tr.ee

https://tr.ee/1mjROl

151.101.66.133 · Fastly, Inc.

Location

Montreal, Canada

Domain Age

—

HTTP

200 · 20.5s

SSL

Valid· R12, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Just a moment..."

Save

Domain Intelligence: tr.ee

Scanned 3 times since Mar 9, 2026, 01:27 AM UTC

⚠ Medium (48)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

IRS

Unknown

technology | finance | ecommerce | cryptocurrency | social_media · 4/15/2026

Summary

The scan shows a redirect to a suspicious domain and a page that visually resembles a login/verification flow, but the final URL and page title indicate a potential impersonation setup. The page title reads 'Just a moment...' and the final destination is a domain under gamingvote.com with OAuth-like query parameters, suggesting an OAuth/login redirection flow. Visual cues in the screenshot imply impersonation of a trusted portal (e.g., a login/verification UI), but the evidence is primarily redirect and SPA-like behavior rather than a clear credential form on the initial domain.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://oldschoolrsrunescapeosrs.gamingvote.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/b0a7532ac8ec/0.4651496206912751:1775952765:b2PvOvhHIRtrb3eyqLAc0yzRXeVgPafG2kJj5ksWdYs/9eae5763285e5ed0, https://oldschoolrsrunescapeosrs.gamingvote.com/cdn-cgi/rum?, https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2022786869:1775952764:VR7fkUbXQeTlET9yk2UnH-hwRED3vmdRgsRDUK3ZQTg/9eae576488840c9b/1mUYX9A1kTR8UWQVaiyO4yh2oYfYR3fExNjVGBCradU-1775956122-1.2.1.1-yJ5c_RhBpOzENy_sGVgSf.e2fuCAOdoS4BajVYA3zmSKkbXdpTPZLRHLheAh3KJh.

▸Distinctive asset clues: api.js, v8c78df7c7c0f484497ecbca7046644da1771523124516, 1, eHyFQaNsxQggUT-.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 17

Hosts: 4

Domains: 4

Attack Techniques (2)

SPA-style credential collection suspicion (0 static forms; credential UI rendered by JavaScript)Potential typosquat/brand impersonation signals via final URL and page title

Indicators of Compromise (1)

▸0 static login form in HTML; credential UI likely rendered by JS (SPA suspicion)

Risk AssessmentUsed in abuse reports

The domain tr.ee is a known link shortener, but the scan redirected to oldschoolrsrunescapeosrs.gamingvote.com with OAuth-like parameters and Cloudflare challenge endpoints. The final URL and SPA-style content strongly suggest an impersonation/credential-phishing setup, where the actual login UI would be rendered by client-side JavaScript on a non-official domain. The presence of Cloudflare challenge infrastructure and opaque POST endpoints increases suspicion of anti-scraping measures designed to mask credential collection. Given the impersonation indicators and redirected OAuth-like flow to a non-brand domain, this constitutes potential first-party abuse via credential phishing scaffolding. Recommend treating as suspicious/phishing activity and escalate for takedown action if corroborated by further evidence.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence