{"report_id":"00582558-cfd9-4fb3-a0c7-fc61b569f060","version":6,"status":"done","tags":[],"date":"2026-01-03T17:41:26Z","url":{"schema":"http","addr":"www.roblox.com.ml/login?returnUrl=4899822606130126","fqdn":"www.roblox.com.ml","domain":"roblox.com.ml","tld":"com.ml"},"ip":{"addr":"179.43.188.90","port":0,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"884c8edb778dd55ef9d60d4a0ba8924a","sha1":"5140c39637f4c8cd953a2d4978cb95d3dc629311","sha256":"362a8b59fbbd71576a576d9e852b9384fe83c23a8daac2ab79d4b3304a0880ff","sha512":"846454abbe152ec5afc62294b2fd7c82834e6e79bb5ffc40ec905b2b1c5cc413ecfe0e22c7ef03b7c4cd1030d654b07ec83277e2ea3a67bb1f39efa3090c4e82","ssdeep":"","tlshash":"8c7156a514f0552714a383a5dd81bb1b9f827a07cf8c6a403b9f00f22f97d58886f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.roblox.com.ml/login?returnUrl=4899822606130126","fqdn":"www.roblox.com.ml","domain":"roblox.com.ml","tld":"com.ml"},"ip":{"addr":"179.43.188.90","port":0,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T17:41:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:41:01Z","timestamp":1767462061,"ip_dst":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"ip_src":{"addr":"172.18.0.10","port":54734,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Suspicious Domain (*.ml) in TLS SNI","source":"{\"timestamp\":\"2026-01-03T17:41:01.836220+0000\",\"flow_id\":449474043172205,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":54734,\"dest_ip\":\"179.43.188.90\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025110,\"rev\":6,\"signature\":\"ET INFO Suspicious Domain (*.ml) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2017_12_03\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"sni\":\"www.roblox.com.ml\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":753,\"bytes_toclient\":2663,\"start\":\"2026-01-03T17:41:01.775533+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:41:04Z","timestamp":1767462064,"ip_dst":{"addr":"179.43.188.90","port":80,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"ip_src":{"addr":"172.18.0.10","port":55416,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2026-01-03T17:41:04.749341+0000\",\"flow_id\":987060067406027,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":55416,\"dest_ip\":\"179.43.188.90\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.roblox.com.ml\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.roblox.com.ml/\",\"length\":175},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":518,\"bytes_toclient\":556,\"start\":\"2026-01-03T17:41:04.692427+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"www.roblox.com.ml","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2026-01-03","alert":"Phishing - Roblox","trigger":"www.roblox.com.ml","verdict":"phishing","severity":"medium","comment":"Roblox","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.roblox.com.ml","ip":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-09T07:48:23.882659Z","last_seen":"2026-01-02T07:54:30.909736Z","alert_count":6,"request_count":1,"received_data":146,"sent_data":518,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.15","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.roblox.com.ml/login?returnUrl=4899822606130126","fqdn":"www.roblox.com.ml","domain":"roblox.com.ml","tld":"com.ml"},"ip":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T17:41:01.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com.ml","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Oct 2025 13:47:05 GMT","end":"Sun, 04 Jan 2026 13:47:04 GMT"},"fingerprint":{"sha1":"DA:FB:A9:CA:8D:2E:81:DE:76:EC:9B:32:3A:A0:E9:45:BB:F7:E0:3B","sha256":"17:57:CD:00:04:C0:32:7C:E5:BF:FF:12:EC:05:A6:4B:04:C2:35:39:E2:EE:FE:B7:B3:AA:D6:A3:75:F7:48:36"}}},"request":{"raw":"GET /login?returnUrl=4899822606130126 HTTP/1.1\r\nHost: www.roblox.com.ml\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: openresty/1.27.1.2\r\ndate: Sat, 03 Jan 2026 17:41:08 GMT\r\nx-powered-by: PHP/8.4.15, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.15","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T16:45:41.565486Z","times_seen":14744586,"resource_available":true,"data":null}},"time_used":7207,"timings":{"blocked":142,"dns":75,"connect":29,"send":0,"wait":6921,"receive":1,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-03","alert":"Phishing Block","trigger":"www.roblox.com.ml","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2026-01-03","alert":"Phishing - Roblox","trigger":"www.roblox.com.ml","verdict":"phishing","severity":"medium","comment":"Roblox","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"www.roblox.com.ml","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}