pmodappl.us.lt Open in urlscan Pro
109.235.66.68 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://pmodappl.us.lt/index/index.html
Submission: On March 15 via manual (March 15th 2024, 3:21:27 pm UTC) from AU — Scanned from US

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 109.235.66.68, located in Lithuania and belongs to RACKRAY UAB Rakrejus, LT. The main domain is pmodappl.us.lt.

This is the only time pmodappl.us.lt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	109.235.66.68 109.235.66.68	62282 (RACKRAY U...) (RACKRAY UAB Rakrejus)
6	91.235.140.148 91.235.140.148	44521 (JAGEX-AS) (JAGEX-AS)
8	3

2 109.235.66.68 (Lithuania)

ASN62282 (RACKRAY UAB Rakrejus, LT)
PTR: mazda.us.lt

pmodappl.us.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 91.235.140.148 (United Kingdom)

ASN44521 (JAGEX-AS, GB)
PTR: nginx.web.any.jagex.com

www.runescape.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	runescape.com www.runescape.com — Cisco Umbrella Rank: 233433	627 KB
2	us.lt pmodappl.us.lt	1 KB
8	2

	Domain	Requested by
6	www.runescape.com	pmodappl.us.lt www.runescape.com
2	pmodappl.us.lt	pmodappl.us.lt
8	2

This site contains no links.

Subject Issuer	Validity	Valid
www.runescape.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-04` - `2024-10-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://pmodappl.us.lt/index/index.html
Frame ID: 22FE7C8ACA176C842004823481888E08
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Runescape Player Moderator invitation

Page Statistics

8
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

713 kB
Transfer

1107 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response pmodappl.us.lt/index/	3 KB 1 KB	458ms 144ms	Document text/html	109.235.66.68 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Full URL http://pmodappl.us.lt/index/index.html Protocol HTTP/1.1 Server 109.235.66.68 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS mazda.us.lt Software Apache/2 / Resource Hash `f050a0243705f05f9e0f007c0bfc75b6c2b29a315a3c563f14561e633671b238` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges bytes Connection Upgrade, Keep-Alive Content-Encoding gzip Content-Length 1114 Content-Type text/html Date Fri, 15 Mar 2024 15:21:20 GMT ETag "a96-6134f3dfdbfd9-gzip" Keep-Alive timeout=2, max=100 Last-Modified Sun, 10 Mar 2024 14:28:43 GMT Server Apache/2 Upgrade h2,h2c Vary Accept-Encoding,User-Agent
GET H/1.1	404 Not Found	Criciousand-meth-shake-Exit-be-till-in-ches-Shad pmodappl.us.lt/	0 0	146ms 145ms	Script text/html	109.235.66.68 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Full URL http://pmodappl.us.lt/Criciousand-meth-shake-Exit-be-till-in-ches-Shad Requested by Host: pmodappl.us.lt URL: http://pmodappl.us.lt/index/index.html Protocol HTTP/1.1 Server 109.235.66.68 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS mazda.us.lt Software Apache/2 / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer http://pmodappl.us.lt/index/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Content-Encoding gzip Server Apache/2 Vary Accept-Encoding,User-Agent Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 229
GET H/1.1	200 OK	vendor-134.css www.runescape.com/css/c/responsive/dual/	108 KB 15 KB	229ms 81ms	Stylesheet text/css	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/css/c/responsive/dual/vendor-134.css Requested by Host: pmodappl.us.lt URL: http://pmodappl.us.lt/index/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `3687b09c4994ffee6d6cc814f6096ff9bcf660d76f05f5e3a8240fa7ce7ae0bf` Request headers accept-language en-US,en;q=0.9 Referer http://pmodappl.us.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Content-Encoding gzip Last-modified Fri, 08-Mar-2024 15:15:20 GMT Server nginx Content-Type text/css; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 15009 Expires Fri, 15 Mar 2024 15:36:20 GMT
GET H/1.1	200 OK	site-134.css www.runescape.com/css/c/responsive/dual/	399 KB 98 KB	229ms 82ms	Stylesheet text/css	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Full URL https://www.runescape.com/css/c/responsive/dual/site-134.css Requested by Host: pmodappl.us.lt URL: http://pmodappl.us.lt/index/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `30ba861be995e2c6a3d2004e5bc4d51ab871a3656dde68069b57293f5101f9f3` Request headers accept-language en-US,en;q=0.9 Referer http://pmodappl.us.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Content-Encoding gzip Last-modified Fri, 08-Mar-2024 15:15:20 GMT Server nginx Content-Type text/css; charset=ISO-8859-1 Cache-control max-age=900, public Connection keep-alive Content-Length 100511 Expires Fri, 15 Mar 2024 15:36:20 GMT
GET H/1.1	200 OK	oldschool.png www.runescape.com/img/responsive/common/logos/	7 KB 7 KB	189ms 42ms	Image image/png	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/oldschool.png Requested by Host: pmodappl.us.lt URL: http://pmodappl.us.lt/index/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc` Request headers accept-language en-US,en;q=0.9 Referer http://pmodappl.us.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Last-modified Fri, 08-Mar-2024 15:15:03 GMT Server nginx Content-Type image/png Cache-control max-age=900, public Connection keep-alive Content-Length 7206 Expires Fri, 15 Mar 2024 15:36:20 GMT
GET H/1.1	200 OK	runescape.png www.runescape.com/img/responsive/common/logos/	3 KB 4 KB	190ms 42ms	Image image/png	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/logos/runescape.png Requested by Host: pmodappl.us.lt URL: http://pmodappl.us.lt/index/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3` Request headers accept-language en-US,en;q=0.9 Referer http://pmodappl.us.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Last-modified Fri, 08-Mar-2024 15:11:10 GMT Server nginx Content-Type image/png Cache-control max-age=900, public Connection keep-alive Content-Length 3375 Expires Fri, 15 Mar 2024 15:36:20 GMT
GET H/1.1	200 OK	tile.jpg www.runescape.com/img/responsive/runescape/backgrounds/	2 KB 2 KB	43ms 42ms	Image image/jpeg	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/runescape/backgrounds/tile.jpg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-134.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89` Request headers accept-language en-US,en;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-134.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Last-modified Fri, 08-Mar-2024 15:16:14 GMT Server nginx Content-Type image/jpeg Cache-control max-age=900, public Connection keep-alive Content-Length 1929 Expires Fri, 15 Mar 2024 15:36:20 GMT
GET H/1.1	200 OK	dual2022.jpg www.runescape.com/img/responsive/common/backgrounds/	501 KB 501 KB	43ms 43ms	Image image/jpeg	91.235.140.148 JAGEX-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.runescape.com/img/responsive/common/backgrounds/dual2022.jpg Requested by Host: www.runescape.com URL: https://www.runescape.com/css/c/responsive/dual/site-134.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 91.235.140.148 , United Kingdom, ASN44521 (JAGEX-AS, GB), Reverse DNS nginx.web.any.jagex.com Software nginx / Resource Hash `f42de956764030289b870040bbb2d1f75aac9af3a0c087a0f1609880147fd346` Request headers accept-language en-US,en;q=0.9 Referer https://www.runescape.com/css/c/responsive/dual/site-134.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Date Fri, 15 Mar 2024 15:21:20 GMT Last-modified Fri, 08-Mar-2024 15:13:44 GMT Server nginx Content-Type image/jpeg Cache-control max-age=900, public Connection keep-alive Content-Length 512711 Expires Fri, 15 Mar 2024 15:36:20 GMT
GET DATA	200 OK	truncated /	59 KB 59 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d` Request headers Referer Origin http://pmodappl.us.lt accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type application/x-font-woff
GET DATA	200 OK	truncated /	25 KB 25 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646` Request headers Referer Origin http://pmodappl.us.lt accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type application/x-font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Runescape (Online) Generic (Online) Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://pmodappl.us.lt/Criciousand-meth-shake-Exit-be-till-in-ches-Shad Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pmodappl.us.lt
www.runescape.com
109.235.66.68
91.235.140.148
1b89ca6caf8519eae363240a624f2139e5e5647adfe382b1c445734398d7f5fc
20c865ce77047a5c5803795945e97ee228b3a86bc72c6ac1779c96681e4ebac3
30ba861be995e2c6a3d2004e5bc4d51ab871a3656dde68069b57293f5101f9f3
3687b09c4994ffee6d6cc814f6096ff9bcf660d76f05f5e3a8240fa7ce7ae0bf
480f0c53edc1e4dfa14bc1479b8a298ecb4f4c5a92ba2917a3612eb8b242d13d
6865695148fa8984d5d3d639003a358bf01f2b89934b861d35d72fad4f341646
e48e93362cdac23391f9bb460098291904bcc73fb4f57446e22701860a07ed89
f050a0243705f05f9e0f007c0bfc75b6c2b29a315a3c563f14561e633671b238
f42de956764030289b870040bbb2d1f75aac9af3a0c087a0f1609880147fd346

pmodappl.us.lt Open in urlscan Pro 109.235.66.68 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

75 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

713 kBTransfer

1107 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

pmodappl.us.lt Open in urlscan Pro
109.235.66.68 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

713 kB
Transfer

1107 kB
Size

0
Cookies

8 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!