secure.runescape.com-qqb.icu Open in urlscan Pro
185.112.248.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://url.mills.io/r/0YnMw
Effective URL:
https://secure.runescape.com-qqb.icu/m=weblogin/c=FFGYMOkEkPL/loginform.php?mod=3483
Submission: On September 26 via manual (September 26th 2019, 9:02:46 pm UTC) from SE

Summary HTTP 20 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 5 countries across 7 domains to perform 20 HTTP transactions. The main IP is 185.112.248.43, located in Coventry, United Kingdom and belongs to B5DC, GB. The main domain is secure.runescape.com-qqb.icu.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 26th 2019. Valid for: 3 months.

This is the only time secure.runescape.com-qqb.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Runescape (Online) Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	150.101.179.235 150.101.179.235	4739 (INTERNODE...) (INTERNODE-AS Internode Pty Ltd)
1 1	2606:4700:30:... 2606:4700:30::681c:504	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
17	185.112.248.43 185.112.248.43	202939 (B5DC) (B5DC)
1	2a00:1450:400... 2a00:1450:4001:818::2004	() ()
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	185.29.135.234 185.29.135.234	30419 (MEDIAMATH...) (MEDIAMATH-INC - MediaMath Inc)
2 2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
20	5

1 150.101.179.235 (Hamilton, Australia) 1 redirects

ASN4739 (INTERNODE-AS Internode Pty Ltd, AU)
PTR: mail.lvrc.qld.gov.au

url.mills.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:504 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

joo.gl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 185.112.248.43 (Coventry, United Kingdom)

ASN202939 (B5DC, GB)
PTR: csh1.sharkserve.rs

secure.runescape.com-qqb.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany)

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.234 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)

u3s.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Ascension Island) 2 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	com-qqb.icu secure.runescape.com-qqb.icu	1020 KB
3	mathtag.com 3 redirects u3s.mathtag.com pixel.mathtag.com	2 KB
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	google.se www.google.se	418 B
1	google.com www.google.com	110 B
1	joo.gl 1 redirects joo.gl	603 B
1	mills.io 1 redirects url.mills.io	81 B
20	7

	Domain	Requested by
17	secure.runescape.com-qqb.icu	secure.runescape.com-qqb.icu
2	pixel.mathtag.com	2 redirects
1	pixel.rubiconproject.com	secure.runescape.com-qqb.icu
1	u3s.mathtag.com	1 redirects
1	www.google.se	secure.runescape.com-qqb.icu
1	www.google.com	secure.runescape.com-qqb.icu
1	joo.gl	1 redirects
1	url.mills.io	1 redirects
20	8

This site contains links to these domains. Also see Links.

Domain
www.runescape.com
secure.runescape.com

Subject Issuer	Validity	Valid
secure.runescape.com-qqb.icu Let's Encrypt Authority X3	`2019-09-26` - `2019-12-25`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.google.se GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh

This page contains 5 frames:

Primary Page: https://secure.runescape.com-qqb.icu/m=weblogin/c=FFGYMOkEkPL/loginform.php?mod=3483
Frame ID: E6912741601EBF0148AA281E1F63E458
Requests: 17 HTTP requests in this frame

Frame: https://secure.runescape.com-qqb.icu/loginform.php_files/j-GHT1gpo6-.html
Frame ID: DEE54030F65A6264514430026B894FEF
Requests: 1 HTTP requests in this frame

Frame: https://secure.runescape.com-qqb.icu/loginform.php_files/saved_resource.html
Frame ID: F243A4B895C9FA2E14FFB3C3433885FE
Requests: 1 HTTP requests in this frame

Frame: https://secure.runescape.com-qqb.icu/loginform.php_files/iframe.html
Frame ID: BC676696BC2A632920EC9F8925EB3FED
Requests: 2 HTTP requests in this frame

Frame: https://secure.runescape.com-qqb.icu/loginform.php_files/iframe(1).html
Frame ID: C095012257B57098B48A52CCCB826467
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://url.mills.io/r/0YnMw HTTP 302
https://joo.gl/FMAGn HTTP 301
https://secure.runescape.com-qqb.icu/m=weblogin/c=FFGYMOkEkPL/loginform.php?mod=3483 Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

20
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

5
IPs

5
Countries

1105 kB
Transfer

1100 kB
Size

3
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.runescape.com/
Title:

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=weblogin/cant_log_in
Title: Can't Log In?

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=weblogin/loginform?theme=runescape&mod=www&ssl=1&dest=community
Title: Log In

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=sn-integration/google/gamelogin.ws?mod=www&ssl=1&dest=community
Title: Log In

Search URL Search Domain Scan URL

URL: https://secure.runescape.com/m=account-creation/create_account?theme=runescape
Title: Create an account

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://url.mills.io/r/0YnMw HTTP 302
https://joo.gl/FMAGn HTTP 301
https://secure.runescape.com-qqb.icu/m=weblogin/c=FFGYMOkEkPL/loginform.php?mod=3483 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://u3s.mathtag.com/sync/img?adv=197730&uuid=24b25c02-6c04-4b00-af48-60d6fc832db3&mt_id=1276790&mt_nobot=1&passback=https://pixel.mathtag.com/sync/img%3Fsync%3Dauto%26stat%3Dbatch_supply_passback%26mt_nobot%3D1 HTTP 302
https://pixel.mathtag.com/sync/img?sync=auto&stat=batch_supply_passback&mt_nobot=1 HTTP 302
https://pixel.mathtag.com/sync/img?sync=auto&stat=batch_supply_passback&mt_nobot=1&mm_bnc&mm_bct&UUID=65655d8d-1b16-4300-9507-2cd606bc8663 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=65655d8d-1b16-4300-9507-2cd606bc8663&expires=28

20 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

404
Not Found

Primary Request

Cookie set loginform.php Show response
secure.runescape.com-qqb.icu/m=weblogin/c=FFGYMOkEkPL/
Redirect Chain

https://url.mills.io/r/0YnMw
https://joo.gl/FMAGn
https://secure.runescape.com-qqb.icu/m=weblogin/c=FFGYMOkEkPL/loginform.php?mod=3483

15 KB
15 KB

211ms
162ms

Document
text/html

185.112.248.43
B5DC

General

Domain/Path	Expires	Name / Value
.com-qqb.icu/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.com-qqb.icu/	1970-01-19 06:22:51	Name: _vis_opt_s Value: 1%7C
secure.runescape.com-qqb.icu/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6uib091fjrct39sn28rtn1tp24

secure.runescape.com-qqb.icu Open in urlscan Pro 185.112.248.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

38 %IPv6

7 Domains

8 Subdomains

5 IPs

5 Countries

1105 kBTransfer

1100 kBSize

3 Cookies

5 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

3 Cookies

Indicators

secure.runescape.com-qqb.icu Open in urlscan Pro
185.112.248.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

5
IPs

5
Countries

1105 kB
Transfer

1100 kB
Size

3
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!