jagex-services.xyz Open in urlscan Pro
2606:4700:30::681b:bfd3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html
Submission Tags: @ipnigh
Submission: On June 23 via api (June 23rd 2019, 8:03:02 pm UTC) from GB

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:30::681b:bfd3, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is jagex-services.xyz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on June 23rd 2019. Valid for: a year.

This is the only time jagex-services.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:30:... 2606:4700:30::681b:bfd3	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	91.235.140.148 91.235.140.148	44521 (JAGEX-AS) (JAGEX-AS)
9	3

7 2606:4700:30::681b:bfd3 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

jagex-services.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.140.148 (United Kingdom)

ASN44521 (JAGEX-AS, GB)
PTR: nginx.web.any.jagex.com

www.runescape.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	jagex-services.xyz jagex-services.xyz	418 KB
2	runescape.com www.runescape.com
9	2

	Domain	Requested by
7	jagex-services.xyz	jagex-services.xyz
2	www.runescape.com	jagex-services.xyz
9	2

This site contains links to these domains. Also see Links.

Domain
www.runescape.com
secure.runescape.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-06-23` - `2020-06-22`	a year	crt.sh
www.runescape.com DigiCert SHA2 High Assurance Server CA	`2018-08-06` - `2020-09-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html
Frame ID: 72649BBE1E07DFCC5FC1DEF16E7A811B
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

502 kB
Transfer

1114 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.runescape.com/
Title:

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=sn-integration/google/gamelogin.ws?mod=www&ssl=1&dest=community
Title: Log In

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=account-creation/create_account?theme=runescape
Title: Create an account

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request loginform789c.html Show response jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/	9 KB 2 KB	153ms 137ms	Document text/html	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `1f7a708bd9801202ab7e41f470259411bd3a0f116ceff279ed6988ee8495f429` Request headers :method GET :authority jagex-services.xyz :scheme https :path /secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Sun, 23 Jun 2019 20:02:44 GMT content-type text/html set-cookie __cfduid=d86859f2d40b0e3a82b094c4b2115b95f1561320164; expires=Mon, 22-Jun-20 20:02:44 GMT; path=/; domain=.jagex-services.xyz; HttpOnly last-modified Fri, 21 Jun 2019 18:54:23 GMT vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4eb90fb4584ec303-FRA content-encoding br
GET H2	200	vendor-119.css jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/	110 KB 15 KB	242ms 238ms	Stylesheet text/css	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/vendor-119.css Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `d4a9caeb086764a6047a04483a448c4ef37fbd00f27812c41f032aabe76120fd` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Jun 2019 20:02:44 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2019 18:54:25 GMT server cloudflare etag W/"1b9b6-58bd9fdc41c90-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4eb90fb54b51c303-FRA expires Mon, 24 Jun 2019 00:02:44 GMT
GET H2	200	site-119.css jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/	275 KB 80 KB	218ms 215ms	Stylesheet text/css	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/site-119.css Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `a388fda211f543d8f19f2abe15f5e75b20e77a1790c05789e2a59a35d9ebb788` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Jun 2019 20:02:44 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2019 18:54:25 GMT server cloudflare etag W/"44b33-58bd9fdc491c0-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4eb90fb54b53c303-FRA expires Mon, 24 Jun 2019 00:02:44 GMT
GET H2	200	runescape.png jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/common/logos/	3 KB 3 KB	148ms 146ms	Image image/png	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/common/logos/runescape.png Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Jun 2019 20:02:44 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2019 18:54:26 GMT server cloudflare etag "d2f-58bd9fdd1d829" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4eb90fb54b57c303-FRA content-length 3375 expires Mon, 24 Jun 2019 00:02:44 GMT
GET H2	200	vendor-120.html Show response jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/js/c/responsive/	445 KB 130 KB	238ms 236ms	Script text/html	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/js/c/responsive/vendor-120.html Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `51d4eeeede1b8b84839050c35f79108e6764c82159c9ad43c2a96f65cbcfc48b` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Jun 2019 20:02:44 GMT content-encoding br last-modified Fri, 21 Jun 2019 18:54:24 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 200 cf-ray 4eb90fb54b54c303-FRA
GET H2	200	tile.jpg jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/runescape/backgrounds/	2 KB 2 KB	125ms 124ms	Image image/jpeg	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/runescape/backgrounds/tile.jpg Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/site-119.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Jun 2019 20:02:45 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2019 18:54:26 GMT server cloudflare etag "789-58bd9fdd4be57" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4eb90fb7196dc303-FRA content-length 1929 expires Mon, 24 Jun 2019 00:02:45 GMT
GET H2	200	vista.jpg jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/runescape/backgrounds/	185 KB 186 KB	232ms 231ms	Image image/jpeg	2606:4700:30::681b:bfd3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/img/responsive/runescape/backgrounds/vista.jpg Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:bfd3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `4de6e0c46e6f0d4117c7eee3933d450027542cf8c87e1ae3f813ef93eea43b87` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/site-119.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Jun 2019 20:02:45 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2019 18:54:26 GMT server cloudflare etag "2e5e4-58bd9fdd5a8b6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4eb90fb7196fc303-FRA content-length 189924 expires Mon, 24 Jun 2019 00:02:45 GMT
GET H/1.1	404 Not found	fb.svg www.runescape.com/img/responsive/common/logos/	0 0	1190ms 150ms	Image text/html	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/fb.svg Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/site-119.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers
GET H/1.1	404 Not found	google.svg www.runescape.com/img/responsive/common/logos/	0 0	1368ms 179ms	Image text/html	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/google.svg Requested by Host: jagex-services.xyz URL: https://jagex-services.xyz/secure/m%3dforum/Login/secure.runescape.com/m=weblogin/loginform789c.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://jagex-services.xyz/secure/m%3dforum/Login/www.runescape.com/css/c/responsive/runescape/site-119.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	25 KB 25 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Origin https://jagex-services.xyz Response headers Content-Type application/x-font-woff
GET DATA	200 OK	truncated /	59 KB 59 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Origin https://jagex-services.xyz Response headers Content-Type application/x-font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.jagex-services.xyz/	1970-01-19 10:27:36	Name: __cfduid Value: d86859f2d40b0e3a82b094c4b2115b95f1561320164

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jagex-services.xyz
www.runescape.com
2606:4700:30::681b:bfd3
91.235.140.148
1f7a708bd9801202ab7e41f470259411bd3a0f116ceff279ed6988ee8495f429
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d
4de6e0c46e6f0d4117c7eee3933d450027542cf8c87e1ae3f813ef93eea43b87
51d4eeeede1b8b84839050c35f79108e6764c82159c9ad43c2a96f65cbcfc48b
6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646
a388fda211f543d8f19f2abe15f5e75b20e77a1790c05789e2a59a35d9ebb788
d4a9caeb086764a6047a04483a448c4ef37fbd00f27812c41f032aabe76120fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89

jagex-services.xyz Open in urlscan Pro 2606:4700:30::681b:bfd3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

502 kBTransfer

1114 kBSize

1 Cookies

3 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

1 Cookies

Indicators

jagex-services.xyz Open in urlscan Pro
2606:4700:30::681b:bfd3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

502 kB
Transfer

1114 kB
Size

1
Cookies

9 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!