services.runescape.rs-ua.xyz Open in urlscan Pro
45.144.225.245 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rb.gy/ai6ol4
Effective URL:
https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
Submission: On December 05 via manual (December 5th 2021, 5:19:49 pm UTC) from NL — Scanned from NL

Summary HTTP 20 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 20 HTTP transactions. The main IP is 45.144.225.245, located in Netherlands and belongs to AS_DELIS, US. The main domain is services.runescape.rs-ua.xyz.
TLS certificate: Issued by R3 on December 3rd 2021. Valid for: 3 months.

This is the only time services.runescape.rs-ua.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	76.223.86.4 76.223.86.4	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3037::6815:2b8a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	45.144.225.245 45.144.225.245	211252 (AS_DELIS) (AS_DELIS)
2	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	5

1 76.223.86.4 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: abaa834e320054d4d.awsglobalaccelerator.com

rb.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:2b8a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

yoinkgp.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 45.144.225.245 (Netherlands)

ASN211252 (AS_DELIS, US)

services.runescape.rs-ua.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	rs-ua.xyz services.runescape.rs-ua.xyz	752 KB
2	cloudflare.com cdnjs.cloudflare.com	17 KB
1	jsdelivr.net cdn.jsdelivr.net	7 KB
1	googleapis.com ajax.googleapis.com	34 KB
1	yoinkgp.xyz 1 redirects yoinkgp.xyz	618 B
1	rb.gy 1 redirects rb.gy	211 B
0	ip-api.com Failed ip-api.com Failed
20	7

	Domain	Requested by
15	services.runescape.rs-ua.xyz	services.runescape.rs-ua.xyz cdn.jsdelivr.net
2	cdnjs.cloudflare.com	services.runescape.rs-ua.xyz
1	cdn.jsdelivr.net	services.runescape.rs-ua.xyz
1	ajax.googleapis.com	services.runescape.rs-ua.xyz
1	yoinkgp.xyz	1 redirects
1	rb.gy	1 redirects
0	ip-api.com Failed	cdn.jsdelivr.net
20	7

This site contains links to these domains. Also see Links.

Domain
www.runescape.com
auth.jagex.com
social.auth.jagex.com
secure.runescape.com

Subject Issuer	Validity	Valid
services.runescape.rs-ua.xyz R3	`2021-12-03` - `2022-03-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
Frame ID: A9A429B0BB88589BB6CA725775D755DC
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RuneScape Log In

Page URL History Show full URLs

https://rb.gy/ai6ol4 HTTP 301
https://yoinkgp.xyz/ HTTP 301
https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2 Page URL

Page Statistics

20
Requests

95 %
HTTPS

67 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

893 kB
Transfer

1408 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://www.runescape.com/

Search URL Search Domain Scan URL

URL: https://www.runescape.com/cant_log_in
Title: Can't Log In?

Search URL Search Domain Scan URL

URL: https://auth.jagex.com/google/v1/social/login/en?correlationId=https%3Awww%3Acommunity
Title: Log in with Google

Search URL Search Domain Scan URL

URL: https://auth.jagex.com/apple/v1/social/login/en?correlationId=https%3Awww%3Acommunity
Title: Log in with Apple

Search URL Search Domain Scan URL

URL: https://social.auth.jagex.com/v1/login?provider=steam-web&clientLanguageCode=en&callbackUrl=https%3A%2F%2Fsecure.runescape.com%2Fm%3Dweblogin%2Flogin%3Fredirto%3Dhttps%253Awww%253Acommunity%26theme%3Drunescape%26flow%3Dweb&errorCallbackUrl=https%3A%2F%2Fsecure.runescape.com%2Fm%3Dweblogin%2FsocialError%3Fredirto%3Dhttps%253Awww%253Acommunity%26theme%3Drunescape%26flow%3Dweb
Title: Log in with Steam

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=sn-integration/facebook/gamelogin.ws?mod=www&ssl=1&dest=community
Title: Log in with Facebook

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=account-creation/create_account
Title: Create an account

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rb.gy/ai6ol4 HTTP 301
https://yoinkgp.xyz/ HTTP 301
https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request loginform.ws247,816,134,27615264,2 Show response
services.runescape.rs-ua.xyz/m=weblogin/
Redirect Chain

https://rb.gy/ai6ol4
https://yoinkgp.xyz/
https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

10 KB
3 KB

85ms
37ms

Document
text/html

45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

d3c54d66f1f58b7bbc5fe7bfc8f3e9b136e4353a83b03df4674a805b944c2ad5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9

Response headers

Server: nginx
Date: Sun, 05 Dec 2021 17:19:42 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Cookie
X-Frame-Options: DENY
X-Content-Type-Options: nosniff nosniff
Referrer-Policy: same-origin no-referrer-when-downgrade
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

Redirect headers

date: Sun, 05 Dec 2021 17:19:42 GMT
location: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
cache-control: max-age=3600
expires: Sun, 05 Dec 2021 18:19:42 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hVhL89DW3jJuRhvSrxbtx9wfMbPfr84tRhejbxiXSFYK3EbfFK2hHmbNe45lC4dX6RwpiV6eSSetKZFjD9bMFhWY4ugMAf8g1v%2FoAb%2FMdhbSCs7pCKXDeZczdtedZbsnGqzlvyAg4TA30Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6b8ef0e4b9774e37-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK vendor-151.css
services.runescape.rs-ua.xyz/static/runescape_login/css/dual/ 113 KB
15 KB 24ms
23ms Stylesheet
text/css 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/vendor-151.css

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

876aa84b5c13c20f86a041db2b68a2d0bb456661cc7b3b1066f7cc3f3702c227

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:42 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: W/"611d49d0-1c3c6"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK site-151.css
services.runescape.rs-ua.xyz/static/runescape_login/css/dual/ 384 KB
97 KB 51ms
26ms Stylesheet
text/css 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

1684783bb4b210e3a99134a7e89c5832d8df165b22e7622a17189420b5b2442d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: W/"611d49d0-600fb"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ 58 KB
11 KB 74ms
29ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://services.runescape.rs-ua.xyz
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 05 Dec 2021 17:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 245247
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10480
timing-allow-origin: *
last-modified: Tue, 16 Mar 2021 19:29:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60510736-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IURTRB1h6%2Fl%2Fkh%2FSPBlHV8M48Gd4qS12N2kNTxginUdw2aVHQ%2BBHERJHHvxcDVsFXOlPCu9I6yM9HrYVE41L1%2Bl7AjaVIZl6dJ0IulSv7jgarrgpASnMd5oe0ZyLz%2BY4Jl4UevIMZkQrlkYWhtqwTjjE"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6b8ef0e5fbe74eb5-FRA
expires: Fri, 25 Nov 2022 17:19:43 GMT

GET
H/1.1 200
OK oldschool.png
services.runescape.rs-ua.xyz/static/runescape_login/img/ 7 KB
8 KB 56ms
16ms Image
image/png 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/oldschool.png

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: "611d49d0-1c26"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7206
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK runescape.png
services.runescape.rs-ua.xyz/static/runescape_login/img/ 3 KB
4 KB 37ms
15ms Image
image/png 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/runescape.png

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: "611d49d0-d2f"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3375
X-Content-Type-Options: nosniff

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 94 KB
34 KB 81ms
20ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 15:19:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93609
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33576
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Dec 2022 15:19:34 GMT

GET
H2 200 axios.min.js Show response
cdn.jsdelivr.net/npm/axios/dist/ 17 KB
7 KB 86ms
34ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 05 Dec 2021 17:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 30685
x-jsd-version: 0.24.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19165-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"45b3-NFbQ0Q5mnZV1R20jcsWI1sj3wos"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6b8ef0e608664ed9-FRA

GET
H2 200 platform.min.js Show response
cdnjs.cloudflare.com/ajax/libs/platform/1.3.6/ 14 KB
6 KB 76ms
33ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/platform/1.3.6/platform.min.js

