logon.css
63.rw/Chase/css/ 		163 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/css/logon.css
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
a608ecb06c7cff9cf38279edc51f3c9abf6051eb52447775fa2077b8157d2077

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/otp.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
content-encoding
gzip
last-modified
Thu, 08 Dec 2022 22:26:24 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
mask.js
63.rw/Chase/js/ 		146 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/js/mask.js
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
3c149e754af1a297e924c97c84aa5a1fafebc7c2b377e825738b8cb452fb3237

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/otp.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 12:50:54 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
main.js
static.chasecdn.com/web/2022.11.13-214/logon/extra/js/ 		1 MB
196 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chasecdn.com/web/2022.11.13-214/logon/extra/js/main.js
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.27 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-27.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
b5aa3222e82e2f739d14de255384ef53e42223ef5e25984e7f2b682fb433b957
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=86400 ; preload
X-Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors 'none'
content-security-policy
frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
date
Fri, 17 May 2024 16:27:36 GMT
strict-transport-security
max-age=86400 ; preload
x-app-cdndc-id
us-east-2
server-timing
cdn-cache; desc=HIT, edge; dur=57, origin; dur=0, ak_p; desc="1715963256210_1600426519_2717652327_5614_7425_14_30_146";dur=1
content-length
199720
x-xss-protection
1; mode=block
x-trace-id
ZjQwJQwK_mijbUzVEQYKkwAAAA0
last-modified
Fri, 03 May 2024 00:30:37 GMT
server
Akamai Resource Optimizer
etag
"11ebd6-5fea4a375cac9-gzip"
x-amzn-trace-id
0.1792645f.1715963256.a1fc1567
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Sat, 03 May 2025 00:30:29 GMT
wordmark-white.svg
63.rw/Chase/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://63.rw/Chase/images/wordmark-white.svg
Requested by
Host: 63.rw
URL: https://63.rw/Chase/css/logon.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/css/logon.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
last-modified
Thu, 08 Dec 2022 22:22:40 GMT
server
Apache
accept-ranges
bytes
content-length
1409
content-type
image/svg+xml
background.desktop.day.1.jpeg
static.chasecdn.com/content/geo-images/images/ 		299 KB
299 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.27 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-27.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-dispatcher
dispatcher9useast1-28575362
date
Fri, 17 May 2024 16:27:36 GMT
strict-transport-security
max-age=86400 ; preload
last-modified
Mon, 22 Apr 2024 17:40:17 GMT
x-ams-migration
TRUE
x-amzn-trace-id
0.1792645f.1715963256.a1fc1861
x-vhost
private-publish
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000,s-maxage=2592000
server-timing
cdn-cache; desc=HIT, edge; dur=5, ak_p; desc="1715963256401_1600426519_2717653089_992_8795_13_0_146";dur=1
accept-ranges
bytes
content-length
306152
opensans-regular.woff
63.rw/Chase/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/fonts/opensans-regular.woff
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/otp.html
Origin
https://63.rw
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
last-modified
Thu, 08 Dec 2022 22:24:02 GMT
server
Apache
accept-ranges
bytes
content-length
24876
content-type
font/woff
opensans-semibold.woff
63.rw/Chase/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/fonts/opensans-semibold.woff
Requested by
Host: 63.rw
URL: https://63.rw/Chase/otp.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/otp.html
Origin
https://63.rw
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
last-modified
Thu, 08 Dec 2022 22:24:06 GMT
server
Apache
accept-ranges
bytes
content-length
25108
content-type
font/woff
dcefont.woff
static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/ 		69 KB
69 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/fonts/dcefont.woff
Requested by
Host: static.chasecdn.com
URL: https://static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.27 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-27.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=86400 ; preload
X-Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://static.chasecdn.com/web/library/@seur/cxo-common-assets/1.0.4/dist/common/assets/blue-ui.css
Origin
https://63.rw
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Mon, 01 Apr 2024 07:08:02 GMT
content-security-policy
frame-ancestors 'none'
date
Fri, 17 May 2024 16:27:36 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=86400 ; preload
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715963256449_1600426519_2717653432_35_8886_12_31_255";dur=1
content-length
70296
x-xss-protection
1; mode=block
x-trace-id
ZCkp0a4bbgLFTAmfKtVt2QAAAM8
last-modified
Fri, 25 Mar 2022 22:02:42 GMT
etag
"11298-5db121f258480"
x-amzn-trace-id
0.1792645f.1715963256.a1fc19b8
x-frame-options
DENY
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-content-security-policy
frame-ancestors 'none'
chasefavicon.ico
63.rw/Chase/ 		31 KB
31 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://63.rw/Chase/chasefavicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.75.50 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-75-50.unifiedlayer.com
Software
Apache /
Resource Hash
625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://63.rw/Chase/otp.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 16:27:36 GMT
last-modified
Thu, 08 Dec 2022 23:04:52 GMT
server
Apache
content-type
image/x-icon
cache-control
max-age=604800
accept-ranges
bytes
content-length
32038
expires
Fri, 24 May 2024 16:27:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| element object| maskOptions undefined| mask undefined| dropdownRtemplateMethods undefined| tableMethods function| IMask

0 Cookies