![](/screenshots/ec4474b2-0522-492a-af62-53bb1554014b.png)
robloo.com
Open in
urlscan Pro
2606:4700:30::681b:9c55
Malicious Activity!
Public Scan
Submission: On February 03 via api from DE
Summary
This is the only time robloo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Roblox (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:30:... 2606:4700:30::681b:9c55 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
8 | 2.18.233.109 2.18.233.109 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
2 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81b::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
13 | 5 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
robloo.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-109.deploy.static.akamaitechnologies.com
static.rbxcdn.com | |
images.rbxcdn.com |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
ajax.aspnetcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
rbxcdn.com
static.rbxcdn.com images.rbxcdn.com |
76 KB |
2 |
aspnetcdn.com
ajax.aspnetcdn.com |
36 KB |
1 |
gstatic.com
www.gstatic.com |
89 KB |
1 |
google.com
www.google.com |
604 B |
1 |
robloo.com
robloo.com |
4 KB |
13 | 5 |
Domain | Requested by | |
---|---|---|
7 | static.rbxcdn.com |
robloo.com
|
2 | ajax.aspnetcdn.com |
robloo.com
|
1 | www.gstatic.com |
www.google.com
|
1 | images.rbxcdn.com |
robloo.com
|
1 | www.google.com |
robloo.com
|
1 | robloo.com | |
13 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.roblox.com |
corp.roblox.com |
blog.roblox.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.rbxcdn.com GeoTrust RSA CA 2018 |
2018-05-04 - 2019-05-04 |
a year | crt.sh |
www.google.com Google Internet Authority G3 |
2019-01-15 - 2019-04-09 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-01-15 - 2019-04-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://robloo.com/
Frame ID: 02EED84FF6E604373B4F53B1D61EE0E8
Requests: 13 HTTP requests in this frame
Screenshot
![](/screenshots/ec4474b2-0522-492a-af62-53bb1554014b.png)
Detected technologies
Detected patterns
- headers server /cloudflare/i
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
![](/vendor/wappa/icons/reCAPTCHA.png)
Detected patterns
- env /^Recaptcha$/i
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Games
Search URL Search Domain Scan URL
Title: Catalog
Search URL Search Domain Scan URL
Title: Create
Search URL Search Domain Scan URL
Title: Robux
Search URL Search Domain Scan URL
Title: Search "" in Players
Search URL Search Domain Scan URL
Title: Search "" in Games
Search URL Search Domain Scan URL
Title: Search "" in Catalog
Search URL Search Domain Scan URL
Title: Search "" in Groups
Search URL Search Domain Scan URL
Title: Search "" in Library
Search URL Search Domain Scan URL
Title: Sign Up
Search URL Search Domain Scan URL
Title: Forgot Password or Username?
Search URL Search Domain Scan URL
Title: About Us
Search URL Search Domain Scan URL
Title: Jobs
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Parents
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
![]() robloo.com/ |
17 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fetch
static.rbxcdn.com/css/leanbase___a4b9b3b26a3fbd37a3a695cf9566b105_m.css/ |
226 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fetch
static.rbxcdn.com/css/page___3052dcee76f815edb5e788399173e628_m.css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate-1.2.1.min.js
ajax.aspnetcdn.com/ajax/jquery.migrate/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
764 B 604 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4bed93c91f909002b1f17f05c0ce13d1.gif
images.rbxcdn.com/ |
10 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roblox_logo_11212016.svg
static.rbxcdn.com/images/Logo/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_O_01302017.svg
static.rbxcdn.com/images/Logo/ |
548 B 721 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation_06282017.svg
static.rbxcdn.com/images/Shared/ |
0 213 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
source-sans-pro-v9-latin-regular.woff2
static.rbxcdn.com/fonts/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
source-sans-pro-v9-latin-300.woff2
static.rbxcdn.com/fonts/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/api2/v1548052318968/ |
257 KB 89 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Roblox (Gaming)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.robloo.com/ | Name: __cfduid Value: d6747c572974b74744cc7f091d5a917e01549190479 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
images.rbxcdn.com
robloo.com
static.rbxcdn.com
www.google.com
www.gstatic.com
152.199.19.160
2.18.233.109
2606:4700:30::681b:9c55
2a00:1450:4001:819::2004
2a00:1450:4001:81b::2003
3b8022d8967f292c3fda78e15e5650691843b65e25087132fd11a8fa40aca52b
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
599d93e0748728edc6bd55a82a52bff61196b149d566a67d4ed86d55d9c520aa
6515d1cfa3b45c1a2c1e73759660bb92cff6db28f04d4decd13670b9a31e196e
84e4e3b60e6a9676bd68a3c8cf52a0c1b104f9db007dbf7e9e53da4c815bb4c6
8b42237360d2bdde84dd4d3fdc3f1cd3eee79216232704656413029f3bc7ec27
8bbfd02797ba881944772af99005bf58aaa8e1c2a6e13248ee8cf11d305c0667
8d04796a82bfd1d264b57e671772ba7da00160c56a96d07f484b1b73f17765cb
a4fac6d6f6782da9cfe8d8c756d89953e2e1ca6a5340724385b948e083bbf569
abe5cc7ec81a92de937f9402e5c9b31a55f8d50e984e66a876e05d2d0603cfe3
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
e31b574e26125ff8c26447c130ffc76f0d25d19523cbedfe79bf16898a4bb49f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855