![](/screenshots/19bda3b8-4fb8-45b3-83be-5e1a1a369b1d.png)
promorobux.online
Open in
urlscan Pro
142.44.246.21
Malicious Activity!
Public Scan
Submission: On July 19 via api from US — Scanned from CA
Summary
TLS certificate: Issued by R3 on July 17th 2023. Valid for: 3 months.
This is the only time promorobux.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Roblox (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 142.44.246.21 142.44.246.21 | 16276 (OVH) (OVH) | |
2 | 2606:4700::68... 2606:4700::6810:7aaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2600:1400:900... 2600:1400:9000::687e:75b3 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a04:4e42:600... 2a04:4e42:600::485 | 54113 (FASTLY) (FASTLY) | |
1 | 23.47.144.76 23.47.144.76 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.207.254.77 104.207.254.77 | 36444 (NEXCESS-NET) (NEXCESS-NET) | |
1 | 199.34.228.54 199.34.228.54 | 27647 (WEEBLY) (WEEBLY) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:4645 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.0.77.2 192.0.77.2 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
11 | 9 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-47-144-76.deploy.static.akamaitechnologies.com
sm.ign.com |
ASN36444 (NEXCESS-NET, US)
PTR: cloudhost-180831.us-midwest-1.nxcli.net
portalmaratimba.com.br |
ASN27647 (WEEBLY, US)
PTR: pages-wildcard-2.weebly.com
robuxgratis-real.weebly.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
rbxcdn.com
images.rbxcdn.com — Cisco Umbrella Rank: 18626 |
438 KB |
2 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 942 |
125 KB |
1 |
wp.com
i0.wp.com — Cisco Umbrella Rank: 3445 |
29 KB |
1 |
tecnoblog.net
files.tecnoblog.net — Cisco Umbrella Rank: 887279 |
83 KB |
1 |
weebly.com
robuxgratis-real.weebly.com |
116 KB |
1 |
portalmaratimba.com.br
portalmaratimba.com.br |
69 KB |
1 |
ign.com
sm.ign.com — Cisco Umbrella Rank: 260428 |
202 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 367 |
12 KB |
1 |
promorobux.online
promorobux.online |
5 KB |
11 | 9 |
Domain | Requested by | |
---|---|---|
2 | images.rbxcdn.com |
promorobux.online
|
2 | unpkg.com |
promorobux.online
unpkg.com |
1 | i0.wp.com |
promorobux.online
|
1 | files.tecnoblog.net |
promorobux.online
|
1 | robuxgratis-real.weebly.com |
promorobux.online
|
1 | portalmaratimba.com.br |
promorobux.online
|
1 | sm.ign.com |
promorobux.online
|
1 | cdn.jsdelivr.net |
promorobux.online
|
1 | promorobux.online | |
11 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
promorobux.online R3 |
2023-07-17 - 2023-10-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
*.rbxcdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-04-06 - 2024-04-06 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
www.ziffdavis.com COMODO RSA Organization Validation Secure Server CA |
2022-08-31 - 2023-08-31 |
a year | crt.sh |
portalmaratimba.com.br R3 |
2023-07-17 - 2023-10-15 |
3 months | crt.sh |
*.weebly.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-09 - 2023-11-10 |
a year | crt.sh |
tecnoblog.net Cloudflare Inc ECC CA-3 |
2023-04-07 - 2024-04-06 |
a year | crt.sh |
*.wp.com Sectigo ECC Domain Validation Secure Server CA |
2022-11-14 - 2023-12-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://promorobux.online/
Frame ID: 77DBFB431BA54E9D2E087208AA62AC18
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/19bda3b8-4fb8-45b3-83be-5e1a1a369b1d.png)
Page Title
RobloxDetected technologies
Detected patterns
- /wp-(?:content|includes)/
Slick (JavaScript Libraries) Expand
Detected patterns
- (?:/([\d.]+))?/slick(?:\.min)?\.js
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
promorobux.online/ |
20 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boxicons.min.css
unpkg.com/boxicons@2.1.4/css/ |
66 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d82801b936c26e174c4e782510a72d78-roblox_logo_dark_08292022.svg
images.rbxcdn.com/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick.min.js
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ |
42 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
782b7fc18a24ee997efd9a7f02fa4bf9-bg_08072019.jpg
images.rbxcdn.com/ |
435 KB 436 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
how-players-will-shape-video-games-next-big-thing_2cfs.jpg
sm.ign.com/ign_ap/opinion/h/how-player/ |
201 KB 202 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1000-robux-gratis-2.jpg
portalmaratimba.com.br/wp-content/uploads/2020/11/ |
68 KB 69 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
annotation-2021-02-25-161438_1.jpg
robuxgratis-real.weebly.com/uploads/1/3/6/4/136416433/ |
116 KB 116 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roblox-jailbreak-340x191.png
files.tecnoblog.net/wp-content/uploads/2021/04/ |
82 KB 83 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Panik.jpg
i0.wp.com/psverso.com.br/wp-content/uploads/2022/09/ |
29 KB 29 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boxicons.woff2
unpkg.com/boxicons@2.1.4/fonts/ |
113 KB 113 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Roblox (Gaming)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| scrollToDiv object| modal object| btn object| span function| openModal function| closeModal function| send_handle0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
files.tecnoblog.net
i0.wp.com
images.rbxcdn.com
portalmaratimba.com.br
promorobux.online
robuxgratis-real.weebly.com
sm.ign.com
unpkg.com
104.207.254.77
142.44.246.21
192.0.77.2
199.34.228.54
23.47.144.76
2600:1400:9000::687e:75b3
2606:4700:20::ac43:4645
2606:4700::6810:7aaf
2a04:4e42:600::485
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
4b87cbc74f3ffaf08314a5d81b501be6fc36f553dbe446ef5a4b29f0138ba0b0
620eea24b0cee1d8cc8395c80f295cf2e7b6fab962493c26b49a8d42b63a4dc9
75de345e3c49ed9c7f2229e52fc3128b9a89301512a033d1a8b4e0502ef4230f
819ca4610b75b14919cbd9c92836d7ad3608b690bf0f4f1e6ad49713f645043b
9fb63d99569a203774603c83a12f25919ff2f06ff9dda94fbc46e388f9cd3204
ba3b8e5006aec0037e7c9453380e18a6facd28f8d71ffd3dfeb594938caa1374
bced4f47d901589a49473636aba134287a04e65e2647c6d3840aaae7c0b7d2a6
bed32e7d5b8680a6a2652ebc36cea43a2c2a1ebfa1d8e4c62387325a22618c6f
c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e
ede141dcb398e2bd67c0c427ff81b22e9052b3a4e484d47b990ed21273e7ef40