devtrackers.gg
[removed]
External link →[removed]
External link →Just hazarding a guess but because you're using the same e-mail address, the hijacker probably tried to log in and got an incorrect password message.
They likely thought that you didn't realize that you had removed the inbox rule from your e-mail account and tried to use it to send themselves a reset.
If you have any doubts about the safety of your account because of the e-mail I'd recommend setting up a new e-mail address dedicated to Runescape and put two-factor on it.
Great job reading into inbox rules though as they're quite commonly used and a lot of people don't realize this or even know they exist.