sammichscripts.com

https://sammichscripts.com/

172.67.174.4 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

2296 days

HTTP

200 · 17.1s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "SammichsScripts – OSRS Scripts"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

SammichScripts

Vendors

26/26

Status

completed

✓ sophos✓ apwg✓ apple✓ spamhaus✓ emsisoft✓ openphish✓ urlscan✓ netcraft✓ mcafee✓ phishtank✓ virustotal✓ eset✓ yandex✓ cisa✓ microsoft✓ urlquery✓ phishreport✓ avast✓ google✓ avg✓ fortiguard✓ brightcloud✓ bitdefender✓ threatyeti✓ norton✓ urlabuse

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

SammichScripts

Credential Phishing

technology | ecommerce | entertainment | gaming · 4/5/2026

Summary

This site sammichscripts.com presents itself as SammichScripts – OSRS Scripts, using a polished UI with branding and a page title that suggests a legitimate OSRS scripting service. The page visually clones a software/script shop aesthetic and appears to solicit user interactions that could capture credentials or payment information, despite no static HTML forms. The domain is not the official SammichScripts domain, and the screenshot shows a branded layout designed to resemble legitimate software storefronts, indicating impersonation and credential harvesting risk.

Attack Techniques (5)

Brand impersonation via visually similar UI and brandingSPA behavior with credential capture potentially implemented in loaded JavaScriptExternal script assets and bundled JS for dynamic content renderingSuspicious network activity including Cloudflare BEACON and unusual POST endpoints associated with anti-bot platformsUse of a previously registered domain with a long history and active SSL cert to appear trustworthy

Indicators of Compromise (6)

▸Domain: sammichscripts.com (suspect IOCs: domain used for impersonation)

▸Page title: SammichsScripts – OSRS Scripts (brand Target: SammichScripts) and visual branding in screenshot

▸External resources and scripts loaded from sammichscripts.com (branding assets, logos, scripts), no direct official domain for SammichScripts visible

▸POST requests to Cloudflare challenge-platform and rum endpoints (potential exfiltration/anti-bot interactions)

▸SSL cert issued to sammichscripts.com (valid Dec 27 2025 – Mar 27 2026) with Cloudflare hosting; domain age ~7 years

▸No static login form in HTML; SPA pattern with credentials potentially captured via dynamic JS

Risk AssessmentUsed in abuse reports

The domain sammichscripts.com is hosting a visually branded SPA that impersonates SammichScripts and OSRS scripting software. The page title and UI resemble a legitimate software storefront, but the domain is not the official SammichScripts site, creating a high impersonation risk. The static HTML contains no forms, yet multiple JavaScript bundles and dynamic assets are loaded, indicating the potential for credential collection within the SPA. The presence of unusual POST requests to Cloudflare challenge-platform endpoints and beacon scripts further supports suspicious activity. Given the impersonation signals and the brand mismatch, this domain should be suspended and hosting/providers alerted for credential phishing risk. The evidence includes the domain itself as an IOC, the brand impersonation evident from the page title and UI, and the external assets and network requests that align with a clones-like setup. The SSL cert is valid but issued to the suspected domain and not to an official SammichScripts entity, reinforcing phishing concerns.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence