jagex-services.xyz
Open in
urlscan Pro
2606:4700:30::681b:bfd3
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On June 23 via api from GB
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on June 23rd 2019. Valid for: a year.
This is the only time jagex-services.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:30:... 2606:4700:30::681b:bfd3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 91.235.140.148 91.235.140.148 | 44521 (JAGEX-AS) (JAGEX-AS) | |
9 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
jagex-services.xyz |
ASN44521 (JAGEX-AS, GB)
PTR: nginx.web.any.jagex.com
www.runescape.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
jagex-services.xyz
jagex-services.xyz |
418 KB |
2 |
runescape.com
www.runescape.com |
|
9 | 2 |
Domain | Requested by | |
---|---|---|
7 | jagex-services.xyz |
jagex-services.xyz
|
2 | www.runescape.com |
jagex-services.xyz
|
9 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.runescape.com |
secure.runescape.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-06-23 - 2020-06-22 |
a year | crt.sh |
www.runescape.com DigiCert SHA2 High Assurance Server CA |
2018-08-06 - 2020-09-02 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html
Frame ID: 72649BBE1E07DFCC5FC1DEF16E7A811B
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Log In
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
loginform789c.html
jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/ |
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-119.css
jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/ |
110 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-119.css
jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/ |
275 KB 80 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runescape.png
jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/common/logos/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-120.html
jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/js/c/responsive/ |
445 KB 130 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tile.jpg
jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/runescape/backgrounds/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vista.jpg
jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/runescape/backgrounds/ |
185 KB 186 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb.svg
www.runescape.com/img/responsive/common/logos/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google.svg
www.runescape.com/img/responsive/common/logos/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 25 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 KB 59 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| PAGEGLOBALS object| cookieconsent_options function| $ function| jQuery function| FastClick object| whatInput object| Foundation function| _ function| Cookies function| Vue function| axios1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.jagex-services.xyz/ | Name: __cfduid Value: d86859f2d40b0e3a82b094c4b2115b95f1561320164 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
jagex-services.xyz
www.runescape.com
2606:4700:30::681b:bfd3
91.235.140.148
1f7a708bd9801202ab7e41f470259411bd3a0f116ceff279ed6988ee8495f429
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d
4de6e0c46e6f0d4117c7eee3933d450027542cf8c87e1ae3f813ef93eea43b87
51d4eeeede1b8b84839050c35f79108e6764c82159c9ad43c2a96f65cbcfc48b
6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646
a388fda211f543d8f19f2abe15f5e75b20e77a1790c05789e2a59a35d9ebb788
d4a9caeb086764a6047a04483a448c4ef37fbd00f27812c41f032aabe76120fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89