free-avatar-roblox.tk Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

URL: https://free-avatar-roblox.tk/
Submission Tags: phishingrod
Submission: On March 20 via api from DE — Scanned from NL

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is free-avatar-roblox.tk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 20th 2023. Valid for: a year.
This is the only time free-avatar-roblox.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

Domain Requested by
5 d2punpeg7vtjci.cloudfront.net d13nu0oomnx5ti.cloudfront.net
4 d13pxqgp3ixdbh.cloudfront.net free-avatar-roblox.tk
4 free-avatar-roblox.tk free-avatar-roblox.tk
1 region1.google-analytics.com www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 d13nu0oomnx5ti.cloudfront.net free-avatar-roblox.tk
1 ajax.googleapis.com free-avatar-roblox.tk
1 fonts.googleapis.com free-avatar-roblox.tk
1 www.googletagmanager.com free-avatar-roblox.tk
19 9

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-03-20 -
2024-03-19
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-03-02 -
2023-05-25
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-03-02 -
2023-05-25
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-03-02 -
2023-05-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://free-avatar-roblox.tk/
Frame ID: 00548F1DD76D12C4B2416209E0A0B0EF
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Get a Free Roblox Avatar - Roblox Gift Card 2022 ROBLOX GIFT CARD ONLINE GENERATOR

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

9
Subdomains

9
IPs

2
Countries

388 kB
Transfer

686 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
free-avatar-roblox.tk/
120 KB
15 KB
Document
General
Full URL
https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2beea872755c5524d7645fb17705243779ba444a57aa0b24481ab5bf8714a6a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
7aae4ce09f4b2c5e-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 20 Mar 2023 13:28:47 GMT
last-modified
Sat, 23 Apr 2022 13:18:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0YeMHuk%2F3FWJN1ZbHSLYGB6Tk60a4OlxLIMRWH3c8yGvEsD4AykJBmi8E14mXfPto%2B82Ew8PpbYFkSK3Jcr1wxpS%2B4gc1McXSu9TU9Y0kzuSywynCehI4ZbbVkUK7HyMIC2g1DRcNY8OUjD3NhhynjUeNU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31556926
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-fra-eddf8230055-FRA
x-timer
S1679318927.470169,VS0,VE1
js
www.googletagmanager.com/gtag/
220 KB
77 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FJHQHPYHYW
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
98773a2b9697ab1386387439e2302ef249b1e21d42f17b5cddbf503e99d34d47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
78730
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 20 Mar 2023 13:28:47 GMT
style.css
free-avatar-roblox.tk/
0
0
Stylesheet
General
Full URL
https://free-avatar-roblox.tk/style.css
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:47 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230055-FRA
server
cloudflare
x-timer
S1679318928.512179,VS0,VE1
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCtlCl75kxr2v5JbO%2BDawfn79peI2oB88Gu0LmQ01eI48eP4dx9Xg%2F0daXHBr%2FDhfMwzcxBz0tfR9m%2BzAe%2BVYyDTz6Fdl7GbvW8z1Hmwvno0BV4shzvGyed3Ln4mnC7RH4D6ryZbcC0B7FMkz3ESlMoimN4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
max-age=14400
cf-ray
7aae4ce0efdb2c5e-FRA
x-cache-hits
1
css
fonts.googleapis.com/
1 KB
848 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Itim
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f803b853ec6a81da80cb89c9a0da0356559a2f9e135940c1917e6cd7f58cc919
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 20 Mar 2023 13:28:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 13:25:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 20 Mar 2023 13:28:47 GMT
16300154301b3952273eee495016ec4a02e088991e.png
d13pxqgp3ixdbh.cloudfront.net/uploads/
97 KB
97 KB
Image
General
Full URL
https://d13pxqgp3ixdbh.cloudfront.net/uploads/16300154301b3952273eee495016ec4a02e088991e.png
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:2600:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44cabde34f2cb90aeb44d10c69b589d45123e004da40adab8015923d32848557

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id
tfqY5JJBVSlpGPg7MG66HutBqc0mhwmt
date
Mon, 20 Mar 2023 13:28:47 GMT
via
1.1 e59bea79ab5f15feda92136bc7b74158.cloudfront.net (CloudFront)
last-modified
Thu, 26 Aug 2021 22:03:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P4
age
31796
etag
"baedeae31f898d2398bf8da45ac32389"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
99035
x-amz-cf-id
ERs5ZGORXDhqdjdE3GTVy0sS5rfYZFcT2RUpKWP9cxPHswy2LxSyow==
16121929062e05729fb668d9255072801817c0f2da.png
d13pxqgp3ixdbh.cloudfront.net/uploads/
4 KB
4 KB
Image
General
Full URL
https://d13pxqgp3ixdbh.cloudfront.net/uploads/16121929062e05729fb668d9255072801817c0f2da.png
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:2600:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a901031630ec6b3f0e04a3e05eed22b08922cc5ece2c05dfbf57a08d2e7a74a0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id
VehIoRCHkutHpGlTyrEaArpmAx_eoMYR
date
Mon, 20 Mar 2023 00:57:04 GMT
via
1.1 e59bea79ab5f15feda92136bc7b74158.cloudfront.net (CloudFront)
last-modified
Mon, 01 Feb 2021 15:21:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P4
age
45104
etag
"659297a6a31785f413c1168bd09ef615"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3695
x-amz-cf-id
E6RNncHJh9dUhBpDfL-FIHhBKPGwxUeVTBA1GqEX7c9ItSz4gi2rEA==
163001325904bc10e3dc1c4133e2e232a78ad55b92.png
d13pxqgp3ixdbh.cloudfront.net/uploads/
54 KB
55 KB
Image
General
Full URL
https://d13pxqgp3ixdbh.cloudfront.net/uploads/163001325904bc10e3dc1c4133e2e232a78ad55b92.png
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:2600:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
97dbcc0770e3631152fdb99965b59d5978c1a2c349b19c17fd22dceea18e6aab

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 00:57:04 GMT
x-amz-version-id
CkalJikcFDPfcEhleDzTvcoieFlZN17N
via
1.1 e59bea79ab5f15feda92136bc7b74158.cloudfront.net (CloudFront)
last-modified
Thu, 26 Aug 2021 21:27:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P4
age
45104
etag
"01a75d07262d8b5b298d9bbe0b3d5a7c"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
55696
x-amz-cf-id
np05-r_2B6rB3OSVSJzDL60FXBMC0_mFYXUJD6W4p4LzfcohR_13Rw==
test.png
free-avatar-roblox.tk/
10 KB
10 KB
Image
General
Full URL
https://free-avatar-roblox.tk/test.png
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5be0c3483138abfc50dae40ad4ebc51443cf8693b3cee01469d88bcf36bfd76
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:47 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230048-FRA
server
cloudflare
x-timer
S1679318928.539383,VS0,VE1
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c7g9WIvzGIECyN6To1PyOrYzCahk0ws8hGZ1TiXripH%2FVrPKe7La5ZOBoC4diaUDKK3qEwAii9PFOCc209oIHVp77n0iZcdPnX8vl14O9BSBko0EBPTQgV7N7ZxJz4TBmLvvnCTygW9u9lWFxq4fJ45bxC0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
max-age=14400
cf-ray
7aae4ce108072c5e-FRA
x-cache-hits
1
main.js
free-avatar-roblox.tk/
0
0
Script
General
Full URL
https://free-avatar-roblox.tk/main.js
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:47 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230109-FRA
server
cloudflare
x-timer
S1679318928.538384,VS0,VE1
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYQWigkGZMzmvxJUaoWTwuo%2FMxOkN6JajOazg%2BvyY6bOiXk8Onv%2BZao16YMBP%2BLfsJr6iiar5%2B85IUYuUOONgvheHKZpGfVykPaJ4Dziu1homheCCxB2cQje7K7gTdMtuOf9L8rdKfsCOqY5Ch6dTs%2Bs5EI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
max-age=14400
cf-ray
7aae4ce108062c5e-FRA
x-cache-hits
1
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/
84 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 09:58:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12625
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Mar 2024 09:58:22 GMT
98bf74a.js
d13nu0oomnx5ti.cloudfront.net/
23 KB
24 KB
Script
General
Full URL
https://d13nu0oomnx5ti.cloudfront.net/98bf74a.js
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:b000:3:b5aa:ad80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d212a5a732e0632cb7a63412830a021c8c0a4aaa835a604ef008c1b0e4b00300

