www.roproxy.xyz Open in urlscan Pro
2a06:98c1:3120::7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.roproxy.xyz/
Effective URL:
https://www.roproxy.xyz/
Submission: On April 07 via manual (April 7th 2022, 4:00:39 pm UTC) from CA — Scanned from DE

Summary HTTP 10 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.roproxy.xyz.
TLS certificate: Issued by E1 on March 22nd 2022. Valid for: 3 months.

This is the only time www.roproxy.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 10	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
10	3

10 2a06:98c1:3120::7 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.roproxy.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	roproxy.xyz 2 redirects www.roproxy.xyz	19 KB
1	gstatic.com fonts.gstatic.com	36 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	1 KB
10	3

	Domain	Requested by
10	www.roproxy.xyz	2 redirects www.roproxy.xyz
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.roproxy.xyz
10	3

This site contains links to these domains. Also see Links.

Domain
roproxy.xyz
report.roproxy.xyz

Subject Issuer	Validity	Valid
*.roproxy.xyz E1	`2022-03-22` - `2022-06-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.roproxy.xyz/
Frame ID: F8CCB4FB974BC76485F3D9D0537F5AAB
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Roblox Proxy and APIs

Page URL History Show full URLs

http://www.roproxy.xyz/ Page URL
http://www.roproxy.xyz/cdn-cgi/phish-bypass?u=%2F&atok=c7acd25a5267862bbe7bd9e6161eed74 HTTP 301
http://www.roproxy.xyz/ HTTP 301
https://www.roproxy.xyz/ Page URL

Detected technologies

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+(?:([\d.])+/)?pure(?:-min)?\.css

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

10
Requests

70 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

54 kB
Transfer

96 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://roproxy.xyz/
Title: Home

Search URL Search Domain Scan URL

URL: https://roproxy.xyz/about
Title: About

Search URL Search Domain Scan URL

URL: https://roproxy.xyz/api
Title: APIs

Search URL Search Domain Scan URL

URL: https://roproxy.xyz/donate
Title: Donate

Search URL Search Domain Scan URL

URL: https://report.roproxy.xyz/
Title: Report Bug

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.roproxy.xyz/ Page URL
http://www.roproxy.xyz/cdn-cgi/phish-bypass?u=%2F&atok=c7acd25a5267862bbe7bd9e6161eed74 HTTP 301
http://www.roproxy.xyz/ HTTP 301
https://www.roproxy.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
www.roproxy.xyz/ 4 KB
2 KB 61ms
28ms Document
text/html 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://www.roproxy.xyz/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0baeed7ffb82f8d771bb23310de16691578aae7e9f69c692cfd6b79331c01e53

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-RAY: 6f83fa0339bf906c-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 07 Apr 2022 16:00:31 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aquDQ9D6qL7ik0nr8BbJCM4EdEEB%2BEHUFzyZJv0ftcdkf9muPmm6Hciu0aNV0W7%2FMpNwrR2mXp5m0h08%2FkXcScsH5BCei9Xi%2Bd47lsAtJHg0ZFjAPzPCpjRY3hGGAmiJf4%2BaWjbmthzxtG49xfw%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK cf.errors.css
www.roproxy.xyz/cdn-cgi/styles/ 23 KB
5 KB 21ms
21ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://www.roproxy.xyz/cdn-cgi/styles/cf.errors.css

Requested by

Host: www.roproxy.xyz
URL: http://www.roproxy.xyz/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16fd28061d42cf29268600418d5aa26b585435027ca599a42141cbc820f2547c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.roproxy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 16:00:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 24 Mar 2022 11:29:15 GMT
Server: cloudflare
ETag: W/"623c560b-5c88"
X-Frame-Options: DENY
Content-Type: text/css
Cache-Control: max-age=7200, public
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6f83fa044bae906c-FRA
Vary: Accept-Encoding
Expires: Thu, 07 Apr 2022 18:00:31 GMT

GET
H/1.1 200
OK icon-exclamation.png
www.roproxy.xyz/cdn-cgi/images/ 452 B
889 B 21ms
21ms Image
image/png 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.roproxy.xyz/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: www.roproxy.xyz
URL: http://www.roproxy.xyz/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.roproxy.xyz/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 16:00:31 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 24 Mar 2022 11:29:15 GMT
Server: cloudflare
ETag: "623c560b-1c4"
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6f83fa046bef906c-FRA
Vary: Accept-Encoding
Content-Length: 452
Expires: Thu, 07 Apr 2022 18:00:31 GMT

GET
H2

200

Primary Request / Show response
www.roproxy.xyz/
Redirect Chain

http://www.roproxy.xyz/cdn-cgi/phish-bypass?u=%2F&atok=c7acd25a5267862bbe7bd9e6161eed74
http://www.roproxy.xyz/
https://www.roproxy.xyz/

2 KB
1 KB

287ms
238ms

Document
text/html

2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.roproxy.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1d7acdaa14d11c2556e45b1d06c13d6438cc39747f3ade5ff7d38e4eee877641

Request headers

Referer: http://www.roproxy.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 6f83fa1d09c19165-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 07 Apr 2022 16:00:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Mon, 04 Apr 2022 06:00:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29EdCk7n0rRDNT%2B1nK8hfiGcT%2BUcieYd7NDwbdE4Sg6Imj8jWJwBG8TOZoPdHNuv6WTPw8NW18YBn3YjTXrEo3XPH13WR6CgozQ83R3gNk8H8xmHANHohYRuSgwcVd9Zd8l7be8qr5LyYwQ4IHc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 vegur
x-powered-by: Express

Redirect headers

CF-RAY: 6f83fa1c9ace906c-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 07 Apr 2022 16:00:35 GMT
Expires: Thu, 07 Apr 2022 17:00:35 GMT
Location: https://www.roproxy.xyz/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DaH5AxYJ30kmYH8FonBA64kVtqTaZKtacfIVu%2F7hNoyPDyof0N7a7bUhnPzMtxtuGa7%2BgFl9CeGfpyRfnVTAEPkNZTaCj9hrgI4jyVF6JfKJi2lHUvkkq%2BIZgn%2FC704NIsAMaWmBA1v5%2Bmw%2FxYY%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 pure-min.css
www.roproxy.xyz/proxy/css/ 19 KB
5 KB 329ms
328ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.roproxy.xyz/proxy/css/pure-min.css
Requested by: Host: www.roproxy.xyz
URL: https://www.roproxy.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: bd5aeeff9bb2a7f9c939e474f52f5a43618f4d077799dd1246e259b22b98899e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.roproxy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 16:00:35 GMT
via: 1.1 vegur
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 04 Apr 2022 06:00:49 GMT
server: cloudflare
etag: W/"4d9d-17ff3295e68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSafgDTF1ZT8TRgCznhm3Msem%2Fsuziulycwwg%2Fu8xby3R8rjzmHcHf9aINq2QGnutKn8iuDuM9Z1DwBUCwcoOo%2BcjpI50E%2BVW%2FRM80Nwj%2Fm7KDchWh5xOKPlGe2IpdJoY3qKCwjo2NqVN8f3594%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 6f83fa1eacfc9165-FRA

GET
H2 200 side-menu.css
www.roproxy.xyz/proxy/css/ 5 KB
2 KB 232ms
231ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.roproxy.xyz/proxy/css/side-menu.css
Requested by: Host: www.roproxy.xyz
URL: https://www.roproxy.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f22b6666c8d542d6c6512d2becd5b7ba7055fe242709c734f5de064f45c08fd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.roproxy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 16:00:35 GMT
via: 1.1 vegur
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 04 Apr 2022 06:00:49 GMT
server: cloudflare
etag: W/"1397-17ff3295e68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GjOwNEo1md%2B0Lk5hlbk1Sf3ocV2X0W%2FPDWe7IA85e6851%2BW5TZk6JPm6nsXZX35936Q%2BEd4i8gaNu5m3HCIars5SB2qx0TTSouKQyWR%2BhNJ7Jb0Wf5KHVO2mSJXdJfgh39aqV%2FGDOZYGmulMKOg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 6f83fa1ead039165-FRA

GET
H2 200 dark-mode.css
www.roproxy.xyz/proxy/css/ 665 B
641 B 210ms
209ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.roproxy.xyz/proxy/css/dark-mode.css
Requested by: Host: www.roproxy.xyz
URL: https://www.roproxy.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 66ba4130e6c7a8adba16c21ee5bdcb029485cf71e5a95b1c855c3d29ad82febe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.roproxy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 16:00:35 GMT
via: 1.1 vegur
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 04 Apr 2022 06:00:49 GMT
server: cloudflare
etag: W/"299-17ff3295e68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyguY0SuyvB0neQRfqPmNnYnCf33cuF4xTyZEPV%2FWBvLpbyofiegTiy%2F9i0qzJIZ9rttNaX0a6%2FGMj32y8g7Mc2dqSuahF%2FyMeHpuDUoZPWc0Ez2oL8GocjaXnUhiuD2CQUOi6OeJuVExN6qkok%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 6f83fa1ead059165-FRA

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
1 KB 72ms
28ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito:wght@700;800&display=swap

Requested by

Host: www.roproxy.xyz
URL: https://www.roproxy.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f876f823ac57cdf1b247df8c5d3c2c4dad21013013940ed5e691eca17cec4025

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.roproxy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 16:00:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 07 Apr 2022 16:00:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Apr 2022 16:00:35 GMT

GET
H2 200 ui.js Show response
www.roproxy.xyz/proxy/js/ 3 KB
1 KB 225ms
224ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.roproxy.xyz/proxy/js/ui.js
Requested by: Host: www.roproxy.xyz
URL: https://www.roproxy.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 62d22eb6ad0f7d34f8b5038b73a15a5b1cee9b1a6694d479634cb80733d06324

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.roproxy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 16:00:35 GMT
via: 1.1 vegur
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 04 Apr 2022 06:00:49 GMT
server: cloudflare
etag: W/"b44-17ff3295e68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FS5FzuzAUbHdvCGLco9EcauxY3MHs5dRhcl%2ByS5BdFNLzafAAqfhd5S2E1qCyrUpQP9kP%2BlDgogqDvGH2Ibon%2Fv4rZCkfd00C8cP67VNnxz2qM4JHb7mS%2BU1z%2F9%2BezJec7wasG8iEUMxbNLeiQ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 6f83fa1ead069165-FRA

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v23/ 35 KB
36 KB 63ms
18ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v23/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a5785b77392afc9cd2912fe805759dd4bec52a4ec5dd8c6981eefb08af7690f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.roproxy.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 10:32:10 GMT
x-content-type-options: nosniff
age: 19706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35772
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 06:25:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 10:32:10 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www.roproxy.xyz/	1970-01-20 02:10:33	Name: __cf_mw_byp Value: a23846a5b4e4ca303e575ca8d2bed7c0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
www.roproxy.xyz
2a00:1450:4001:828::2003
2a00:1450:4001:828::200a
2a06:98c1:3120::7
0baeed7ffb82f8d771bb23310de16691578aae7e9f69c692cfd6b79331c01e53
16fd28061d42cf29268600418d5aa26b585435027ca599a42141cbc820f2547c
1d7acdaa14d11c2556e45b1d06c13d6438cc39747f3ade5ff7d38e4eee877641
2a5785b77392afc9cd2912fe805759dd4bec52a4ec5dd8c6981eefb08af7690f
62d22eb6ad0f7d34f8b5038b73a15a5b1cee9b1a6694d479634cb80733d06324
66ba4130e6c7a8adba16c21ee5bdcb029485cf71e5a95b1c855c3d29ad82febe
bd5aeeff9bb2a7f9c939e474f52f5a43618f4d077799dd1246e259b22b98899e
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f22b6666c8d542d6c6512d2becd5b7ba7055fe242709c734f5de064f45c08fd5
f876f823ac57cdf1b247df8c5d3c2c4dad21013013940ed5e691eca17cec4025

www.roproxy.xyz Open in urlscan Pro 2a06:98c1:3120::7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

70 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

54 kBTransfer

96 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.roproxy.xyz Open in urlscan Pro
2a06:98c1:3120::7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

70 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

54 kB
Transfer

96 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!