www.robloxxexx.ml
Open in
urlscan Pro
199.36.158.100
Malicious Activity!
Public Scan
Effective URL: https://www.robloxxexx.ml/
Submission Tags: phishingrod
Submission: On May 17 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on May 16th 2023. Valid for: 3 months.
This is the only time www.robloxxexx.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
1 | 2600:9000:225... 2600:9000:2250:d000:7:68d6:a080:21 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 2600:9000:223... 2600:9000:223d:3800:15:7da0:ecc0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 52.219.113.48 52.219.113.48 | () () | |
3 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 8 |
ASN54113 (FASTLY, US)
robloxxexx.ga | |
www.robloxxexx.ga | |
www.robloxxexx.ml |
ASN16509 (AMAZON-02, US)
d1j9qsxe04m2ki.cloudfront.net |
ASN16509 (AMAZON-02, US)
d3ikgzh4osba2b.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cloudfront.net
d1j9qsxe04m2ki.cloudfront.net d3ikgzh4osba2b.cloudfront.net |
99 KB |
4 |
amazonaws.com
s3.us-west-1.amazonaws.com |
31 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199 |
52 KB |
2 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 320 fonts.googleapis.com — Cisco Umbrella Rank: 35 |
31 KB |
2 |
robloxxexx.ga
1 redirects
robloxxexx.ga www.robloxxexx.ga |
702 B |
1 |
robloxxexx.ml
www.robloxxexx.ml |
617 B |
22 | 6 |
Domain | Requested by | |
---|---|---|
5 | d3ikgzh4osba2b.cloudfront.net |
d1j9qsxe04m2ki.cloudfront.net
d3ikgzh4osba2b.cloudfront.net |
4 | s3.us-west-1.amazonaws.com |
d3ikgzh4osba2b.cloudfront.net
|
3 | cdnjs.cloudflare.com |
d3ikgzh4osba2b.cloudfront.net
|
1 | fonts.googleapis.com |
d3ikgzh4osba2b.cloudfront.net
|
1 | ajax.googleapis.com |
d3ikgzh4osba2b.cloudfront.net
|
1 | d1j9qsxe04m2ki.cloudfront.net |
www.robloxxexx.ml
|
1 | www.robloxxexx.ml | |
1 | www.robloxxexx.ga | |
1 | robloxxexx.ga | 1 redirects |
22 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
zelara.uk GTS CA 1D4 |
2023-03-30 - 2023-06-28 |
3 months | crt.sh |
www.attine.com GTS CA 1D4 |
2023-05-16 - 2023-08-14 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2022-12-08 - 2023-12-07 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
*.s3-us-west-1.amazonaws.com Amazon RSA 2048 M01 |
2023-04-11 - 2024-01-21 |
9 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.robloxxexx.ml/
Frame ID: DF40A4719BAE45B115FA9E5AD4A17710
Requests: 9 HTTP requests in this frame
Frame:
https://d3ikgzh4osba2b.cloudfront.net/public/ct?cpguid=c4jbeixy7&it=3266384&w=1600&h=1200&key=d67e9&m=0&r=%1D%01%01%05%06OZZ%02%02%02%5B%07%1A%17%19%1A%0D%0D%10%0D%0D%5B%12%14Z
Frame ID: 63426B544A7367A4B13965166901DF37
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
LockedPage URL History Show full URLs
-
https://robloxxexx.ga/
HTTP 301
https://www.robloxxexx.ga/ Page URL
- https://www.robloxxexx.ml/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
SweetAlert2 (JavaScript Libraries) Expand
Detected patterns
- sweetalert2(?:\.all)?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://robloxxexx.ga/
HTTP 301
https://www.robloxxexx.ga/ Page URL
- https://www.robloxxexx.ml/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://robloxxexx.ga/ HTTP 301
- https://www.robloxxexx.ga/
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.robloxxexx.ga/ Redirect Chain
|
143 B 443 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.robloxxexx.ml/ |
546 B 617 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yIufBn.js
d1j9qsxe04m2ki.cloudfront.net/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.3266384.d67e9.0.js
d3ikgzh4osba2b.cloudfront.net/public/external/v2/ |
26 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
d3ikgzh4osba2b.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
d3ikgzh4osba2b.cloudfront.net/public/clockers/PrimeApps/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
d3ikgzh4osba2b.cloudfront.net/public/ |
0 277 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ct