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c039b6e245af3041933a2e283eb929be6c05618616e34ef2b8e3ca2bb368007

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://services.runescape.rs-ua.xyz
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 05 Dec 2021 17:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 243946
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5648
timing-allow-origin: *
last-modified: Sat, 04 Jul 2020 11:56:15 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f006e5f-38b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7Aug%2BTzmmuNDz97Mx%2FkOBqYOGZBt%2FlLHmKS1Jmj32OKPH57iLqD1YSaQ4FjGtvs0ylBCfXnEax0wlYKJdFoJZeWhuc9ICuU3W01bJhoY0oXR%2BGSYG9d08DOSFFxMwvJu1s74XXC40LRYT7aKLc%2BVaih"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6b8ef0e5fbee4eb5-FRA
expires: Fri, 25 Nov 2022 17:19:43 GMT

GET
H/1.1 200
OK login.js Show response
services.runescape.rs-ua.xyz/static/runescape_login/js/ 1 KB
1 KB 62ms
33ms Script
application/javascript 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/js/login.js

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

4e38f516482b1af70acd074331f808e48534b329e7faacf5ba91cce05a38d6d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 12:40:26 GMT
Server: nginx
ETag: W/"611cffba-4b3"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK telemetry.js Show response
services.runescape.rs-ua.xyz/static/runescape_login/js/ 1 KB
1 KB 46ms
14ms Script
application/javascript 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/js/telemetry.js

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

a54733cc0c60f66bc978e5fdfe3faa61d7585e1baa13deab6ed86566e7bc92bf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 12 Jul 2021 18:09:11 GMT
Server: nginx
ETag: W/"60ec8547-41d"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK js.cookie.min.js Show response
services.runescape.rs-ua.xyz/static/runescape_login/js/ 2 KB
2 KB 50ms
14ms Script
application/javascript 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/js/js.cookie.min.js

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 12 Jul 2021 18:09:11 GMT
Server: nginx
ETag: W/"60ec8547-79f"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK tile.jpg
services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/runescape/backgrounds/ 2 KB
2 KB 15ms
14ms Image
image/jpeg 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/runescape/backgrounds/tile.jpg

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: "611d49d0-789"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1929
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK dual.jpg
services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/backgrounds/ 539 KB
539 KB 19ms
18ms Image
image/jpeg 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/backgrounds/dual.jpg

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

6300dd738f3805e1c8dfd01bde16f4613334f991240dd30b7ab6833bb0b14a8b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: "611d49d0-86bc2"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 551874
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK google.svg
services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/logos/ 763 B
948 B 15ms
14ms Image
image/svg+xml 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/logos/google.svg

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: W/"611d49d0-2fb"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK apple-black.svg
services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/logos/ 2 KB
1 KB 15ms
14ms Image
image/svg+xml 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/logos/apple-black.svg

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

22557750f99896418f230d1d90cd2a86395226e2b7f7c0254d18ba96dd3abdeb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: W/"611d49d0-716"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK fb.svg
services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/logos/ 429 B
888 B 15ms
14ms Image
image/svg+xml 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/img/responsive/common/logos/fb.svg

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/site-151.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: W/"611d49d0-1ad"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
DATA 200
OK truncated
/ 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646

Request headers

Referer
Origin: https://services.runescape.rs-ua.xyz
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: application/x-font-woff

GET
DATA 200
OK truncated
/ 59 KB
59 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d

Request headers

Referer
Origin: https://services.runescape.rs-ua.xyz
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: application/x-font-woff

GET
H/1.1 200
OK fontawesome-webfont.woff2
services.runescape.rs-ua.xyz/static/runescape_login/fonts/ 75 KB
76 KB 19ms
18ms Font
font/woff2 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/static/runescape_login/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: services.runescape.rs-ua.xyz
URL: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/vendor-151.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://services.runescape.rs-ua.xyz/static/runescape_login/css/dual/vendor-151.css
Origin: https://services.runescape.rs-ua.xyz
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Aug 2021 17:56:32 GMT
Server: nginx
ETag: "611d49d0-12d68"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77160
X-Content-Type-Options: nosniff

