urlscan.io logo urlscan.io
SecurityTrails logo

secure-oldschool.com-gb-er80uf.world Open in urlscan Pro
2606:4700:3034::ac43:9263  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://secure-oldschool.com-gb-er80uf.world/
Submission: On May 05 via automatic, source certstream-suspicious — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3034::ac43:9263, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure-oldschool.com-gb-er80uf.world.
TLS certificate: Issued by GTS CA 1P5 on April 14th 2024. Valid for: 3 months.
This is the only time secure-oldschool.com-gb-er80uf.world was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Jagex (Gaming)

Domain & IP information

IP Address AS Autonomous System
7 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
9 3
Domain Requested by
7 secure-oldschool.com-gb-er80uf.world secure-oldschool.com-gb-er80uf.world
1 fonts.googleapis.com secure-oldschool.com-gb-er80uf.world
0 secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app Failed
9 3

This site contains links to these domains. Also see Links.

Domain
account.jagex.com
support.runescape.com
Subject Issuer Validity Valid
com-gb-er80uf.world
GTS CA 1P5		 2024-04-14 -
2024-07-13		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://secure-oldschool.com-gb-er80uf.world/
Frame ID: 0698710518F49A5840A1BC8BC74B8C8B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Choose how to log in | Jagex

Page Statistics

9
Requests

89 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

664 kB
Transfer

685 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
secure-oldschool.com-gb-er80uf.world/ 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure-oldschool.com-gb-er80uf.world/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a117b8212c514c7fddf08e2d9b73666a2495e89435c884be698ee45d693e0e4

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87edb28b2f98419b-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 05 May 2024 03:38:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fXFsJTbOLV1lqrNxIsU77FnZq%2BI9r6UuxiKdVqvCR259r%2B0MQzy4ZSmMkBH%2B9hr20F0AJkHjWZqQ8zNVR1Vx68G7mg3gqXnJdWPI35s2KQ1DxzVN2oAZeQpXpK8TDOdSAO%2FIa87f3CmjixvBv7W86Irp8vpJnAP4Ofeed%2BgrcH9Ydk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
style.css
secure-oldschool.com-gb-er80uf.world/css/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure-oldschool.com-gb-er80uf.world/css/style.css
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83e5d5e4b88038dc4cbd109837d41cd93b691b00b99e5ba47e0964fe8e086b43

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:38:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 05 May 2024 03:36:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6636fea8-2c6b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npoNQ0wrRkDf8%2BPN6dR6wBsyE7T4%2FmR7QPwot9%2B4ZXOA5wyRg5Qk%2B%2BobAQST0lNgfP%2F9Du1CGk96RroKkl0i9sFSbv5uvnyu22SbTDLvsLxwJUnypkiwO3Kmmq0E%2FeWzkxI9p%2BxFSpe2fM4lR2Sie8c9f%2BcX1ev8Wn8KxbznaLunplw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
cf-ray
87edb28c2847419b-LHR
alt-svc
h3=":443"; ma=86400
expires
Mon, 06 May 2024 03:38:24 GMT
logo00.png
secure-oldschool.com-gb-er80uf.world/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-oldschool.com-gb-er80uf.world/img/logo00.png
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f4c61331bef35ae6ac7d771b22d657b4c4d9e4c579707f581f6a60388f623b0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:38:24 GMT
cf-cache-status
MISS
last-modified
Sun, 05 May 2024 03:36:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6636fea8-1feb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GWgyu%2F83zTK6o%2FqqRHKAwUS1Txzko5S9iqO5RQw%2FmYm0LqoNgJlskkj9AX7dd%2FlC5CT9nhgT7NTw62cIO%2BH0zcWl0BekE0Rf2xj8oGO%2BpcrQG%2F%2F1Dt%2B12YnIR2%2BFWJNpWObmqHO5mWCe2UpONMtOPUSjISklB47QGTeIV3n%2BX6Fm1fY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
87edb28c2848419b-LHR
alt-svc
h3=":443"; ma=86400
content-length
8171
expires
Mon, 06 May 2024 03:38:24 GMT
google.svg
secure-oldschool.com-gb-er80uf.world/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-oldschool.com-gb-er80uf.world/img/google.svg
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
855e6240fe4711ba3cdb368d99ddb0b718b33123a14e5e60e5e8a5bcfe53d05e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:38:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 05 May 2024 03:36:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6636fea8-422"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HYl1kCiXY%2FWJaPjUZp4zRg%2FLRlB2nVOiui2rh%2FZMRCD4KKig6ZlvxmhVjgZsV9wxz9dIK9EbMyWaYqkpVNkV74Sy7u9xPamnUQRfAYsFFpZudu%2FKGJ6yGiOoXUPxgKBjJDuaRifR3mDgoms3KMIDaN3mGrXkEZX1v6mW%2FMTYND%2BcKZI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=86400
cf-ray
87edb28c585a419b-LHR
alt-svc
h3=":443"; ma=86400
expires
Mon, 06 May 2024 03:38:24 GMT
script.js
secure-oldschool.com-gb-er80uf.world/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure-oldschool.com-gb-er80uf.world/js/script.js
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3062cd4f6bc82aee93d9456d82fbeee5c7baa2c5205167b09d4c008e49dc8d4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:38:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 05 May 2024 03:36:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6636fea8-1715"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R328DuNIQWRD%2FWZ3VJs1Vh4Fg4ibFsLDPvHqSh7ToHa8wll8PoXbeyqi1uzTqgk%2FD0zlPnOV7dkY82SZbdQfD7sGSLdORerLUYlDrb0VovvQFYuoE%2BnusD3HFcC1CYibHdZrr%2FLjyAbJ9n5ST02757%2BylgJj1hvzKkFBv6dPrYzwA8M%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
cf-ray
87edb28c284a419b-LHR
alt-svc
h3=":443"; ma=86400
expires
Mon, 06 May 2024 03:38:24 GMT
css2
fonts.googleapis.com/ 		809 B
817 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Cinzel:wght@500&display=swap
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
37c6d3ab4f48ead6ca244e360fdb63d8128d7b63f73b273b44d08af32e180560
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sun, 05 May 2024 03:38:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 05 May 2024 03:38:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 05 May 2024 03:38:24 GMT
bg.jpg
secure-oldschool.com-gb-er80uf.world/img/ 		637 KB
637 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-oldschool.com-gb-er80uf.world/img/bg.jpg
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8d65bc2f13c539bedd1b6f092520e61ec64be53dd2a40f746139a8ff6ea6575