d3ikgzh4osba2b.cloudfront.net/public/ Frame 6342 |
56 KB 57 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ Frame 6342 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame 6342 |
13 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/font-awesome/ Frame 6342 |
27 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.min.js
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.6.6/ Frame 6342 |
22 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.min.css
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.6.6/ Frame 6342 |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.js
cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/ Frame 6342 |
232 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
colorpicker.js
s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/colorpicker/js/ Frame 6342 |
8 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
colorpicker.css
s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/colorpicker/css/ Frame 6342 |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
151981978211ad81ad9b8c843e4b3c3052a8d6138c.css
s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/ Frame 6342 |
8 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
151999678694833b4c5a49a55ef7f9224b286820f0.js
s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/ Frame 6342 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
150170764295f591d2e1daeb4fda0985149aa31c04.png
s3.us-west-1.amazonaws.com/cloudfls.co/uploads/ Frame 6342 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
guid.js
d3ikgzh4osba2b.cloudfront.net/public/external/ Frame 6342 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
impression.php
d3ikgzh4osba2b.cloudfront.net/public/external/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
guid
d3ikgzh4osba2b.cloudfront.net/public/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s3.us-west-1.amazonaws.com
- URL
- https://s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/151999678694833b4c5a49a55ef7f9224b286820f0.js
- Domain
- s3.us-west-1.amazonaws.com
- URL
- https://s3.us-west-1.amazonaws.com/cloudfls.co/uploads/150170764295f591d2e1daeb4fda0985149aa31c04.png
- Domain
- d3ikgzh4osba2b.cloudfront.net
- URL
- https://d3ikgzh4osba2b.cloudfront.net/public/external/guid.js
- Domain
- d3ikgzh4osba2b.cloudfront.net
- URL
- https://d3ikgzh4osba2b.cloudfront.net/public/external/impression.php?it=3266384&time=1684327653767
- Domain
- d3ikgzh4osba2b.cloudfront.net
- URL
- https://d3ikgzh4osba2b.cloudfront.net/public/guid?cpguid=c4jbeixy7&e=opl&t=1684327653767
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.robloxxexx.ml/ | Name: _cpguid Value: c4jbeixy7 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
d1j9qsxe04m2ki.cloudfront.net
d3ikgzh4osba2b.cloudfront.net
fonts.googleapis.com
robloxxexx.ga
s3.us-west-1.amazonaws.com
www.robloxxexx.ga
www.robloxxexx.ml
d3ikgzh4osba2b.cloudfront.net
s3.us-west-1.amazonaws.com
199.36.158.100
2600:9000:223d:3800:15:7da0:ecc0:21
2600:9000:2250:d000:7:68d6:a080:21
2606:4700::6811:190e
2a00:1450:4001:829::200a
2a00:1450:4001:82f::200a
52.219.113.48
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2174a842a277d5d453202f3e93c0daaa2a063b264798f249c262aae198eea559
24a5a101c055741a9469d4f1cb0670a46c34d72589802e31a98b977a4907a83b
2c8bdcebfbe4caf87727b3c56442dc41a790ac80a071c4d67374f2f9bd9e2b43
341326dbaf8c5609cfa4147f8dd98cd28ad17af3fb8f6e87a070b720f5bf4fe9
8157923832e020c3a4ed7ef85ad7d032d7b1b03b02e5502dce8ac9af9cedea53
a28be45144d377ab16527a8b5d2d60fae4d780f9dec17e4327567ad90482f293
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
ca89209e8cd9af2ff818a793c3ec660d24fe6bfeb320369cba59f388362d9b6d
ce068a9212a95f34ab3f25d57dccc787281c3d21f28470fe3d25a7ab72d91c7b
ddd652ec33cdb740350e85217b58c6abf7986b215301964a11489dd1e4a7c706
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6b7bcdd25e6d02721c70dbee3b8fef73fab10dc9ceb751887c63d4f40500a5e