promorobux.online Open in urlscan Pro
142.44.246.21  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response promorobux.online/	20 KB 5 KB	215ms 22ms	Document text/html	142.44.246.21 OVH
General Check archive.org Show headers Download Go to Full URL https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 142.44.246.21 , Canada, ASN16276 (OVH, FR), Reverse DNS vps-b4f9667c.vps.ovh.ca Software nginx / PleskLin Resource Hash 75de345e3c49ed9c7f2229e52fc3128b9a89301512a033d1a8b4e0502ef4230f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers content-encoding br content-type text/html date Wed, 19 Jul 2023 11:06:27 GMT etag W/"64b581f7-50bd" last-modified Mon, 17 Jul 2023 18:01:27 GMT server nginx x-powered-by PleskLin
GET H2	200	boxicons.min.css unpkg.com/boxicons@2.1.4/css/	66 KB 12 KB	59ms 25ms	Stylesheet text/css	2606:4700::6810:7aaf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/boxicons@2.1.4/css/boxicons.min.css Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 620eea24b0cee1d8cc8395c80f295cf2e7b6fab962493c26b49a8d42b63a4dc9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers date Wed, 19 Jul 2023 11:06:27 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT content-encoding br strict-transport-security max-age=31536000; includeSubDomains; preload age 26163675 last-modified Sat, 26 Oct 1985 08:15:00 GMT fly-request-id 01GDB5MEMZ421VFZJ6H8AQXX6A-yul server cloudflare etag W/"109bc-IH/O3L/2oFuyFxGxc9h5/AQWzS0" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 7e927ec03a1c33f1-YUL
GET H2	200	d82801b936c26e174c4e782510a72d78-roblox_logo_dark_08292022.svg images.rbxcdn.com/	2 KB 2 KB	301ms 30ms	Image image/svg+xml	2600:1400:9000::687e:75b3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://images.rbxcdn.com/d82801b936c26e174c4e782510a72d78-roblox_logo_dark_08292022.svg Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:9000::687e:75b3 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash ba3b8e5006aec0037e7c9453380e18a6facd28f8d71ffd3dfeb594938caa1374 Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers x-amz-version-id XIBX1JsQ3cucuSxM3Jd_lIW2bXR1WWUq date Wed, 19 Jul 2023 11:06:27 GMT last-modified Thu, 01 Sep 2022 16:27:51 GMT server AmazonS3 x-amz-request-id RZN6137J0ZW70KPJ etag "d82801b936c26e174c4e782510a72d78" content-type image/svg+xml cache-control public, max-age=29941757 accept-ranges bytes content-length 2183 x-amz-id-2 w/UINw5LI1Nz/9Sj3xS8PwUX4EprQAUHqdYI/TApjx49JPktuSH1izhUbz7nyIcJ5JClK21orCY=
GET H2	200	slick.min.js Show response cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/	42 KB 12 KB	67ms 16ms	Script application/javascript	2a04:4e42:600::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 19 Jul 2023 11:06:27 GMT x-content-type-options nosniff content-encoding br age 6587344 x-jsd-version 1.8.1 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 11325 x-served-by cache-fra-eddf8230096-FRA, cache-yyz4528-YYZ x-jsd-version-type version etag W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	782b7fc18a24ee997efd9a7f02fa4bf9-bg_08072019.jpg images.rbxcdn.com/	435 KB 436 KB	243ms 36ms	Image image/jpeg	2600:1400:9000::687e:75b3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://images.rbxcdn.com/782b7fc18a24ee997efd9a7f02fa4bf9-bg_08072019.jpg Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:9000::687e:75b3 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers x-amz-version-id TdbpQdhtcEFlPB5uZ7cnbI7.cIZ.kWh3 date Wed, 19 Jul 2023 11:06:27 GMT last-modified Fri, 23 Aug 2019 01:04:23 GMT server AmazonS3 x-amz-request-id DTAZHZ94BH7RPEVW etag "782b7fc18a24ee997efd9a7f02fa4bf9" content-type image/jpeg cache-control public, max-age=31024345 accept-ranges bytes content-length 445602 x-amz-id-2 60xJsuf9cbYK9b9346bHcu1rz2b6lPzFeVFcLepiAyQbiAR03dMZaxwRdoQUuveC7qxTqOGEVs8=
GET H2	200	how-players-will-shape-video-games-next-big-thing_2cfs.jpg sm.ign.com/ign_ap/opinion/h/how-player/	201 KB 202 KB	230ms 24ms	Image image/jpeg	23.47.144.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sm.ign.com/ign_ap/opinion/h/how-player/how-players-will-shape-video-games-next-big-thing_2cfs.jpg Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.47.144.76 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-47-144-76.deploy.static.akamaitechnologies.com Software / Resource Hash bced4f47d901589a49473636aba134287a04e65e2647c6d3840aaae7c0b7d2a6 Security Headers Name Value Strict-Transport-Security max-age=86400 ; preload Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers date Wed, 19 Jul 2023 11:06:27 GMT strict-transport-security max-age=86400 ; preload last-modified Tue, 28 Feb 2023 01:36:37 GMT etag "8df3cc23803e7e00871750d7f6a6ced9" x-amz-server-side-encryption AES256 content-type image/jpeg cache-control max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=93600 content-length 206275 expires Thu, 18 Jul 2024 11:06:27 GMT
GET H2	200	1000-robux-gratis-2.jpg portalmaratimba.com.br/wp-content/uploads/2020/11/	68 KB 69 KB	570ms 48ms	Image image/webp	104.207.254.77 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://portalmaratimba.com.br/wp-content/uploads/2020/11/1000-robux-gratis-2.jpg Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.207.254.77 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-180831.us-midwest-1.nxcli.net Software nginx / Resource Hash 9fb63d99569a203774603c83a12f25919ff2f06ff9dda94fbc46e388f9cd3204 Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers date Wed, 19 Jul 2023 11:06:27 GMT last-modified Mon, 21 Mar 2022 00:35:43 GMT server nginx vary Accept,X-Forwarded-Proto,Accept-Encoding x-cache-nxaccel MISS content-type image/webp cache-control max-age=10368000 accept-ranges bytes content-length 70002 expires Thu, 16 Nov 2023 11:06:27 GMT
GET H/1.1	200 OK	annotation-2021-02-25-161438_1.jpg robuxgratis-real.weebly.com/uploads/1/3/6/4/136416433/	116 KB 116 KB	364ms 118ms	Image image/jpeg	199.34.228.54 WEEBLY
General Check archive.org Show headers Download Go to Show image Full URL https://robuxgratis-real.weebly.com/uploads/1/3/6/4/136416433/annotation-2021-02-25-161438_1.jpg Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 199.34.228.54 , United States, ASN27647 (WEEBLY, US), Reverse DNS pages-wildcard-2.weebly.com Software nginx / Resource Hash ede141dcb398e2bd67c0c427ff81b22e9052b3a4e484d47b990ed21273e7ef40 Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers Date Wed, 19 Jul 2023 11:06:27 GMT X-Storage-Object ede141dcb398e2bd67c0c427ff81b22e9052b3a4e484d47b990ed21273e7ef40 Last-Modified Thu, 25 Feb 2021 11:16:06 GMT Server nginx x-amz-request-id tx000004dd87141c28697e0-0064b37e3d-db1a051-sfo1 ETag "f3e34058a4fd40f2d4b091ce0d3d943d" Content-Type image/jpeg x-rgw-object-type Normal X-Storage-Bucket zede1 X-Host blu84.sf2p.intern.weebly.net Connection keep-alive Accept-Ranges bytes Content-Length 118631
GET H2	200	roblox-jailbreak-340x191.png files.tecnoblog.net/wp-content/uploads/2021/04/	82 KB 83 KB	252ms 48ms	Image image/webp	2606:4700:20::ac43:4645 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://files.tecnoblog.net/wp-content/uploads/2021/04/roblox-jailbreak-340x191.png Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4645 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 819ca4610b75b14919cbd9c92836d7ad3608b690bf0f4f1e6ad49713f645043b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers date Wed, 19 Jul 2023 11:06:27 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id A966141BFF6F1A57 cf-polished origFmt=png, origSize=120354 content-disposition inline; filename="roblox-jailbreak-340x191.webp" alt-svc h3=":443"; ma=86400 content-length 84436 x-amz-id-2 xPrGBQbd7pRCMLbmyCGacOzSHtMVYr2e/xaQO8N8RyQ4KKgaOcCd4ngHS2gb0OT0STaA7+tsLcv7 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin cf-bgj imgq:100,h2pri last-modified Sat, 31 Dec 2022 16:11:39 GMT server cloudflare etag "baf0da6cffe826c668283b6121949c77" vary Accept report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IM5fTBXdEl4dY77MNh7lMJdnHYOYh729cEyKJDxV8Be9odqZIzwy6UUS7X9ztwDySw7pw3bbeGSpicKmj22dyWMoeDZCD2UObYtC%2BhhdNSvL3afcUHOKWr31OXRQtXqkt4sROTsU7aG9jwBZyXVGI0k%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 7e927ec1bacb0fa4-EWR x-amz-meta-mtime 1635587784.187
GET H2	200	Panik.jpg i0.wp.com/psverso.com.br/wp-content/uploads/2022/09/	29 KB 29 KB	54ms 16ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/psverso.com.br/wp-content/uploads/2022/09/Panik.jpg?fit=768%2C432&ssl=1 Requested by Host: promorobux.online URL: https://promorobux.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i2.wp.com Software nginx / Resource Hash bed32e7d5b8680a6a2652ebc36cea43a2c2a1ebfa1d8e4c62387325a22618c6f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-CA,en;q=0.9 Referer https://promorobux.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers x-nc HIT yyz 2 date Wed, 19 Jul 2023 11:06:27 GMT x-content-type-options nosniff last-modified Sun, 16 Jul 2023 17:54:16 GMT server nginx etag "348e967a767aa1bd" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://psverso.com.br/wp-content/uploads/2022/09/Panik.jpg>; rel="canonical" content-length 29734 expires Wed, 16 Jul 2025 05:54:16 GMT
GET H2	200	boxicons.woff2 unpkg.com/boxicons@2.1.4/fonts/	113 KB 113 KB	70ms 48ms	Font font/woff2	2606:4700::6810:7aaf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/boxicons@2.1.4/fonts/boxicons.woff2 Requested by Host: unpkg.com URL: https://unpkg.com/boxicons@2.1.4/css/boxicons.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b87cbc74f3ffaf08314a5d81b501be6fc36f553dbe446ef5a4b29f0138ba0b0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://unpkg.com/boxicons@2.1.4/css/boxicons.min.css Origin https://promorobux.online accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers date Wed, 19 Jul 2023 11:06:27 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 26161724 content-length 115680 last-modified Sat, 26 Oct 1985 08:15:00 GMT fly-request-id 01GDB7G9F02C4TFQGRME5N4CGD-yul server cloudflare etag "1c3e0-dYYItuOc1CPdme7DmA+Oiq4NlrA" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7e927ec09bb333ee-YUL

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Roblox (Gaming)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| scrollToDiv object| modal object| btn object| span function| openModal function| closeModal function| send_handle

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
files.tecnoblog.net
i0.wp.com
images.rbxcdn.com
portalmaratimba.com.br
promorobux.online
robuxgratis-real.weebly.com
sm.ign.com
unpkg.com
104.207.254.77
142.44.246.21
192.0.77.2
199.34.228.54
23.47.144.76
2600:1400:9000::687e:75b3
2606:4700:20::ac43:4645
2606:4700::6810:7aaf
2a04:4e42:600::485
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
4b87cbc74f3ffaf08314a5d81b501be6fc36f553dbe446ef5a4b29f0138ba0b0
620eea24b0cee1d8cc8395c80f295cf2e7b6fab962493c26b49a8d42b63a4dc9
75de345e3c49ed9c7f2229e52fc3128b9a89301512a033d1a8b4e0502ef4230f
819ca4610b75b14919cbd9c92836d7ad3608b690bf0f4f1e6ad49713f645043b
9fb63d99569a203774603c83a12f25919ff2f06ff9dda94fbc46e388f9cd3204
ba3b8e5006aec0037e7c9453380e18a6facd28f8d71ffd3dfeb594938caa1374
bced4f47d901589a49473636aba134287a04e65e2647c6d3840aaae7c0b7d2a6
bed32e7d5b8680a6a2652ebc36cea43a2c2a1ebfa1d8e4c62387325a22618c6f
c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e
ede141dcb398e2bd67c0c427ff81b22e9052b3a4e484d47b990ed21273e7ef40