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 00:17:06 GMT
via
1.1 3092bdd288d2a449c56d11f2cf4a9b88.cloudfront.net (CloudFront)
last-modified
Wed, 11 Jan 2023 21:50:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
47519
etag
"8ab72c4473621e1b30a24ec89af90bcf"
x-cache
Error from cloudfront
content-type
application/javascript
content-length
23942
x-amz-cf-id
RWDQIJIduOWPELNEryoW0E6SzxUNWeBivfp2p_5y2WME8qQS_Ariwg==
1630015102c62da85b4d861563fd7ea497e0b1b847.png
d13pxqgp3ixdbh.cloudfront.net/uploads/
10 KB
11 KB
Image
General
Full URL
https://d13pxqgp3ixdbh.cloudfront.net/uploads/1630015102c62da85b4d861563fd7ea497e0b1b847.png
Requested by
Host: free-avatar-roblox.tk
URL: https://free-avatar-roblox.tk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:2600:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e35e5ce00b9dd6902e484a92f20e291fb8d62ccd632f83fd0b7d05f4d165d736

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://free-avatar-roblox.tk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 00:57:04 GMT
x-amz-version-id
mMMu7Lpbrwfn8LxWLVDJoCr3JvRfF7i1
via
1.1 e59bea79ab5f15feda92136bc7b74158.cloudfront.net (CloudFront)
last-modified
Thu, 26 Aug 2021 21:58:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P4
age
45104
etag
"756a93e4f2983e6df5edb253e95345a9"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
10581
x-amz-cf-id
0QxZVoH8BageHSJvRGMEv26YLgR8eIV9DpFGPuLMgDshJLYhAjMLDA==
0nknC9ziJOYe8ANAkA.woff2
fonts.gstatic.com/s/itim/v10/
45 KB
45 KB
Font
General
Full URL
https://fonts.gstatic.com/s/itim/v10/0nknC9ziJOYe8ANAkA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Itim
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8a07378dcabf77bed73e6bf59be4d6aed5f91eee7bad32eb56d84862e0a054ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://free-avatar-roblox.tk
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 17 Mar 2023 21:08:50 GMT
x-content-type-options
nosniff
age
231597
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
45752
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:27:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 16 Mar 2024 21:08:50 GMT
collect
region1.google-analytics.com/g/
0
249 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FJHQHPYHYW&gtm=45je33f0&_p=2140096457&cid=116093673.1679318928&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1679318927&sct=1&seg=0&dl=https%3A%2F%2Ffree-avatar-roblox.tk%2F&dt=Get%20a%20Free%20Roblox%20Avatar%20-%20Roblox%20Gift%20Card%202022&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FJHQHPYHYW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Mar 2023 13:28:47 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://free-avatar-roblox.tk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
html.1433769.31718.0.js
d2punpeg7vtjci.cloudfront.net/public/external/v2/
10 KB
10 KB
Script
General
Full URL
https://d2punpeg7vtjci.cloudfront.net/public/external/v2/html.1433769.31718.0.js
Requested by
Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/98bf74a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9600:1c:8de0:8c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash
b7a22766fc7c1f180c6f9a05dbcb3213af6870691dda48c6243a65337cbe34f9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:47 GMT
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
server
Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop
FRA56-P7
x-powered-by
PHP/7.4.11
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
W5nsZLafp7mvvXZmm-czExY4oyug6OEZV0n8CZoF6kNlqJuC-9iuXg==
css_front.css
d2punpeg7vtjci.cloudfront.net/public/external/
6 KB
7 KB
Stylesheet
General
Full URL
https://d2punpeg7vtjci.cloudfront.net/public/external/css_front.css
Requested by
Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/98bf74a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9600:1c:8de0:8c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:47 GMT
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
last-modified
Tue, 23 Jun 2020 20:06:47 GMT
server
Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop
FRA56-P7
etag
"19c4-5a8c5e62e9d0a"
x-cache
Miss from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
6596
x-amz-cf-id
uohnKyoSm3G2wQr86znYmvk-cqmKfUdQe0snluzSV21qtyMaIScSrA==
css.css
d2punpeg7vtjci.cloudfront.net/public/clockers/CustomButton/
1010 B
1 KB
Stylesheet
General
Full URL
https://d2punpeg7vtjci.cloudfront.net/public/clockers/CustomButton/css.css
Requested by
Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/98bf74a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9600:1c:8de0:8c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:48 GMT
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
last-modified
Fri, 10 Apr 2020 22:29:00 GMT
server
Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop
FRA56-P7
etag
"3f2-5a2f7428ae907"
x-cache
Miss from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
1010
x-amz-cf-id
AA5NtVIvucgepsc5zB3vLpyjmjD-oQMatPAKMbHqqC3u0rBgykpeLw==
guid
d2punpeg7vtjci.cloudfront.net/public/
0
276 B
Script
General
Full URL
https://d2punpeg7vtjci.cloudfront.net/public/guid?cpguid=axgr79hzb&e=ll&t=1679318928804
Requested by
Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/98bf74a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9600:1c:8de0:8c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:49 GMT
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
server
Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop
FRA56-P7
x-powered-by
PHP/7.4.11
x-cache
Miss from cloudfront
content-type
text/html; charset=UTF-8
content-length
0
x-amz-cf-id
f93o8caYo1k8iBFqZh8SqXjl7gyDefuzsx-O_BOp74SaLOQni0zuIA==
check.php
d2punpeg7vtjci.cloudfront.net/public/external/
78 B
373 B
Script
General
Full URL
https://d2punpeg7vtjci.cloudfront.net/public/external/check.php?it=1433769&time=1679318930086
Requested by
Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/98bf74a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9600:1c:8de0:8c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 13:28:50 GMT
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
server
Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop
FRA56-P7
x-powered-by
PHP/7.4.11
x-cache
Miss from cloudfront
content-type
application/javascript
content-length
78
x-amz-cf-id
6wfHzq43VKOrhPbDYLtYLJbWGmOjEGW7MRZOo2G2WkCAdH56TaXltA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| gtag object| dataLayer function| $ function| jQuery object| CPABUILDSETTINGS string| forward object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker number| dot number| myVarloading function| myTimerLoading object| elem object| elem1 object| elem2 number| width number| wait object| genvalue number| genvalueran number| wait2 object| gennamelist string| x number| myVar2 function| UserTimer undefined| Radiovalue function| Mainstepfunction function| functionPack1

3 Cookies

Domain/Path Name / Value
.free-avatar-roblox.tk/ Name: _ga
Value: GA1.1.116093673.1679318928
.free-avatar-roblox.tk/ Name: _ga_FJHQHPYHYW
Value: GS1.1.1679318927.1.0.1679318927.0.0.0
free-avatar-roblox.tk/ Name: _cpguid
Value: axgr79hzb

3 Console Messages

Source Level URL
Text
network error URL: https://free-avatar-roblox.tk/style.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://free-avatar-roblox.tk/main.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://free-avatar-roblox.tk/test.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
d13nu0oomnx5ti.cloudfront.net
d13pxqgp3ixdbh.cloudfront.net
d2punpeg7vtjci.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
free-avatar-roblox.tk
region1.google-analytics.com
www.googletagmanager.com
2001:4860:4802:34::36
2600:9000:223d:b000:3:b5aa:ad80:21
2600:9000:223e:2600:1c:b3e3:eb40:21
2600:9000:2491:9600:1c:8de0:8c80:21
2a00:1450:4001:80e::200a
2a00:1450:4001:813::2003
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2008
2a06:98c1:3120::3
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
44cabde34f2cb90aeb44d10c69b589d45123e004da40adab8015923d32848557
8a07378dcabf77bed73e6bf59be4d6aed5f91eee7bad32eb56d84862e0a054ed
97dbcc0770e3631152fdb99965b59d5978c1a2c349b19c17fd22dceea18e6aab
98773a2b9697ab1386387439e2302ef249b1e21d42f17b5cddbf503e99d34d47
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a2beea872755c5524d7645fb17705243779ba444a57aa0b24481ab5bf8714a6a
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
a901031630ec6b3f0e04a3e05eed22b08922cc5ece2c05dfbf57a08d2e7a74a0
b7a22766fc7c1f180c6f9a05dbcb3213af6870691dda48c6243a65337cbe34f9
d212a5a732e0632cb7a63412830a021c8c0a4aaa835a604ef008c1b0e4b00300
e35e5ce00b9dd6902e484a92f20e291fb8d62ccd632f83fd0b7d05f4d165d736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5be0c3483138abfc50dae40ad4ebc51443cf8693b3cee01469d88bcf36bfd76
f803b853ec6a81da80cb89c9a0da0356559a2f9e135940c1917e6cd7f58cc919