free-avatar-roblox.tk
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission Tags: phishingrod
Submission: On March 20 via api from DE — Scanned from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 20th 2023. Valid for: a year.
This is the only time free-avatar-roblox.tk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 2600:9000:223... 2600:9000:223e:2600:1c:b3e3:eb40:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2600:9000:223... 2600:9000:223d:b000:3:b5aa:ad80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
5 | 2600:9000:249... 2600:9000:2491:9600:1c:8de0:8c80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
19 | 9 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
d13pxqgp3ixdbh.cloudfront.net |
ASN16509 (AMAZON-02, US)
d13nu0oomnx5ti.cloudfront.net |
ASN16509 (AMAZON-02, US)
d2punpeg7vtjci.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
cloudfront.net
d13pxqgp3ixdbh.cloudfront.net d13nu0oomnx5ti.cloudfront.net d2punpeg7vtjci.cloudfront.net |
209 KB |
4 |
free-avatar-roblox.tk
free-avatar-roblox.tk |
25 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34 ajax.googleapis.com — Cisco Umbrella Rank: 305 |
31 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2388 |
249 B |
1 |
gstatic.com
fonts.gstatic.com |
45 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 42 |
77 KB |
19 | 6 |
Domain | Requested by | |
---|---|---|
5 | d2punpeg7vtjci.cloudfront.net |
d13nu0oomnx5ti.cloudfront.net
|
4 | d13pxqgp3ixdbh.cloudfront.net |
free-avatar-roblox.tk
|
4 | free-avatar-roblox.tk |
free-avatar-roblox.tk
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | d13nu0oomnx5ti.cloudfront.net |
free-avatar-roblox.tk
|
1 | ajax.googleapis.com |
free-avatar-roblox.tk
|
1 | fonts.googleapis.com |
free-avatar-roblox.tk
|
1 | www.googletagmanager.com |
free-avatar-roblox.tk
|
19 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-03-20 - 2024-03-19 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-03-02 - 2023-05-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-03-02 - 2023-05-25 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2022-12-08 - 2023-12-07 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-03-02 - 2023-05-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://free-avatar-roblox.tk/
Frame ID: 00548F1DD76D12C4B2416209E0A0B0EF
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Get a Free Roblox Avatar - Roblox Gift Card 2022 ROBLOX GIFT CARD ONLINE GENERATORDetected technologies
Google Analytics (Analytics) ExpandDetected patterns
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
free-avatar-roblox.tk/ |
120 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
220 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
free-avatar-roblox.tk/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 848 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
16300154301b3952273eee495016ec4a02e088991e.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ |
97 KB 97 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
16121929062e05729fb668d9255072801817c0f2da.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
163001325904bc10e3dc1c4133e2e232a78ad55b92.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ |
54 KB 55 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
test.png
free-avatar-roblox.tk/ |
10 KB 10 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
free-avatar-roblox.tk/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
98bf74a.js
d13nu0oomnx5ti.cloudfront.net/ |
23 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1630015102c62da85b4d861563fd7ea497e0b1b847.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0nknC9ziJOYe8ANAkA.woff2
fonts.gstatic.com/s/itim/v10/ |
45 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 249 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.1433769.31718.0.js
d2punpeg7vtjci.cloudfront.net/public/external/v2/ |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
d2punpeg7vtjci.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
d2punpeg7vtjci.cloudfront.net/public/clockers/CustomButton/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
d2punpeg7vtjci.cloudfront.net/public/ |
0 276 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
d2punpeg7vtjci.cloudfront.net/public/external/ |
78 B 373 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless function| gtag object| dataLayer function| $ function| jQuery object| CPABUILDSETTINGS string| forward object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker number| dot number| myVarloading function| myTimerLoading object| elem object| elem1 object| elem2 number| width number| wait object| genvalue number| genvalueran number| wait2 object| gennamelist string| x number| myVar2 function| UserTimer undefined| Radiovalue function| Mainstepfunction function| functionPack13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.free-avatar-roblox.tk/ | Name: _ga Value: GA1.1.116093673.1679318928 |
|
.free-avatar-roblox.tk/ | Name: _ga_FJHQHPYHYW Value: GS1.1.1679318927.1.0.1679318927.0.0.0 |
|
free-avatar-roblox.tk/ | Name: _cpguid Value: axgr79hzb |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
d13nu0oomnx5ti.cloudfront.net
d13pxqgp3ixdbh.cloudfront.net
d2punpeg7vtjci.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
free-avatar-roblox.tk
region1.google-analytics.com
www.googletagmanager.com
2001:4860:4802:34::36
2600:9000:223d:b000:3:b5aa:ad80:21
2600:9000:223e:2600:1c:b3e3:eb40:21
2600:9000:2491:9600:1c:8de0:8c80:21
2a00:1450:4001:80e::200a
2a00:1450:4001:813::2003
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2008
2a06:98c1:3120::3
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
44cabde34f2cb90aeb44d10c69b589d45123e004da40adab8015923d32848557
8a07378dcabf77bed73e6bf59be4d6aed5f91eee7bad32eb56d84862e0a054ed
97dbcc0770e3631152fdb99965b59d5978c1a2c349b19c17fd22dceea18e6aab
98773a2b9697ab1386387439e2302ef249b1e21d42f17b5cddbf503e99d34d47
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a2beea872755c5524d7645fb17705243779ba444a57aa0b24481ab5bf8714a6a
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
a901031630ec6b3f0e04a3e05eed22b08922cc5ece2c05dfbf57a08d2e7a74a0
b7a22766fc7c1f180c6f9a05dbcb3213af6870691dda48c6243a65337cbe34f9
d212a5a732e0632cb7a63412830a021c8c0a4aaa835a604ef008c1b0e4b00300
e35e5ce00b9dd6902e484a92f20e291fb8d62ccd632f83fd0b7d05f4d165d736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5be0c3483138abfc50dae40ad4ebc51443cf8693b3cee01469d88bcf36bfd76
f803b853ec6a81da80cb89c9a0da0356559a2f9e135940c1917e6cd7f58cc919