secure.runescape.com-iq.info Open in urlscan Pro
78.142.29.4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://url.mills.io/r/NwmBu
Effective URL:
https://secure.runescape.com-iq.info/m=weblogin/loginform.ws522,273,499,43686631,253
Submission: On December 07 via manual (December 7th 2019, 6:10:09 am UTC) from SE

Summary HTTP 18 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 18 HTTP transactions. The main IP is 78.142.29.4, located in Bulgaria and belongs to VERDINA, BG. The main domain is secure.runescape.com-iq.info.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 3rd 2019. Valid for: 3 months.

This is the only time secure.runescape.com-iq.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	150.101.179.235 150.101.179.235	4739 (INTERNODE...) (INTERNODE-AS Internode Pty Ltd)
1 1	2606:4700:30:... 2606:4700:30::681c:504	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
11	78.142.29.4 78.142.29.4	201133 (VERDINA) (VERDINA)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
6	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
18	4

1 150.101.179.235 (Herston, Australia) 1 redirects

ASN4739 (INTERNODE-AS Internode Pty Ltd, AU)
PTR: mail.lvrc.qld.gov.au

url.mills.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:504 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

joo.gl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 78.142.29.4 (Bulgaria)

ASN201133 (VERDINA, BG)
PTR: srvr.shared-host.net

secure.runescape.com-iq.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	com-iq.info secure.runescape.com-iq.info	2 MB
6	gstatic.com fonts.gstatic.com	67 KB
1	googleapis.com fonts.googleapis.com	909 B
1	joo.gl 1 redirects joo.gl	620 B
1	mills.io 1 redirects url.mills.io	81 B
18	5

	Domain	Requested by
11	secure.runescape.com-iq.info	secure.runescape.com-iq.info
6	fonts.gstatic.com	secure.runescape.com-iq.info
1	fonts.googleapis.com	secure.runescape.com-iq.info
1	joo.gl	1 redirects
1	url.mills.io	1 redirects
18	5

This site contains links to these domains. Also see Links.

Domain
oldschool.runescape.com
www.runescape.com
secure.jagex.com
secure.runescape.com

Subject Issuer	Validity	Valid
secure.runescape.com-iq.info Let's Encrypt Authority X3	`2019-12-03` - `2020-03-02`	3 months	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure.runescape.com-iq.info/m=weblogin/loginform.ws522,273,499,43686631,253
Frame ID: ED9514185EEA6F99AC716A50CB3069F4
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://url.mills.io/r/NwmBu HTTP 302
https://joo.gl/qDeT HTTP 301
https://secure.runescape.com-iq.info/m=weblogin/loginform.ws522,273,499,43686631,253 Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

18
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

1902 kB
Transfer

6665 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://oldschool.runescape.com/

Search URL Search Domain Scan URL

URL: https://www.runescape.com/

Search URL Search Domain Scan URL

URL: https://secure.jagex.com/m=weblogin/a=870/g=runescape/cant_log_in
Title: Can't Log In?

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=weblogin/loginform.ws?mod=www&ssl=1&expired=0&dest=account_settings.ws
Title: Log In

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=sn-integration/a=870/google/gamelogin.ws?mod=www&ssl=1&dest=account_settings.ws
Title: Log In

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=account-creation/a=870/create_account
Title: Create an account

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://url.mills.io/r/NwmBu HTTP 302
https://joo.gl/qDeT HTTP 301
https://secure.runescape.com-iq.info/m=weblogin/loginform.ws522,273,499,43686631,253 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request loginform.ws522,273,499,43686631,253 Show response
secure.runescape.com-iq.info/m=weblogin/
Redirect Chain

https://url.mills.io/r/NwmBu
https://joo.gl/qDeT
https://secure.runescape.com-iq.info/m=weblogin/loginform.ws522,273,499,43686631,253

2 MB
410 KB

941ms
826ms

Document
text/html

78.142.29.4
VERDINA

General

secure.runescape.com-iq.info Open in urlscan Pro 78.142.29.4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

4 IPs

4 Countries

1902 kBTransfer

6665 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

secure.runescape.com-iq.info Open in urlscan Pro
78.142.29.4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

1902 kB
Transfer

6665 kB
Size

1
Cookies

18 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!