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/css/style.css
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:38:24 GMT
cf-cache-status
MISS
last-modified
Sun, 05 May 2024 03:36:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6636fea8-9f267"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4UCH9tjU%2FPTFIFeFA7d0DJ6%2BsEedN4S8BET3oXkcmusWdp0j9Nz9Lt7rBt%2Ff5m1TwZzus9RGnGo4oMYKfClLICg943EIASYP79iLRvps%2BPV1NgCG17IA%2FLq0sWC%2Fohk0xPrxnFJY2lEvO1n1po9Z41eC1do%2Fhu8BpHKSSdTa5lJVi54%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
87edb28e8991419b-LHR
alt-svc
h3=":443"; ma=86400
content-length
651879
expires
Mon, 06 May 2024 03:38:24 GMT
regular.otf
secure-oldschool.com-gb-er80uf.world/font/bagu/ 		10 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://secure-oldschool.com-gb-er80uf.world/font/bagu/regular.otf
Requested by
Host: secure-oldschool.com-gb-er80uf.world
URL: https://secure-oldschool.com-gb-er80uf.world/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9263 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb2e2af98510278af5f5d12575b1743982cd8648b0c67fc7a279180eff21f6c6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure-oldschool.com-gb-er80uf.world/css/style.css
Origin
https://secure-oldschool.com-gb-er80uf.world
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:38:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 05 May 2024 03:36:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2958-617aca74b9b48"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g22COGTPLCodX3cKdvPQUZEk1%2Bp39TlTQNhY5YyuYvmvSxcIZAibRm2UrsxawtLa6owoDv5J07QXTGBkqhStFSvWE8oPxyw3kb3eMZ16AVSv2pZ5Coi6fr8syThNa%2FDCLlMsMgCWJdnddGtcUatY14HIxUT72GFNh%2F%2FcY5tQ2j2zf%2Bw%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
87edb28e999a419b-LHR
alt-svc
h3=":443"; ma=86400
favi.svg
secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app/GB/loginjppLoginFlowId/365usMW5E9PwBi9mdVKy2eflowweb&authMethodform/e3f11c2417ce4289aa3c4bab78f18f19ga2608805117842816401693865651/img/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app
URL
https://secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app/GB/loginjppLoginFlowId/365usMW5E9PwBi9mdVKy2eflowweb&authMethodform/e3f11c2417ce4289aa3c4bab78f18f19ga2608805117842816401693865651/img/favi.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Jagex (Gaming)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateEmail function| showErrorMessageEmail function| hideErrorMessageEmail object| ver function| showErrorMessageUsername function| hideErrorMessageUsername function| change_email function| change_username object| add object| box object| conta object| inpu object| lb function| hidePreloader

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://secure.oldschool.com-gb-en20uf537425-e6325y4d9285743.ngrok.app/GB/loginjppLoginFlowId/365usMW5E9PwBi9mdVKy2eflowweb&authMethodform/e3f11c2417ce4289aa3c4bab78f18f19ga2608805117842816401693865651/img/favi.svg
Message:
Failed to load resource: net::ERR_CONNECTION_CLOSED