www.services.runescape.com.os-rs.me
Open in
urlscan Pro
64.90.53.222
Malicious Activity!
Public Scan
Effective URL: https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/
Submission: On September 15 via manual from DK — Scanned from DK
Summary
TLS certificate: Issued by R3 on September 13th 2022. Valid for: 3 months.
This is the only time www.services.runescape.com.os-rs.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.226.132.161 35.226.132.161 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
3 | 64.90.53.222 64.90.53.222 | 26347 (DREAMHOST-AS) (DREAMHOST-AS) | |
15 | 91.235.140.148 91.235.140.148 | 44521 (JAGEX-AS) (JAGEX-AS) | |
1 | 51.210.32.106 51.210.32.106 | 16276 (OVH) (OVH) | |
19 | 4 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 161.132.226.35.bc.googleusercontent.com
l.linklyhq.com |
ASN26347 (DREAMHOST-AS, US)
PTR: apache2-quack.rogueriver.dreamhost.com
www.services.runescape.com.os-rs.me |
ASN44521 (JAGEX-AS, GB)
PTR: nginx.web.any.jagex.com
www.runescape.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
runescape.com
www.runescape.com — Cisco Umbrella Rank: 207069 |
1 MB |
3 |
os-rs.me
www.services.runescape.com.os-rs.me |
4 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 13442 |
7 KB |
1 |
linklyhq.com
1 redirects
l.linklyhq.com — Cisco Umbrella Rank: 333297 |
276 B |
19 | 4 |
Domain | Requested by | |
---|---|---|
15 | www.runescape.com |
www.services.runescape.com.os-rs.me
www.runescape.com |
3 | www.services.runescape.com.os-rs.me |
www.services.runescape.com.os-rs.me
|
1 | i.ibb.co |
www.services.runescape.com.os-rs.me
|
1 | l.linklyhq.com | 1 redirects |
19 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
secure.runescape.com |
auth.jagex.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.services.runescape.com.os-rs.me R3 |
2022-09-13 - 2022-12-12 |
3 months | crt.sh |
www.runescape.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-05 - 2023-09-19 |
a year | crt.sh |
ibb.co R3 |
2022-08-07 - 2022-11-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/
Frame ID: ECC93366102BB1909C3DC17B1D7BAFB3
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Log In - RuneScape | Old School RuneScapeAuthenticator - RuneScapeAuthenticator - RuneScapePage URL History Show full URLs
-
https://l.linklyhq.com/l/1Tp6p
HTTP 302
https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Can't Log In?
Search URL Search Domain Scan URL
Title: Log in with Google
Search URL Search Domain Scan URL
Title: Log in with Apple
Search URL Search Domain Scan URL
Title: Log in with Facebook
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://l.linklyhq.com/l/1Tp6p
HTTP 302
https://www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.services.runescape.com.os-rs.me/m=weblogin/jpp/login-jppLoginFlowId=6nOsAvd1U6eT9Ix3f6u72/ Redirect Chain
|
25 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Criciousand-meth-shake-Exit-be-till-in-ches-Shad
www.services.runescape.com.os-rs.me/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor-151.css
www.runescape.com/css/c/responsive/dual/ |
108 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site-151.css
www.runescape.com/css/c/responsive/dual/ |
384 KB 97 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oldschool.png
www.runescape.com/img/responsive/common/logos/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
runescape.png
www.runescape.com/img/responsive/common/logos/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor-153.js
www.runescape.com/js/c/responsive/ |
473 KB 143 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme-dual-153.js
www.runescape.com/js/c/responsive/ |
61 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor-151.css
www.runescape.com/css/c/responsive/runescape/ |
108 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site-151.css
www.runescape.com/css/c/responsive/runescape/ |
377 KB 97 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme-runescape-153.js
www.runescape.com/js/c/responsive/ |
64 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
padlock.png
i.ibb.co/kSJPbWR/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tile.jpg
www.runescape.com/img/responsive/runescape/backgrounds/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 25 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dual2022.jpg
www.runescape.com/img/responsive/common/backgrounds/ |
501 KB 501 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google.svg
www.runescape.com/img/responsive/common/logos/ |
763 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apple-black.svg
www.runescape.com/img/responsive/common/logos/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb.svg
www.runescape.com/img/responsive/common/logos/ |
429 B 711 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 KB 59 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Criciousand-meth-shake-Exit-be-till-in-ches-Shad
www.services.runescape.com.os-rs.me/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vista.jpg
www.runescape.com/img/responsive/runescape/backgrounds/ |
185 KB 186 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| show function| gtag object| dataLayer function| $ function| jQuery function| FastClick object| whatInput object| Foundation function| _ function| Cookies function| Vue function| axios function| UAParser object| CM object| DU object| RS function| la function| sendMessage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.ibb.co
l.linklyhq.com
www.runescape.com
www.services.runescape.com.os-rs.me
35.226.132.161
51.210.32.106
64.90.53.222
91.235.140.148
0673971bd7b715d8a92d6f9e0a4c92e2768b578b53b83aeb9d5fd6ca2a85707f
1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
22557750f99896418f230d1d90cd2a86395226e2b7f7c0254d18ba96dd3abdeb
35f7f4f7ab756d33997b1182b43290ffba7321bbef78988ee73a94f031158e10
3687b09c4994ffee6d6cc814f6096ff9bcf660d76f05f5e3a8240fa7ce7ae0bf
480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d
4991aae1616760fe339f2e7a856806e1a94507692fa17cf47efec6c641fc6d81
4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb
4de6e0c46e6f0d4117c7eee3933d450027542cf8c87e1ae3f813ef93eea43b87
5e6c02b72955865ba4de26016ffb62d8755a9c26573e7fd74ff75357b3e1d0e4
6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646
765b0b9c33a847c925ad7cde98b3176d0a12d26d08b246ed47f3664212c1f943
9167bb86bed60a1fd5561b6e21c31cb887dc71da6a2863a025a1ae6af161473d
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89
f42de956764030289b870040bbb2d1f75aac9af3a0c087a0f1609880147fd346
f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a
fa13bcf40642d87c26002aaac997a42bb4ce4bc71233ee37c445365885666199