secure.runescape.com-lk.info
Open in
urlscan Pro
78.142.29.4
Malicious Activity!
Public Scan
Submitted URL: https://url.mills.io/r/3YB9x
Effective URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Submission: On November 27 via api from BE
Effective URL: https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Submission: On November 27 via api from BE
Summary
This website contacted 4 IPs
in 4 countries
across 5 domains to perform 18 HTTP transactions.
The main IP is 78.142.29.4, located in
Bulgaria and
belongs to VERDINA, BG.
The main domain is secure.runescape.com-lk.info.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 26th 2019. Valid for: 3 months.
This is the only time secure.runescape.com-lk.info was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on November 26th 2019. Valid for: 3 months.
This is the only time secure.runescape.com-lk.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 150.101.179.235 150.101.179.235 | 4739 (INTERNODE...) (INTERNODE-AS Internode Pty Ltd) | |
| 1 1 | 2606:4700:30:... 2606:4700:30::681c:404 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 11 | 78.142.29.4 78.142.29.4 | 201133 (VERDINA) (VERDINA) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 6 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 18 | 4 |
1
150.101.179.235
(Herston, Australia)
ASN4739 (INTERNODE-AS Internode Pty Ltd, AU)
PTR: mail.lvrc.qld.gov.au
ASN4739 (INTERNODE-AS Internode Pty Ltd, AU)
PTR: mail.lvrc.qld.gov.au
| url.mills.io |
11
78.142.29.4
(Bulgaria)
ASN201133 (VERDINA, BG)
PTR: srvr.shared-host.net
ASN201133 (VERDINA, BG)
PTR: srvr.shared-host.net
| secure.runescape.com-lk.info |
1
2a00:1450:4001:820::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.googleapis.com |
6
2a00:1450:4001:809::2003
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.gstatic.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
com-lk.info
secure.runescape.com-lk.info |
2 MB |
| 6 |
gstatic.com
fonts.gstatic.com |
67 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
920 B |
| 1 |
joo.gl
1 redirects
joo.gl |
619 B |
| 1 |
mills.io
1 redirects
url.mills.io |
81 B |
| 18 | 5 |
| Domain | Requested by | |
|---|---|---|
| 11 | secure.runescape.com-lk.info |
secure.runescape.com-lk.info
|
| 6 | fonts.gstatic.com |
secure.runescape.com-lk.info
|
| 1 | fonts.googleapis.com |
secure.runescape.com-lk.info
|
| 1 | joo.gl | 1 redirects |
| 1 | url.mills.io | 1 redirects |
| 18 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| oldschool.runescape.com |
| www.runescape.com |
| secure.jagex.com |
| secure.runescape.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| secure.runescape.com-lk.info Let's Encrypt Authority X3 |
2019-11-26 - 2020-02-24 |
3 months | crt.sh |
| *.googleapis.com GTS CA 1O1 |
2019-11-05 - 2020-01-28 |
3 months | crt.sh |
| *.google.com GTS CA 1O1 |
2019-11-05 - 2020-01-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253
Frame ID: D3A200D2311B835F3C0726E315F90EE3
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://url.mills.io/r/3YB9x
HTTP 302
https://joo.gl/qDeT HTTP 301
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253 Page URL
Detected technologies
LiteSpeed
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^LiteSpeed$/i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
URL: https://oldschool.runescape.com/
Search URL Search Domain Scan URL
URL: https://www.runescape.com/
Search URL Search Domain Scan URL
URL: https://secure.jagex.com/m=weblogin/a=870/g=runescape/cant_log_in
Title: Can't Log In?
Title: Can't Log In?
Search URL Search Domain Scan URL
URL: https://secure.runescape.com/m=weblogin/loginform.ws?mod=www&ssl=1&expired=0&dest=account_settings.ws
Title: Log In
Title: Log In
Search URL Search Domain Scan URL
URL: https://secure.runescape.com/m=sn-integration/a=870/google/gamelogin.ws?mod=www&ssl=1&dest=account_settings.ws
Title: Log In
Title: Log In
Search URL Search Domain Scan URL
URL: https://secure.runescape.com/m=account-creation/a=870/create_account
Title: Create an account
Title: Create an account
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://url.mills.io/r/3YB9x
HTTP 302
https://joo.gl/qDeT HTTP 301
https://secure.runescape.com-lk.info/m=weblogin/loginform.ws522,273,499,43686631,253 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
loginform.ws522,273,499,43686631,253
secure.runescape.com-lk.info/m=weblogin/ Redirect Chain
|
2 MB 410 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
webfontloader.js
secure.runescape.com-lk.info/vendors/webfontloader/ |
16 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
material-icons.css
secure.runescape.com-lk.info/vendors/material-design-icons/iconfont/ |
1004 B 498 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
materialdesignicons.css
secure.runescape.com-lk.info/vendors/mdi/css/ |
131 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
14 KB 920 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
oldschool.png
secure.runescape.com-lk.info/assets/rs-site/img/logos/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
runescape.png
secure.runescape.com-lk.info/assets/rs-site/img/logos/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.js
secure.runescape.com-lk.info/assets/ |
4 MB 778 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
01c3e30df662f802a715a5ed70ef40e1.jpg
secure.runescape.com-lk.info/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
a4d4d4902bf39779c240190237076d0f.jpg
secure.runescape.com-lk.info/images/ |
539 KB 539 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
9aace6b1648490c4fddc70af6d1633cd.svg
secure.runescape.com-lk.info/images/ |
429 B 350 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e156949ce14c6ce50b9b7a17c99bca7a.svg
secure.runescape.com-lk.info/images/ |
763 B 423 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
17 KB 17 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
31 KB 31 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOkCnqEu92Fr1MmgVxIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v20/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| WebFontConfig object| WebFont1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| secure.runescape.com-lk.info/ | Name: PHPSESSID Value: s673k11cu55jq2n2rn4tl0h407 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
joo.gl
secure.runescape.com-lk.info
url.mills.io
150.101.179.235
2606:4700:30::681c:404
2a00:1450:4001:809::2003
2a00:1450:4001:820::200a
78.142.29.4
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b
40331f000b4c33857f01a318722dc965550bd452aaa0fc4f1296bf25b19bfd28
4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6300dd738f3805e1c8dfd01bde16f4613334f991240dd30b7ab6833bb0b14a8b
7b0530cdd81d1ab8cebd21a5d869885d1d9560cba38b4a4052bb6063ed91d209
7d065af21f93407ad4b3ccda317f95cfa297deb482c03d487d967728c3454efa
81908f404c4666627395b43339432710aa5de31e8740b41651c866a57f63b15d
8685eb21c6671209426fcf88c9c0d49c8e1a8eb959fbddbad652c052abf14673
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
969d3b8c3b846ba9d4dd5fa3936ec2c610f4f9f67f6f880cc9b00ebda3414083
b6fcdc227c1cb1219e6620470f5046a0d3f868abc1c2cb85b304c1bcd25fbd6c
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d89471460af222f363c3e4da767d3655d339b77f88be1b272419649844269ad4
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89
e78c41b56c5ec2b20cf75f0fc614e291e5cf91141943267748c3ae3f5f23169b
f3eb8d586a710fd04797363692acb5593196681b589f8491a43be0fc68000474
f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a