Report - installshave.web.app/Roblox.zip

Report Overview

Visited public
2025-03-09 20:58:01
Tags
URL
installshave.web.app/Roblox.zip
Finishing URL
about:privatebrowsing
IP / ASN
199.36.158.100
#54113 FASTLY
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
installshave.web.app	unknown	2019-01-08	2025-02-02	2025-03-09	499 B	3.4 MB	199.36.158.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
installshave.web.app/Roblox.zip
IP
199.36.158.100
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.4 MB (3428307 bytes)
Hash
84a2f5513f74e3414d12b0be92c0796a
36c9bc09a6f0d4fef4e694a7a0eaf1b86584441f
f5cf806c442223e7b3675d9d2cc695502a8c9f363ca4dbf4c6910f429080e154

Archive (1)

Filename

Md5

File type

RobloxPlayerInstaller.exe

27408f7c4519862a0008b1c397b32a03

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	win_amadey_bytecodes_oct_2023

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	installshave.web.app/Roblox.zip	199.36.158.100	200 OK	3.4 MB
URL User Request GET installshave.web.app/Roblox.zip IP 199.36.158.100:443 ASN #54113 FASTLY Certificate IssuerGoogle Trust Services Subjectweb.app Fingerprint65:1E:79:EA:5A:19:84:EC:9B:83:F4:B7:D1:12:8F:DB:B1:04:8E:EF ValidityMon, 03 Feb 2025 19:04:47 GMT - Sun, 04 May 2025 19:04:46 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 3.4 MB (3428307 bytes) Hash 84a2f5513f74e3414d12b0be92c0796a 36c9bc09a6f0d4fef4e694a7a0eaf1b86584441f f5cf806c442223e7b3675d9d2cc695502a8c9f363ca4dbf4c6910f429080e154 HTTP Headers `GET /Roblox.zip HTTP/1.1 Host: installshave.web.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK cache-control: max-age=3600 content-encoding: gzip content-type: application/zip etag: "c0b6449aa407fb1b0c4b50d64e42c7bb7762b1108849b8a6e3afa951588cbbef" last-modified: Fri, 07 Mar 2025 21:51:20 GMT strict-transport-security: max-age=31556926; includeSubDomains; preload accept-ranges: bytes date: Sun, 09 Mar 2025 20:57:41 GMT x-served-by: cache-osl6537-OSL x-cache: MISS x-cache-hits: 0 x-timer: S1741553861.911875,VS0,VE351 vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 3424615 X-Firefox-Spdy: h2

installshave.web.app/Roblox.zip

199.36.158.100

200 OK

3.4 MB

URL User Request GET
installshave.web.app/Roblox.zip
IP
199.36.158.100:443
ASN
#54113 FASTLY

Certificate
IssuerGoogle Trust Services
Subjectweb.app
Fingerprint65:1E:79:EA:5A:19:84:EC:9B:83:F4:B7:D1:12:8F:DB:B1:04:8E:EF
ValidityMon, 03 Feb 2025 19:04:47 GMT - Sun, 04 May 2025 19:04:46 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.4 MB (3428307 bytes)
Hash
84a2f5513f74e3414d12b0be92c0796a
36c9bc09a6f0d4fef4e694a7a0eaf1b86584441f
f5cf806c442223e7b3675d9d2cc695502a8c9f363ca4dbf4c6910f429080e154

HTTP Headers

GET /Roblox.zip HTTP/1.1
Host: installshave.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: application/zip
etag: "c0b6449aa407fb1b0c4b50d64e42c7bb7762b1108849b8a6e3afa951588cbbef"
last-modified: Fri, 07 Mar 2025 21:51:20 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Sun, 09 Mar 2025 20:57:41 GMT
x-served-by: cache-osl6537-OSL
x-cache: MISS
x-cache-hits: 0
x-timer: S1741553861.911875,VS0,VE351
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3424615
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (1)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers