secure.runescape.com-lk.info Open in urlscan Pro
78.142.29.4  Malicious Activity! Public Scan

Submitted URL: https://url.mills.io/r/3YB9x
Effective URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Submission: On November 27 via api from BE

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 18 HTTP transactions. The main IP is 78.142.29.4, located in Bulgaria and belongs to VERDINA, BG. The main domain is secure.runescape.com-lk.info.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 26th 2019. Valid for: 3 months.
This is the only time secure.runescape.com-lk.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 150.101.179.235 4739 (INTERNODE...)
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
11 78.142.29.4 201133 (VERDINA)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
18 4
Apex Domain
Subdomains
Transfer
11 com-lk.info
secure.runescape.com-lk.info
2 MB
6 gstatic.com
fonts.gstatic.com
67 KB
1 googleapis.com
fonts.googleapis.com
920 B
1 joo.gl
joo.gl
619 B
1 mills.io
url.mills.io
81 B
18 5
Domain Requested by
11 secure.runescape.com-lk.info secure.runescape.com-lk.info
6 fonts.gstatic.com secure.runescape.com-lk.info
1 fonts.googleapis.com secure.runescape.com-lk.info
1 joo.gl 1 redirects
1 url.mills.io 1 redirects
18 5

This site contains links to these domains. Also see Links.

Domain
oldschool.runescape.com
www.runescape.com
secure.jagex.com
secure.runescape.com
Subject Issuer Validity Valid
secure.runescape.com-lk.info
Let's Encrypt Authority X3
2019-11-26 -
2020-02-24
3 months crt.sh
*.googleapis.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
*.google.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh

This page contains 1 frames:

Primary Page: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Frame ID: D3A200D2311B835F3C0726E315F90EE3
Requests: 20 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://url.mills.io/r/3YB9x HTTP 302
    https://joo.gl/qDeT HTTP 301
    https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

18
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

1903 kB
Transfer

6665 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://url.mills.io/r/3YB9x HTTP 302
    https://joo.gl/qDeT HTTP 301
    https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request loginform.ws522,273,499,43686631,253
secure.runescape.com-lk.info/m=weblogin/
Redirect Chain
  • https://url.mills.io/r/3YB9x
  • https://joo.gl/qDeT
  • https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
2 MB
410 KB
Document
General
Full URL
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
b6fcdc227c1cb1219e6620470f5046a0d3f868abc1c2cb85b304c1bcd25fbd6c

Request headers

:method
GET
:authority
secure.runescape.com-lk.info
:scheme
https
:path
/m=weblogin/loginform.ws522,273,499,43686631,253
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
404
set-cookie
PHPSESSID=s673k11cu55jq2n2rn4tl0h407; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding
date
Wed, 27 Nov 2019 22:58:34 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000

Redirect headers

status
301
date
Wed, 27 Nov 2019 22:58:34 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d38c07e270b55019d14790a71425f3d5b1574895513; expires=Fri, 27-Dec-19 22:58:33 GMT; path=/; domain=.joo.gl; HttpOnly AppSession=626op3kr3k346pr6d1m6qh7104; path=/; HttpOnly csrfToken=3566becaa114362eb2fcca56209ee5870f08f82cdba2e2c1f9f3d5dcee814f47ec3246e89b2b20584fc7c8e607da0d7132618ecd43a094302017f2ebba96416c; path=/
x-powered-by
PHP/7.0.33
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-frame-options
SAMEORIGIN
location
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
53c7b51fdd18cbc4-VIE
webfontloader.js
secure.runescape.com-lk.info/vendors/webfontloader/
16 KB
5 KB
Script
General
Full URL
https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
8685eb21c6671209426fcf88c9c0d49c8e1a8eb959fbddbad652c052abf14673

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
content-encoding
br
last-modified
Fri, 12 Jul 2019 18:07:52 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
5366
expires
Wed, 04 Dec 2019 22:58:34 GMT
material-icons.css
secure.runescape.com-lk.info/vendors/material-design-icons/iconfont/
1004 B
498 B
Stylesheet
General
Full URL
https://secure.runescape.com-lk.info/vendors/material-design-icons/iconfont/material-icons.css
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
7d065af21f93407ad4b3ccda317f95cfa297deb482c03d487d967728c3454efa

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
content-encoding
br
last-modified
Fri, 12 Jul 2019 18:08:50 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
390
expires
Wed, 04 Dec 2019 22:58:34 GMT
materialdesignicons.css
secure.runescape.com-lk.info/vendors/mdi/css/
131 KB
18 KB
Stylesheet
General
Full URL
https://secure.runescape.com-lk.info/vendors/mdi/css/materialdesignicons.css
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
40331f000b4c33857f01a318722dc965550bd452aaa0fc4f1296bf25b19bfd28

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
content-encoding
br
last-modified
Fri, 12 Jul 2019 18:09:34 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
18098
expires
Wed, 04 Dec 2019 22:58:34 GMT
css
fonts.googleapis.com/
14 KB
920 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
7b0530cdd81d1ab8cebd21a5d869885d1d9560cba38b4a4052bb6063ed91d209
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 27 Nov 2019 22:58:34 GMT
server
ESF
access-control-allow-origin
*
date
Wed, 27 Nov 2019 22:58:34 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Wed, 27 Nov 2019 22:58:34 GMT
oldschool.png
secure.runescape.com-lk.info/assets/rs-site/img/logos/
29 KB
29 KB
Image
General
Full URL
https://secure.runescape.com-lk.info/assets/rs-site/img/logos/oldschool.png
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
f3eb8d586a710fd04797363692acb5593196681b589f8491a43be0fc68000474

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
last-modified
Fri, 12 Jul 2019 17:39:52 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
29503
expires
Wed, 04 Dec 2019 22:58:34 GMT
runescape.png
secure.runescape.com-lk.info/assets/rs-site/img/logos/
3 KB
3 KB
Image
General
Full URL
https://secure.runescape.com-lk.info/assets/rs-site/img/logos/runescape.png
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
last-modified
Fri, 12 Jul 2019 17:40:06 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
3375
expires
Wed, 04 Dec 2019 22:58:34 GMT
app.js
secure.runescape.com-lk.info/assets/
4 MB
778 KB
Script
General
Full URL
https://secure.runescape.com-lk.info/assets/app.js
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
e78c41b56c5ec2b20cf75f0fc614e291e5cf91141943267748c3ae3f5f23169b

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
content-encoding
br
last-modified
Fri, 12 Jul 2019 18:53:44 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
796498
expires
Wed, 04 Dec 2019 22:58:34 GMT
01c3e30df662f802a715a5ed70ef40e1.jpg
secure.runescape.com-lk.info/images/
2 KB
2 KB
Image
General
Full URL
https://secure.runescape.com-lk.info/images/01c3e30df662f802a715a5ed70ef40e1.jpg
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
last-modified
Fri, 12 Jul 2019 18:09:52 GMT
server
LiteSpeed
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1929
expires
Wed, 04 Dec 2019 22:58:34 GMT
a4d4d4902bf39779c240190237076d0f.jpg
secure.runescape.com-lk.info/images/
539 KB
539 KB
Image
General
Full URL
https://secure.runescape.com-lk.info/images/a4d4d4902bf39779c240190237076d0f.jpg
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
6300dd738f3805e1c8dfd01bde16f4613334f991240dd30b7ab6833bb0b14a8b

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
last-modified
Fri, 12 Jul 2019 17:41:10 GMT
server
LiteSpeed
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
551874
expires
Wed, 04 Dec 2019 22:58:34 GMT
9aace6b1648490c4fddc70af6d1633cd.svg
secure.runescape.com-lk.info/images/
429 B
350 B
Image
General
Full URL
https://secure.runescape.com-lk.info/images/9aace6b1648490c4fddc70af6d1633cd.svg
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
content-encoding
br
last-modified
Fri, 12 Jul 2019 17:42:56 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
279
expires
Wed, 04 Dec 2019 22:58:34 GMT
e156949ce14c6ce50b9b7a17c99bca7a.svg
secure.runescape.com-lk.info/images/
763 B
423 B
Image
General
Full URL
https://secure.runescape.com-lk.info/images/e156949ce14c6ce50b9b7a17c99bca7a.svg
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.4 , Bulgaria, ASN201133 (VERDINA, BG),
Reverse DNS
srvr.shared-host.net
Software
LiteSpeed /
Resource Hash
f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a

Request headers

Referer
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 Nov 2019 22:58:34 GMT
content-encoding
br
last-modified
Fri, 12 Jul 2019 17:43:32 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
353
expires
Wed, 04 Dec 2019 22:58:34 GMT
truncated
/
17 KB
17 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d89471460af222f363c3e4da767d3655d339b77f88be1b272419649844269ad4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://secure.runescape.com-lk.info

Response headers

Content-Type
font/opentype
truncated
/
31 KB
31 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
81908f404c4666627395b43339432710aa5de31e8740b41651c866a57f63b15d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://secure.runescape.com-lk.info

Response headers

Content-Type
application/font-woff
KFOkCnqEu92Fr1MmgVxIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1MmgVxIIzIXKMny.woff2
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
969d3b8c3b846ba9d4dd5fa3936ec2c610f4f9f67f6f880cc9b00ebda3414083
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Origin
https://secure.runescape.com-lk.info

Response headers

date
Fri, 22 Nov 2019 01:37:46 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:40 GMT
server
sffe
age
508848
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
10984
x-xss-protection
0
expires
Sat, 21 Nov 2020 01:37:46 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Origin
https://secure.runescape.com-lk.info

Response headers

date
Tue, 19 Nov 2019 01:14:28 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
769446
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11180
x-xss-protection
0
expires
Wed, 18 Nov 2020 01:14:28 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Origin
https://secure.runescape.com-lk.info

Response headers

date
Thu, 21 Nov 2019 15:36:21 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
544933
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 20 Nov 2020 15:36:21 GMT
KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v20/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Origin
https://secure.runescape.com-lk.info

Response headers

date
Thu, 21 Nov 2019 20:38:42 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:19:00 GMT
server
sffe
age
526792
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
12680
x-xss-protection
0
expires
Fri, 20 Nov 2020 20:38:42 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Origin
https://secure.runescape.com-lk.info

Response headers

date
Thu, 21 Nov 2019 20:40:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
526707
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 20 Nov 2020 20:40:07 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: secure.runescape.com-lk.info
URL: https://secure.runescape.com-lk.info/vendors/webfontloader/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:100,300,400,400italic,500,700&subset=latin
Origin
https://secure.runescape.com-lk.info

Response headers

date
Wed, 20 Nov 2019 18:56:52 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
619302
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11020
x-xss-protection
0
expires
Thu, 19 Nov 2020 18:56:52 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| WebFontConfig object| WebFont

1 Cookies

Domain/Path Name / Value
secure.runescape.com-lk.info/ Name: PHPSESSID
Value: s673k11cu55jq2n2rn4tl0h407

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
joo.gl
secure.runescape.com-lk.info
url.mills.io
150.101.179.235
2606:4700:30::681c:404
2a00:1450:4001:809::2003
2a00:1450:4001:820::200a
78.142.29.4
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b
40331f000b4c33857f01a318722dc965550bd452aaa0fc4f1296bf25b19bfd28
4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6300dd738f3805e1c8dfd01bde16f4613334f991240dd30b7ab6833bb0b14a8b
7b0530cdd81d1ab8cebd21a5d869885d1d9560cba38b4a4052bb6063ed91d209
7d065af21f93407ad4b3ccda317f95cfa297deb482c03d487d967728c3454efa
81908f404c4666627395b43339432710aa5de31e8740b41651c866a57f63b15d
8685eb21c6671209426fcf88c9c0d49c8e1a8eb959fbddbad652c052abf14673
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
969d3b8c3b846ba9d4dd5fa3936ec2c610f4f9f67f6f880cc9b00ebda3414083
b6fcdc227c1cb1219e6620470f5046a0d3f868abc1c2cb85b304c1bcd25fbd6c
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d89471460af222f363c3e4da767d3655d339b77f88be1b272419649844269ad4
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89
e78c41b56c5ec2b20cf75f0fc614e291e5cf91141943267748c3ae3f5f23169b
f3eb8d586a710fd04797363692acb5593196681b589f8491a43be0fc68000474
f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a