com-gb-er80uf.world Open in urlscan Pro
172.67.146.99  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response com-gb-er80uf.world/	12 KB 5 KB	245ms 181ms	Document text/html	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://com-gb-er80uf.world/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a117b8212c514c7fddf08e2d9b73666a2495e89435c884be698ee45d693e0e4 Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87e8f26938e9718c-LHR content-encoding br content-type text/html; charset=UTF-8 date Sat, 04 May 2024 13:48:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GrxRy%2Fbja6B48ZQXaInyaSuHMvpGMXJrurHO2TZ6CA0Q9ohJO%2FO9ucQJ6ru5XzmCHP%2BtxiTJ2IWNgjLzmkiz4ZpR9qYx2IF94izXuOJlMXME6n11daWWp1jru%2Bu9gpASAiuMT8WL"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	style.css com-gb-er80uf.world/css/	11 KB 3 KB	161ms 161ms	Stylesheet text/css	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://com-gb-er80uf.world/css/style.css Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83e5d5e4b88038dc4cbd109837d41cd93b691b00b99e5ba47e0964fe8e086b43 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 13:48:11 GMT content-encoding br cf-cache-status MISS last-modified Mon, 29 Jan 2024 19:59:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65b803b0-2c6b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5ZA13JlnbQEpaBNvjHPq4vVGD%2BG55Oo%2BuyyAHhX5ODYiRA%2FOtlOaz30AYIlkB0Tb3QeX20UvPax9bfJpWxz3LuYMO%2BsaNQtVjI8jz1ivTgVBef3md2oWZeUaHzn8%2B6rh8pLzcC%2F"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=86400 cf-ray 87e8f26a6a15718c-LHR alt-svc h3=":443"; ma=86400 expires Sun, 05 May 2024 13:48:11 GMT
GET H3	200	logo00.png com-gb-er80uf.world/img/	8 KB 8 KB	172ms 171ms	Image image/png	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://com-gb-er80uf.world/img/logo00.png Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f4c61331bef35ae6ac7d771b22d657b4c4d9e4c579707f581f6a60388f623b0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 13:48:11 GMT cf-cache-status MISS last-modified Fri, 25 Aug 2023 00:06:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64e7f07e-1feb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TrqD58c6JWxWhKVx5lPvNV4KiOIE5uCmBi%2BjJfpSCfsjYzoaQqecSjdmDNDRxc%2BPH4VD4%2F0Jer3lzsJ1LhMkAdNQMGyfQx%2BhPAcywYucGMJxHcpux7iCZMI0a0YXUQkQaZ9dsgc%2F"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=86400 accept-ranges bytes cf-ray 87e8f26a6a17718c-LHR alt-svc h3=":443"; ma=86400 content-length 8171 expires Sun, 05 May 2024 13:48:11 GMT
GET H3	200	google.svg com-gb-er80uf.world/img/	1 KB 1000 B	195ms 194ms	Image image/svg+xml	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://com-gb-er80uf.world/img/google.svg Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 855e6240fe4711ba3cdb368d99ddb0b718b33123a14e5e60e5e8a5bcfe53d05e Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 13:48:11 GMT content-encoding br cf-cache-status MISS last-modified Tue, 15 Aug 2023 06:43:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64db1ea0-422" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CDDMH9eP2qwVKo0%2BB1tiSFT5%2FZ5AKORgZXNPhc%2B4DUWqoHXBHpuHllE%2FY3OXyKNIqqa5KUDVgYcTs4Jfi1gqokk42WOcGKcg%2FDAEqfYpP1Nmezmq9GXZYlA8mZ0j1fmNeJuHhK0N"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=86400 cf-ray 87e8f26a7a1f718c-LHR alt-svc h3=":443"; ma=86400 expires Sun, 05 May 2024 13:48:11 GMT
GET H3	200	script.js Show response com-gb-er80uf.world/js/	6 KB 2 KB	165ms 165ms	Script application/javascript	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://com-gb-er80uf.world/js/script.js Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b3062cd4f6bc82aee93d9456d82fbeee5c7baa2c5205167b09d4c008e49dc8d4 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 13:48:11 GMT content-encoding br cf-cache-status MISS last-modified Sun, 07 Jan 2024 14:24:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"659ab405-1715" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhKdYfeiUvZ84uoaI2cLwAeq1Zdn6aOOg7wc6rK4SbY37iJUrlVo2lgaavIuofZCWMoLCqoH%2F7zqgaOLKCCagbHsCfi4JgnAqNnr6ngUh5IEhteWlnH4YGwJp09rvkyMl67Vi59s"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 87e8f26a6a18718c-LHR alt-svc h3=":443"; ma=86400 expires Sun, 05 May 2024 13:48:11 GMT
GET H2	200	css2 fonts.googleapis.com/	809 B 814 B	152ms 60ms	Stylesheet text/css	2a00:1450:4001:81c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Cinzel:wght@500&display=swap Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/css/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 37c6d3ab4f48ead6ca244e360fdb63d8128d7b63f73b273b44d08af32e180560 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Sat, 04 May 2024 13:48:11 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 04 May 2024 13:48:11 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 04 May 2024 13:48:11 GMT
GET H3	200	bg.jpg com-gb-er80uf.world/img/	637 KB 637 KB	273ms 273ms	Image image/jpeg	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://com-gb-er80uf.world/img/bg.jpg Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f8d65bc2f13c539bedd1b6f092520e61ec64be53dd2a40f746139a8ff6ea6575 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/css/style.css Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 13:48:11 GMT cf-cache-status MISS last-modified Tue, 05 Sep 2023 04:06:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64f6a946-9f267" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JEPDJUEq1Pf7EjOerWYilRF02aou7kN2mD9liQjY8Dq0qMurrFHBCrtipkkzbVSWtY%2FLi5%2FYa7pL8BgWdX9mKmKO%2BYnnUuQGsP4tGPyvlqlJmedwrVEU35SX8vevm4jnt21LSON"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=86400 accept-ranges bytes cf-ray 87e8f26c5bbc718c-LHR alt-svc h3=":443"; ma=86400 content-length 651879 expires Sun, 05 May 2024 13:48:11 GMT
GET H3	200	regular.otf com-gb-er80uf.world/font/bagu/	10 KB 11 KB	165ms 165ms	Font application/octet-stream	172.67.146.99 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://com-gb-er80uf.world/font/bagu/regular.otf Requested by Host: com-gb-er80uf.world URL: https://com-gb-er80uf.world/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.99 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bb2e2af98510278af5f5d12575b1743982cd8648b0c67fc7a279180eff21f6c6 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://com-gb-er80uf.world/css/style.css Origin https://com-gb-er80uf.world Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 13:48:11 GMT cf-cache-status MISS last-modified Thu, 18 Nov 2021 12:11:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "619642e8-2958" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6HZWElnfLzhgn4IGlJfDTvfhvN9iH0myDIj7eZ%2BJhvx3oZ7XUpm44JHgzxnHEii7Oaw0lYEjgOGiIxOkPdifsNo5QZ7NiDvBDZUnZIQcp48gMmsb0rwP%2FcD%2FIvsaOh6QbuSvwlc"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 87e8f26c6bbf718c-LHR alt-svc h3=":443"; ma=86400 content-length 10584
GET		favi.svg secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app/GB/loginjppLoginFlowId/365usMW5E9PwBi9mdVKy2eflowweb&authMethodform/e3f11c2417ce4289aa3c4bab78f18f19ga2608805117842816401693865651/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app

URL

https://secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app/GB/loginjppLoginFlowId/365usMW5E9PwBi9mdVKy2eflowweb&authMethodform/e3f11c2417ce4289aa3c4bab78f18f19ga2608805117842816401693865651/img/favi.svg

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Jagex (Gaming)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateEmail function| showErrorMessageEmail function| hideErrorMessageEmail object| ver function| showErrorMessageUsername function| hideErrorMessageUsername function| change_email function| change_username object| add object| box object| conta object| inpu object| lb function| hidePreloader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app/GB/loginjppLoginFlowId/365usMW5E9PwBi9mdVKy2eflowweb&authMethodform/e3f11c2417ce4289aa3c4bab78f18f19ga2608805117842816401693865651/img/favi.svg Message: Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

com-gb-er80uf.world
fonts.googleapis.com
secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app
secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app
172.67.146.99
2a00:1450:4001:81c::200a
37c6d3ab4f48ead6ca244e360fdb63d8128d7b63f73b273b44d08af32e180560
4a117b8212c514c7fddf08e2d9b73666a2495e89435c884be698ee45d693e0e4
83e5d5e4b88038dc4cbd109837d41cd93b691b00b99e5ba47e0964fe8e086b43
855e6240fe4711ba3cdb368d99ddb0b718b33123a14e5e60e5e8a5bcfe53d05e
8f4c61331bef35ae6ac7d771b22d657b4c4d9e4c579707f581f6a60388f623b0
b3062cd4f6bc82aee93d9456d82fbeee5c7baa2c5205167b09d4c008e49dc8d4
bb2e2af98510278af5f5d12575b1743982cd8648b0c67fc7a279180eff21f6c6
f8d65bc2f13c539bedd1b6f092520e61ec64be53dd2a40f746139a8ff6ea6575