{"report_id":"02825d85-2698-4135-b07b-b43d76f970fb","version":6,"status":"done","tags":[],"date":"2026-06-06T23:07:48Z","url":{"schema":"https","addr":"ro-verify.net/","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"ip":{"addr":"91.240.20.15","port":0,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"final":{"url":{"schema":"https","addr":"ro-verify.net/","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"title":"RoVer","dom":{"size":224,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"d1e5034486d7943d5320b1679544d8da","sha1":"b6ee8113c0cc820de646f21da6bdf58fb83181ed","sha256":"18a53a136ece59aae19c9b3c750cd93b8a560f37a344b2724b1f96980af7255d","sha512":"4dce20c5badd4189c36d5c40371fcbf8ade53418740aa3b87f299da0a8ffb08aa7ac332bd67846cfe6c8b7cde04d2856b65a8234470040bc7ad9036d92e68760","ssdeep":"","tlshash":"89d0978f004363070d00212038c42981278c22e9602a82a05986c197414c42acca39c0","dom_hash":"domhash6047034c37a0e90cd4b650026e316c39","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ro-verify.net/","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"ip":{"addr":"91.240.20.15","port":0,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-11T23:07:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"ro-verify.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ro-verify.net","ip":{"addr":"91.240.20.15","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"domain_registered":"2026-05-29","domain_rank":0,"first_seen":"2026-06-06T23:00:32.992256Z","last_seen":"2026-06-06T23:00:32.992256Z","alert_count":15,"request_count":3,"received_data":157266,"sent_data":1509,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"cdn.discordapp.com","ip":{"addr":"162.159.134.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-02-26","domain_rank":16705,"first_seen":"2015-08-24T13:06:21Z","last_seen":"2026-06-06T07:58:15.275387Z","alert_count":0,"request_count":1,"received_data":10761,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"gateway.rover-space.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-21","domain_rank":0,"first_seen":"2026-06-06T23:00:33.00933Z","last_seen":"2026-06-06T23:00:33.00933Z","alert_count":0,"request_count":1,"received_data":677,"sent_data":387,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.roblox.com","ip":{"addr":"128.116.21.3","port":443,"asn":22697,"as":"ROBLOX-PRODUCTION","country":"The Netherlands","country_code":"NL"},"domain_registered":"2004-01-30","domain_rank":1776,"first_seen":"2012-05-24T19:56:53Z","last_seen":"2026-06-06T01:38:47.483337Z","alert_count":0,"request_count":1,"received_data":3438,"sent_data":389,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Arkose Labs","description":"Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.","website":"https://www.arkoselabs.com","common_platform_enumeration":"","icon":"ArkoseLabs.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ro-verify.net/","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"ip":{"addr":"91.240.20.15","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"introduction_type":"scriptElement","is_inline":true,"md5":"13402b75acab51740f851b594f7a0d33","sha1":"e772c97d690f34d7450f45065d2671856a5656db","sha256":"881b6af5c4475e1dc47e9ba79e122b8d90e724fab9603378d686cbff0b1f774b","sha512":"9849add7f99fa5e75d2d6f94ab205273ef13ba9a7b39c016f99dc349c1e20bfa678a69ba89abfed43b7e77ec71f49f6821120e81722c035eab220f7203aa4d6c","ssdeep":"192:x2UKiio+kal+6eaEnpOd89TE4XXX7Q2QMA:+ZkG+6eaEHVA","tlshash":"f0e10c2b2aab153806e7b46af2cb2545373680833149da547c7dcb082f54ed0b672bdf","size":7445,"data":"","first_seen":"2026-06-06T23:00:37.189915Z","last_seen":"2026-06-06T23:07:49.570636Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ro-verify.net/","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"ip":{"addr":"91.240.20.15","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-06T23:07:26.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-verify.net","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 14:07:13 GMT","end":"Thu, 27 Aug 2026 14:07:12 GMT"},"fingerprint":{"sha1":"EC:47:80:9A:F0:4E:9D:98:E6:FA:A7:B1:F0:3B:E3:4E:12:E9:14:4C","sha256":"07:D6:CB:6C:EC:FA:46:BC:EE:18:92:51:75:46:58:78:F3:82:63:E0:C8:28:B0:75:5F:03:9E:3A:CD:98:1C:47"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ro-verify.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 06 Jun 2026 23:07:25 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Encoding: gzip\r\nContent-Length: 56908\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\nX-Cache: HIT\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nX-Cache-Url: https://ro-verify.net/\r\nEtag: \"2607e-65264aa8c6cc4-gzip\"\r\nLast-Modified: Fri, 22 May 2026 09:29:31 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}],"data":{"size":155774,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (21776)","md5":"b9d6a6193273dc6efba641717ad49532","sha1":"c02dd85915c6f1b4f8fb80657ef5eab486b41776","sha256":"42ade82f1cb34c80b108f3b80c6a2be2263817b4746a05538e6f830522c729d2","sha512":"31cdabf8c924a39edc131167d9a604b36cf69fb5a62460d4aa9f6fa960eb6fd229339223bcf65d72ecc9b00a46d6de60faa61c12e7f2c9e042acc958aa97c35b","ssdeep":"1536:wHRLx1sUBgjkZ3S32S2Sm6XTIj30XOsRQCAZnk2T9hq2zF81U:+91s0GzXDs3YObCKNTq2q1U","tlshash":"30e35d254963a19d1c73a81e23e65e172230e003ad05fb4ebaff45648f0fac564d7f6a","first_seen":"2026-06-06T23:00:37.188666Z","last_seen":"2026-06-06T23:07:49.567784Z","times_seen":2,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":178,"dns":80,"connect":42,"send":0,"wait":42,"receive":84,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"ro-verify.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.discordapp.com/avatars/298796807323123712/7338ed45666cd90ec1a6662491a9eb8a","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.134.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ro-verify.net/","date":"2026-06-06T23:07:26.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 02 May 2026 16:26:22 GMT","end":"Fri, 31 Jul 2026 17:26:19 GMT"},"fingerprint":{"sha1":"8F:91:8E:D7:94:75:CD:CD:2A:A7:A3:3C:DE:3C:70:16:38:17:36:21","sha256":"E8:13:C5:53:A0:D3:F7:CA:9B:A4:9B:20:B2:A9:DF:EB:CB:EF:72:FA:E4:FF:01:F4:17:16:E5:59:61:59:C7:A6"}}},"request":{"raw":"GET /avatars/298796807323123712/7338ed45666cd90ec1a6662491a9eb8a HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 06 Jun 2026 23:07:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 9690\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000\r\nlast-modified: Sat, 06 Jun 2026 16:52:55 GMT\r\nset-cookie: __cf_bm=cupU2R2AIF.1x9tE6eY2jEEcABjxwwWnSGxHLqRinUE-1780787246.48968-1.0.1.1-vlb4xK0lWb0zwWakRV6HOk2.fP3jIm8VTeIVQY1wibIQi.5sus2icvkc6jV9mWknmprwpqPd5gcnZESZ9WxqD9QAURxTHFSmUK3IdWtwN_QqP7Nja0GXzj7O4I9tWpQK; HttpOnly; SameSite=None; Secure; Path=/; Domain=discordapp.com; Expires=Sat, 06 Jun 2026 23:37:26 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jZaWdoyAAdPJfgaJwBwaKFIo0Nlb2EAXo2N9Vtppji1aFT9vnMZP0InRJLoONHcAxWCxDjw1DYr3cSMOAJ%2FMBgvRwjwAnwit%2BJoM3KYA1JOBpc%2F83%2F7W9%2BBuv1YdgTcdm8KSIw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\nserver: cloudflare\r\ncf-ray: a07b12c28cc0569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9690,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"8c9620b17aa05ffe8eb1da96f9d5a31e","sha1":"3b89033766ad1d0bc94582541ce5bfb5018d86fd","sha256":"a3e1a227d1147bd6da31c004db87a78f97f0f041a67642b92b6e50b76cbb8460","sha512":"196102e30149e4d10bf4136bafbd12a560daad7a933618a561d37c78c438b588437ea8df8407819a4a925e52569996d495f3f32a98d94113896a391c83741b5b","ssdeep":"192:KWZkXE3uoJG9QJhalARGGN39IjhJCTVHWAnLr57t6xy/:KWZk9oJl/fQ8RHDn57Z/","tlshash":"3e12bf3e5c5e3fce621407eeadf43adb150587288fc97864b4408226f252c53a312f87","first_seen":"2026-06-06T23:00:37.182642Z","last_seen":"2026-06-06T23:07:49.568454Z","times_seen":2,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":33,"dns":21,"connect":1,"send":0,"wait":17,"receive":1,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ro-verify.net/RoVer_files/saved_resource.html","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"ip":{"addr":"91.240.20.15","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ro-verify.net/","date":"2026-06-06T23:07:26.