GET /
ip-api.com/json/ 0
0

POST
H/1.1 201
Created / Show response
services.runescape.rs-ua.xyz/api/v1/add_current_visitor/ 170 B
731 B 40ms
40ms XHR
application/json 45.144.225.245
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL

https://services.runescape.rs-ua.xyz/api/v1/add_current_visitor/

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.144.225.245 , Netherlands, ASN211252 (AS_DELIS, US),

Reverse DNS

Software

nginx /

Resource Hash

5fb498be3fa5266b27e3fed2c516d78be11d63142323ddcd899f2e2af7efe435

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

Date: Sun, 05 Dec 2021 17:19:43 GMT
Referrer-Policy: same-origin, no-referrer-when-downgrade
Server: nginx
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Allow: POST, OPTIONS
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Connection: keep-alive
Vary: Accept
Content-Length: 170
X-XSS-Protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ip-api.com
URL: http://ip-api.com/json/?fields=status,message,continent,continentCode,country,countryCode,region,regionName,city,district,zip,lat,lon,timezone,offset,currency,isp,org,as,asname,reverse,mobile,proxy,hosting,query

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			services.runescape.rs-ua.xyz/	1970-01-20 07:56:14	Name: csrftoken Value: pRcole2rnbJjy2UODGo7SR9UJQW6GjzbCZlOapSxq6UaoCKpQHmtxBCFiC6gt7k1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js Message: Mixed Content: The page at 'https://services.runescape.rs-ua.xyz/m=weblogin/loginform.ws247,816,134,27615264,2' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ip-api.com/json/?fields=status,message,continent,continentCode,country,countryCode,region,regionName,city,district,zip,lat,lon,timezone,offset,currency,isp,org,as,asname,reverse,mobile,proxy,hosting,query'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
ip-api.com
rb.gy
services.runescape.rs-ua.xyz
yoinkgp.xyz
ip-api.com
2606:4700:3037::6815:2b8a
2606:4700::6810:135e
2606:4700::6810:5614
2a00:1450:4001:827::200a
45.144.225.245
76.223.86.4
1684783bb4b210e3a99134a7e89c5832d8df165b22e7622a17189420b5b2442d
1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
22557750f99896418f230d1d90cd2a86395226e2b7f7c0254d18ba96dd3abdeb
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d
4a32072c69079ffc44b4947317ec7144a1aef8a25a5ec9a0deaecd8196c1aadb
4e38f516482b1af70acd074331f808e48534b329e7faacf5ba91cce05a38d6d9
5fb498be3fa5266b27e3fed2c516d78be11d63142323ddcd899f2e2af7efe435
6300dd738f3805e1c8dfd01bde16f4613334f991240dd30b7ab6833bb0b14a8b
6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646
876aa84b5c13c20f86a041db2b68a2d0bb456661cc7b3b1066f7cc3f3702c227
8c039b6e245af3041933a2e283eb929be6c05618616e34ef2b8e3ca2bb368007
a54733cc0c60f66bc978e5fdfe3faa61d7585e1baa13deab6ed86566e7bc92bf
aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
d3c54d66f1f58b7bbc5fe7bfc8f3e9b136e4353a83b03df4674a805b944c2ad5
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89
f5b87209caa2e310f5d31890ce945dd194e12ada9839d8d5571ac994e477335a

services.runescape.rs-ua.xyz Open in urlscan Pro 45.144.225.245 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

20 Requests

95 %HTTPS

67 %IPv6

7 Domains

7 Subdomains

5 IPs

3 Countries

893 kBTransfer

1408 kBSize

1 Cookies

7 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

services.runescape.rs-ua.xyz Open in urlscan Pro
45.144.225.245 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

95 %
HTTPS

67 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

893 kB
Transfer

1408 kB
Size

1
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!