0/100

low Risk

www.pvmboost.com

https://www.pvmboost.com/

198.185.159.145 · Squarespace, Inc.

Location

New York, United States

Domain Age

241 days

HTTP

200 · 25.1s

SSL

Valid· R12, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Pvmboost The #1 Remote Boosting service for OSRS"

Save

Registered-domain escalation

Submit pvmboost.com as the primary IOC, enriched with evidence from hostile subdomains like www.pvmboost.com.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Pvmboost

Unknown

Summary

The page presents branding for "Pvmboost The #1 Remote Boosting service for OSRS" and visually imitates a branded OSRS boosting service. However, the domain www.pvmboost.com is not an official OSRS brand site; the page uses Squarespace hosting and includes multiple analytics/ad scripts. The screenshot along with the page title and content indicates a remote boosting service rather than a conventional credential phishing flow, but the visual impersonation of OSRS-themed UI raises impersonation concerns. No explicit credential harvesting form or login capture is observed in static HTML, but POST endpoints and extensive third-party tracking suggest data-exfiltration risk via analytics, while the form present does not collect credentials. Given the evidence, this appears to be a potentially abusive first-party service rather than a classic credential-phishing site on an impersonated brand, though impersonation signals are present.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://www.pvmboost.com/api/census/RecordHit, https://www.pvmboost.com/api/census/button-render, https://www.google.com/ccm/collect?rcb=15&frm=0&en=page_view&dl=https%3A%2F%2Fwww.pvmboost.com%2F&scrsrc=www.googletagmanager.com&rnd=1374619218.1778333827&dt=Pvmboost%20The%20%231%20Remote%20Boosting%20service%20for%20OSRS&auid=1079647906.1778333827&navt=n&npa=0&gtm=45be6562v9178827912za200zd9178827912xec&gcd=13l3l3l3l1l1&dma=0&tag_exp=0~115938466~115938468~118463262&apve=1&apvf=f&apvc=1&tids=AW-11022390371&tid=AW-11022390371&tft=1778333827299&tfd=1886.

▸Distinctive asset clues: jquery-3.7.1.min.js, WmPECcaukQQg48EYBCCnSAV8mLMrRd-l3SIsZcRz4RJfeCwgfFHN4UJLFRbh52jhWDm8Z26kZQyyw2waFQqhw2MtZR6XZQZ8FyGMJy80ZWm8OAyyjWwlZa4ziemD-kuq-WF3deBoJ6uydeuySPukZAZTdcmqJ6mldaszSKJbjAoEZA81ZAtlZa4ziemD-kGHfwKXMyMMeM96MKGHfwkXMyMMeMS6MKGHfwcXMyMMeMv6MKGHfwhXMyMMegI6MKGHf4LgMsMgeMb6MKG4fHUoIMJjgfMfH6qJrhIbMU6IJMHbMpHi6vje.js, static.css, website.components.button.styles.css, 111.png, PIvcsNm.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 1

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 126

Hosts: 16

Domains: 13

Suspicious Endpoints

hxxps://www[.]pvmboost[.]com/api/census/RecordHit

hxxps://www[.]pvmboost[.]com/api/census/button-render

hxxps://www[.]pvmboost[.]com/

Attack Techniques (2)

Brand impersonation signals via OSRS-themed UI and branding on a domain that is not an official OSRS or trusted booster brand.POST requests to /api/census endpoints and page view analytics indicating exfiltration/telemetry collection even without visible credential fields.

Indicators of Compromise (2)

▸Page title: 'Pvmboost The #1 Remote Boosting service for OSRS' indicating impersonation of OSRS boosting concept.

▸Visual screenshot shows a game-like, OSRS-themed interface and characters; possible impersonation of OSRS brand look-and-feel.

Risk AssessmentUsed in abuse reports

The site presents OSRS-boosting branding on a domain not clearly affiliated with the official OSRS or recognized trusted service, with multiple external data-collection endpoints and a live chat widget, indicating data exfiltration risk and potential abuse. The visual impersonation signals and the presence of census/analytics endpoints justify elevated concern. While there is no explicit credential harvesting form detected in the static HTML, the combination of impersonation cues, dynamic content, and extensive third-party scripts warrants monitoring and potential action if further evidence confirms credential harvesting or illicit service activity. Recommend monitoring and preparing abuse reports if additional indicators of credential theft or scam behavior emerge; consider domain-level actions if impersonation patterns persist.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence