www.services.runescape.com.os-rs.me Open in urlscan Pro
64.90.53.222 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://l.linklyhq.com/l/1Tp6p
Effective URL:
https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/
Submission: On September 15 via manual (September 15th 2022, 12:10:40 pm UTC) from DK — Scanned from DK

Summary HTTP 19 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 19 HTTP transactions. The main IP is 64.90.53.222, located in United States and belongs to DREAMHOST-AS, US. The main domain is www.services.runescape.com.os-rs.me.
TLS certificate: Issued by R3 on September 13th 2022. Valid for: 3 months.

This is the only time www.services.runescape.com.os-rs.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.226.132.161 35.226.132.161	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	64.90.53.222 64.90.53.222	26347 (DREAMHOST-AS) (DREAMHOST-AS)
15	91.235.140.148 91.235.140.148	44521 (JAGEX-AS) (JAGEX-AS)
1	51.210.32.106 51.210.32.106	16276 (OVH) (OVH)
19	4

1 35.226.132.161 (Council Bluffs, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 161.132.226.35.bc.googleusercontent.com

l.linklyhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.90.53.222 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-quack.rogueriver.dreamhost.com

www.services.runescape.com.os-rs.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 91.235.140.148 (United Kingdom)

ASN44521 (JAGEX-AS, GB)
PTR: nginx.web.any.jagex.com

www.runescape.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.210.32.106 (France)

ASN16276 (OVH, FR)
PTR: ns3172579.ip-51-210-32.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	runescape.com www.runescape.com — Cisco Umbrella Rank: 207069	1 MB
3	os-rs.me www.services.runescape.com.os-rs.me	4 KB
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 13442	7 KB
1	linklyhq.com 1 redirects l.linklyhq.com — Cisco Umbrella Rank: 333297	276 B
19	4

	Domain	Requested by
15	www.runescape.com	www.services.runescape.com.os-rs.me www.runescape.com
3	www.services.runescape.com.os-rs.me	www.services.runescape.com.os-rs.me
1	i.ibb.co	www.services.runescape.com.os-rs.me
1	l.linklyhq.com	1 redirects
19	4

This site contains links to these domains. Also see Links.

Domain
secure.runescape.com
auth.jagex.com

Subject Issuer	Validity	Valid
www.services.runescape.com.os-rs.me R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
www.runescape.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-05` - `2023-09-19`	a year	crt.sh
ibb.co R3	`2022-08-07` - `2022-11-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/
Frame ID: ECC93366102BB1909C3DC17B1D7BAFB3
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In - RuneScape | Old School RuneScapeAuthenticator - RuneScapeAuthenticator - RuneScape

Page URL History Show full URLs

https://l.linklyhq.com/l/1Tp6p HTTP 302
https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Page URL

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1189 kB
Transfer

2392 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.runescape.com/m=weblogin/cant_log_in
Title: Can't Log In?

Search URL Search Domain Scan URL

URL: https://auth.jagex.com/google/v1/social/login/en?correlationId=https%3Awww%3Aaccount_settings
Title: Log in with Google

Search URL Search Domain Scan URL

URL: https://auth.jagex.com/apple/v1/social/login/en?correlationId=https%3Awww%3Aaccount_settings
Title: Log in with Apple

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=sn-integration/facebook/gamelogin.ws?mod=www&ssl=1&dest=account_settings
Title: Log in with Facebook

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=account-creation/create_account
Title: Create an account

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://l.linklyhq.com/l/1Tp6p HTTP 302
https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Redirect Chain https://l.linklyhq.com/l/1Tp6p https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/	25 KB 4 KB	717ms 208ms	Document text/html	64.90.53.222 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 64.90.53.222 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS apache2-quack.rogueriver.dreamhost.com Software Apache / Resource Hash `35f7f4f7ab756d33997b1182b43290ffba7321bbef78988ee73a94f031158e10` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language da-DK,da;q=0.9 Response headers accept-ranges bytes cache-control max-age=600 content-encoding gzip content-length 3801 content-type text/html date Thu, 15 Sep 2022 12:10:32 GMT etag "6486-5e894dac059c1-gzip" expires Thu, 15 Sep 2022 12:20:32 GMT last-modified Tue, 13 Sep 2022 20:28:26 GMT server Apache vary Accept-Encoding,User-Agent Redirect headers access-control-allow-credentials true access-control-allow-origin * access-control-expose-headers cache-control no-cache content-length 168 content-type text/html; charset=utf-8 date Thu, 15 Sep 2022 12:10:31 GMT location https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ referer x-request-id a71ae963b30db68de8ecc9c667ace673
GET H2	404	Criciousand-meth-shake-Exit-be-till-in-ches-Shad www.services.runescape.com.os-rs.me/	0 0	205ms 205ms	Script text/html	64.90.53.222 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www.services.runescape.com.os-rs.me/Criciousand-meth-shake-Exit-be-till-in-ches-Shad Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 64.90.53.222 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS apache2-quack.rogueriver.dreamhost.com Software Apache / Resource Hash Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 15 Sep 2022 12:10:32 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1
GET H/1.1	200 OK	vendor-151.css www.runescape.com/css/c/responsive/dual/	108 KB 15 KB	978ms 396ms	Stylesheet text/css	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/css/c/responsive/dual/vendor-151.css Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `3687b09c4994ffee6d6cc814f6096ff9bcf660d76f05f5e3a8240fa7ce7ae0bf` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 12:10:33 GMT Server nginx Content-Type text/css; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 15009 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	site-151.css www.runescape.com/css/c/responsive/dual/	384 KB 97 KB	980ms 399ms	Stylesheet text/css	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/css/c/responsive/dual/site-151.css Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `fa13bcf40642d87c26002aaac997a42bb4ce4bc71233ee37c445365885666199` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 12:10:33 GMT Server nginx Content-Type text/css; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 99028 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	oldschool.png www.runescape.com/img/responsive/common/logos/	7 KB 7 KB	59ms 59ms	Image image/png	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/oldschool.png Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 12:05:13 GMT Server nginx Content-Type image/png Cache-control max-age=900, public Connection keep-alive Content-Length 7206 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	runescape.png www.runescape.com/img/responsive/common/logos/	3 KB 4 KB	62ms 62ms	Image image/png	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/runescape.png Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 12:07:19 GMT Server nginx Content-Type image/png Cache-control max-age=900, public Connection keep-alive Content-Length 3375 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	vendor-153.js Show response www.runescape.com/js/c/responsive/	473 KB 143 KB	692ms 130ms	Script text/javascript	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/js/c/responsive/vendor-153.js Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `5e6c02b72955865ba4de26016ffb62d8755a9c26573e7fd74ff75357b3e1d0e4` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:32 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 11:59:15 GMT Server nginx Content-Type text/javascript; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 146155 Expires Thu, 15 Sep 2022 12:25:32 GMT
GET H/1.1	200 OK	theme-dual-153.js Show response www.runescape.com/js/c/responsive/	61 KB 12 KB	690ms 125ms	Script text/javascript	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/js/c/responsive/theme-dual-153.js Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `4991aae1616760fe339f2e7a856806e1a94507692fa17cf47efec6c641fc6d81` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:32 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 11:59:15 GMT Server nginx Content-Type text/javascript; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 11972 Expires Thu, 15 Sep 2022 12:25:32 GMT
GET H/1.1	200 OK	vendor-151.css www.runescape.com/css/c/responsive/runescape/	108 KB 15 KB	963ms 398ms	Stylesheet text/css	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/css/c/responsive/runescape/vendor-151.css Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `3687b09c4994ffee6d6cc814f6096ff9bcf660d76f05f5e3a8240fa7ce7ae0bf` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 12:10:33 GMT Server nginx Content-Type text/css; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 15009 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	site-151.css www.runescape.com/css/c/responsive/runescape/	377 KB 97 KB	962ms 397ms	Stylesheet text/css	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/css/c/responsive/runescape/site-151.css Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `9167bb86bed60a1fd5561b6e21c31cb887dc71da6a2863a025a1ae6af161473d` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 12:10:33 GMT Server nginx Content-Type text/css; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 98672 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	theme-runescape-153.js Show response www.runescape.com/js/c/responsive/	64 KB 13 KB	64ms 64ms	Script text/javascript	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/js/c/responsive/theme-runescape-153.js Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `0673971bd7b715d8a92d6f9e0a4c92e2768b578b53b83aeb9d5fd6ca2a85707f` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 11:59:15 GMT Server nginx Content-Type text/javascript; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 12762 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H2	200	padlock.png i.ibb.co/kSJPbWR/	6 KB 7 KB	307ms 71ms	Image image/png	51.210.32.106 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.ibb.co/kSJPbWR/padlock.png Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.32.106 , France, ASN16276 (OVH, FR), Reverse DNS ns3172579.ip-51-210-32.eu Software nginx / Resource Hash `765b0b9c33a847c925ad7cde98b3176d0a12d26d08b246ed47f3664212c1f943` Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 15 Sep 2022 12:10:32 GMT last-modified Sat, 18 Sep 2021 21:36:29 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 6417 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	tile.jpg www.runescape.com/img/responsive/runescape/backgrounds/	2 KB 2 KB	64ms 64ms	Image image/jpeg	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/runescape/backgrounds/tile.jpg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-151.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89` Request headers accept-language da-DK,da;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-151.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 12:04:44 GMT Server nginx Content-Type image/jpeg Cache-control max-age=900, public Connection keep-alive Content-Length 1929 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET DATA	200 OK	truncated /	25 KB 25 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646` Request headers Referer Origin https://www.services.runescape.com.os-rs.me accept-language da-DK,da;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type application/x-font-woff
GET H/1.1	200 OK	dual2022.jpg www.runescape.com/img/responsive/common/backgrounds/	501 KB 501 KB	69ms 69ms	Image image/jpeg	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/backgrounds/dual2022.jpg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-151.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `f42de956764030289b870040bbb2d1f75aac9af3a0c087a0f1609880147fd346` Request headers accept-language da-DK,da;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-151.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 12:08:33 GMT Server nginx Content-Type image/jpeg Cache-control max-age=900, public Connection keep-alive Content-Length 512711 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	google.svg www.runescape.com/img/responsive/common/logos/	763 B 1 KB	356ms 355ms	Image image/svg+xml	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/google.svg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-151.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a` Request headers accept-language da-DK,da;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-151.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 11:54:40 GMT Server nginx Content-Type image/svg+xml Cache-control max-age=900, public Connection keep-alive Content-Length 763 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	apple-black.svg www.runescape.com/img/responsive/common/logos/	2 KB 1 KB	67ms 66ms	Image image/svg+xml	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/apple-black.svg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-151.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `22557750f99896418f230d1d90cd2a86395226e2b7f7c0254d18ba96dd3abdeb` Request headers accept-language da-DK,da;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-151.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Content-Encoding gzip Last-modified Thu, 08-Sep-2022 11:54:40 GMT Server nginx Content-Type image/svg+xml Cache-control max-age=900, public Connection keep-alive Content-Length 911 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET H/1.1	200 OK	fb.svg www.runescape.com/img/responsive/common/logos/	429 B 711 B	68ms 68ms	Image image/svg+xml	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/fb.svg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-151.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb` Request headers accept-language da-DK,da;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-151.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 11:59:15 GMT Server nginx Content-Type image/svg+xml Cache-control max-age=900, public Connection keep-alive Content-Length 429 Expires Thu, 15 Sep 2022 12:25:33 GMT
GET DATA	200 OK	truncated /	59 KB 59 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d` Request headers Referer Origin https://www.services.runescape.com.os-rs.me accept-language da-DK,da;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Content-Type application/x-font-woff
GET H2	404	Criciousand-meth-shake-Exit-be-till-in-ches-Shad www.services.runescape.com.os-rs.me/	0 0	211ms 211ms	Script text/html	64.90.53.222 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www.services.runescape.com.os-rs.me/Criciousand-meth-shake-Exit-be-till-in-ches-Shad Requested by Host: www.services.runescape.com.os-rs.me URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 64.90.53.222 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS apache2-quack.rogueriver.dreamhost.com Software Apache / Resource Hash Request headers accept-language da-DK,da;q=0.9 Referer https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 15 Sep 2022 12:10:33 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1
GET H/1.1	200 OK	vista.jpg www.runescape.com/img/responsive/runescape/backgrounds/	185 KB 186 KB	67ms 66ms	Image image/jpeg	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/runescape/backgrounds/vista.jpg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/runescape/site-151.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `4de6e0c46e6f0d4117c7eee3933d450027542cf8c87e1ae3f813ef93eea43b87` Request headers accept-language da-DK,da;q=0.9 Referer https://www.runescape.com/css/c/responsive/runescape/site-151.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Date Thu, 15 Sep 2022 12:10:33 GMT Last-modified Thu, 08-Sep-2022 11:58:43 GMT Server nginx Content-Type image/jpeg Cache-control max-age=900, public Connection keep-alive Content-Length 189924 Expires Thu, 15 Sep 2022 12:25:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.services.runescape.com.os-rs.me/Criciousand-meth-shake-Exit-be-till-in-ches-Shad Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.services.runescape.com.os-rs.me/Criciousand-meth-shake-Exit-be-till-in-ches-Shad Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.ibb.co
l.linklyhq.com
www.runescape.com
www.services.runescape.com.os-rs.me
35.226.132.161
51.210.32.106
64.90.53.222
91.235.140.148
0673971bd7b715d8a92d6f9e0a4c92e2768b578b53b83aeb9d5fd6ca2a85707f
1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
22557750f99896418f230d1d90cd2a86395226e2b7f7c0254d18ba96dd3abdeb
35f7f4f7ab756d33997b1182b43290ffba7321bbef78988ee73a94f031158e10
3687b09c4994ffee6d6cc814f6096ff9bcf660d76f05f5e3a8240fa7ce7ae0bf
480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d
4991aae1616760fe339f2e7a856806e1a94507692fa17cf47efec6c641fc6d81
4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb
4de6e0c46e6f0d4117c7eee3933d450027542cf8c87e1ae3f813ef93eea43b87
5e6c02b72955865ba4de26016ffb62d8755a9c26573e7fd74ff75357b3e1d0e4
6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646
765b0b9c33a847c925ad7cde98b3176d0a12d26d08b246ed47f3664212c1f943
9167bb86bed60a1fd5561b6e21c31cb887dc71da6a2863a025a1ae6af161473d
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89
f42de956764030289b870040bbb2d1f75aac9af3a0c087a0f1609880147fd346
f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a
fa13bcf40642d87c26002aaac997a42bb4ce4bc71233ee37c445365885666199

www.services.runescape.com.os-rs.me Open in urlscan Pro 64.90.53.222 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

1189 kBTransfer

2392 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

www.services.runescape.com.os-rs.me Open in urlscan Pro
64.90.53.222 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1189 kB
Transfer

2392 kB
Size

0
Cookies

19 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!