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-verify.net","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 14:07:13 GMT","end":"Thu, 27 Aug 2026 14:07:12 GMT"},"fingerprint":{"sha1":"EC:47:80:9A:F0:4E:9D:98:E6:FA:A7:B1:F0:3B:E3:4E:12:E9:14:4C","sha256":"07:D6:CB:6C:EC:FA:46:BC:EE:18:92:51:75:46:58:78:F3:82:63:E0:C8:28:B0:75:5F:03:9E:3A:CD:98:1C:47"}}},"request":{"raw":"GET /RoVer_files/saved_resource.html HTTP/1.1\r\nHost: ro-verify.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sat, 06 Jun 2026 23:07:25 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 275\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\nX-Cache: HIT\r\nX-Cache-Url: https://ro-verify.net/RoVer_files/saved_resource.html\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"212f41975871d331cfab679f370e70ac","sha1":"e202737346abdd5636f35f3441f77c14684bbd9e","sha256":"f3838d34eebd927a315495eeaf52429fa564f26e6508c86c5a136c1b44cd7be7","sha512":"f8f1b406a5fe1ad01857a61d6bcc55241c9c27a3145023937621195e7a58360f76be769a73357bed07c76b17ff751481601bd1d50149881a882f1d8db0b36038","ssdeep":"","tlshash":"c8d02b9f505373870912255039c615c2278c12eaa46e85e82d86d497529c53edd9b5c8","first_seen":"2026-06-06T23:00:37.186029Z","last_seen":"2026-06-06T23:07:49.569457Z","times_seen":2,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"ro-verify.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ro-verify.net/RoVer_files/saved_resource(1).html","fqdn":"ro-verify.net","domain":"ro-verify.net","tld":"net"},"ip":{"addr":"91.240.20.15","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ro-verify.net/","date":"2026-06-06T23:07:26.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-verify.net","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 14:07:13 GMT","end":"Thu, 27 Aug 2026 14:07:12 GMT"},"fingerprint":{"sha1":"EC:47:80:9A:F0:4E:9D:98:E6:FA:A7:B1:F0:3B:E3:4E:12:E9:14:4C","sha256":"07:D6:CB:6C:EC:FA:46:BC:EE:18:92:51:75:46:58:78:F3:82:63:E0:C8:28:B0:75:5F:03:9E:3A:CD:98:1C:47"}}},"request":{"raw":"GET /RoVer_files/saved_resource(1).html HTTP/1.1\r\nHost: ro-verify.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sat, 06 Jun 2026 23:07:25 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 275\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\nX-Cache: HIT\r\nX-Cache-Url: https://ro-verify.net/RoVer_files/saved_resource(1).html\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"212f41975871d331cfab679f370e70ac","sha1":"e202737346abdd5636f35f3441f77c14684bbd9e","sha256":"f3838d34eebd927a315495eeaf52429fa564f26e6508c86c5a136c1b44cd7be7","sha512":"f8f1b406a5fe1ad01857a61d6bcc55241c9c27a3145023937621195e7a58360f76be769a73357bed07c76b17ff751481601bd1d50149881a882f1d8db0b36038","ssdeep":"","tlshash":"c8d02b9f505373870912255039c615c2278c12eaa46e85e82d86d497529c53edd9b5c8","first_seen":"2026-06-06T23:00:37.186029Z","last_seen":"2026-06-06T23:07:49.569457Z","times_seen":2,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":35,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"ro-verify.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"ro-verify.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gateway.rover-space.com/favicon.ico","fqdn":"gateway.rover-space.com","domain":"rover-space.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ro-verify.net/","date":"2026-06-06T23:07:26.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rover-space.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 06:01:06 GMT","end":"Thu, 20 Aug 2026 06:01:05 GMT"},"fingerprint":{"sha1":"CC:4E:15:F1:89:24:06:D3:F1:72:CE:45:F2:67:D7:AE:C6:2C:EA:9F","sha256":"AD:03:9F:88:2D:60:A1:67:CF:8C:C6:4E:5B:E7:40:00:57:F2:8C:71:9E:00:07:BB:01:B4:2D:39:56:BE:B1:B5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gateway.rover-space.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 06 Jun 2026 23:07:26 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://www.roblox.com/request-error?code=404\r\nserver: cloudflare\r\neggy-wall: 15.6\r\nabuse: abuse@eggywall.org\r\nx-frame-options: ALLOWALL\r\nstrict-transport-security: max-age=604800; includeSubdomains\r\nnel: {\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.1,\"failure_fraction\":1}\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nx-cache: HIT\r\nx-cache-url: https://gateway.rover-space.com/favicon.ico\r\naccess-control-allow-credentials: true\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a07b12c34a695ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T12:34:25.437902Z","times_seen":16239334,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":51,"dns":39,"connect":1,"send":0,"wait":48,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.roblox.com/request-error?code=404","fqdn":"www.roblox.com","domain":"roblox.com","tld":"com"},"ip":{"addr":"128.116.21.3","port":443,"asn":22697,"as":"ROBLOX-PRODUCTION","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ro-verify.net/","date":"2026-06-06T23:07:26.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com","organization":"Roblox Corporation"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 23 Feb 2026 00:00:00 GMT","end":"Tue, 23 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:64:20:AA:CD:6E:23:3D:9B:F7:54:3D:0C:9A:AC:54:88:35:3F","sha256":"3A:0D:D2:A2:9A:2D:15:47:45:35:CE:97:37:88:4E:19:20:5E:55:F0:86:4D:32:B8:A5:1D:2A:A1:3C:62:DD:57"}}},"request":{"raw":"GET /request-error?code=404 HTTP/1.1\r\nHost: www.roblox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 06 Jun 2026 23:07:26 GMT\r\nserver: public-gateway\r\ncache-control: no-store, must-revalidate, no-cache\r\ncontent-encoding: br\r\nset-cookie: rbx-ip2=1; domain=roblox.com; expires=Sun, 07-Jun-2026 00:07:26 GMT; path=/\nRBXEventTrackerV2=CreateDate=06/06/2026 18:07:26\u0026rbxuid=\u0026browserid=1780787246926003; domain=roblox.com; expires=Wed, 22-Oct-2053 23:07:26 GMT; path=/\nGuestData=UserID=-1326210371; domain=.roblox.com; expires=Wed, 22-Oct-2053 23:07:26 GMT; path=/\r\nvary: Accept-Encoding\r\ncontent-security-policy: report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests;  script-src 'self' 'unsafe-inline' apis.roblox.com roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com cdn.safecharge.com;  img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.openstreetmap.org *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com *.safecharge.com;  connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.robloxapp.vnggames.com *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com wss://realtime-signalr.robloxapp.vnggames.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com *.safecharge.com;\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000\r\nroblox-machine-id: 0e929c07-17aa-4471-b83b-a710e13fad60\r\nx-envoy-upstream-service-time: 27\r\nx-terms-message: Terms apply https://rblx.co/TOU.\r\nx-ratelimit-limit: 100, 100;w=60\r\nx-ratelimit-remaining: 99\r\nx-ratelimit-reset: 34\r\nx-roblox-region: us-central_rbx\r\nx-roblox-edge: c074\r\nreport-to: {\"group\":\"network-errors\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://ncs.roblox.com/upload\"}]}\r\nnel: {\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.001,\"failure_fraction\":1}\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Arkose Labs","description":"Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.","website":"https://www.arkoselabs.com","common_platform_enumeration":"","icon":"ArkoseLabs.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T12:34:25.437902Z","times_seen":16239334,"resource_available":true,"data":null}},"time_used":574,"timings":{"blocked":195,"dns":149,"connect":17,"send":0,"wait":184,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}