{"report_id":"4595e7ef-4df4-40ee-86cb-8edf99dda32a","version":6,"status":"done","tags":["malicious","clickfix"],"date":"2025-10-25T00:37:04Z","url":{"schema":"http","addr":"roblox-account-returned.vercel.app/","fqdn":"roblox-account-returned.vercel.app","domain":"roblox-account-returned.vercel.app","tld":"vercel.app"},"ip":{"addr":"216.198.79.3","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"roblox-account-returned.vercel.app/","fqdn":"roblox-account-returned.vercel.app","domain":"roblox-account-returned.vercel.app","tld":"vercel.app"},"title":"Roblox Account Returned"},"submit":{"url":{"schema":"http","addr":"roblox-account-returned.vercel.app/","fqdn":"roblox-account-returned.vercel.app","domain":"roblox-account-returned.vercel.app","tld":"vercel.app"},"ip":{"addr":"216.198.79.3","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-29T00:37:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null},{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"summary":[{"fqdn":"roblox-account-returned.vercel.app","ip":{"addr":"64.29.17.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-01-28","domain_rank":0,"first_seen":"2025-10-25T00:37:04.333561Z","last_seen":"2025-10-25T00:37:04.333561Z","alert_count":1,"request_count":2,"received_data":43831,"sent_data":978,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"roblox-account-returned.vercel.app/","fqdn":"roblox-account-returned.vercel.app","domain":"roblox-account-returned.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba916e2dbe0d09047bf75364fd027606","sha1":"b84b11dff596dcc9b1cbcf555241f092d4856568","sha256":"f192985620fb21878138aa0d2824722a6cfb9f420f410d7729447b32bc1a4bb8","sha512":"de6e0892ca5ca6bcc7bb3f94f169aeb37142458c231f965b9bed00a64235dbc95890f2a4be20eb40f5033936cf6f3f8dbd6fc5c6154459d4fccc18ca133cec91","ssdeep":"384:0zB+2YzL/P32hCWFDmULRZRXxNiqgD/0RRJy/5FLodlbIjhZTxgmgdCX:0zBDYWh/ZRBNiPcJGSLg","tlshash":"fec2e9fd316700604682b13be6076305307a906b3d13ea1d7bac5a196fdab1cd1bb7d9","size":26108,"data":"","first_seen":"2025-10-25T00:37:06.101666Z","last_seen":"2025-10-25T00:37:06.101666Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"roblox-account-returned.vercel.app/","fqdn":"roblox-account-returned.vercel.app","domain":"roblox-account-returned.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-25T00:36:41.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 Aug 2025 16:25:33 GMT","end":"Sat, 22 Nov 2025 16:25:32 GMT"},"fingerprint":{"sha1":"65:BC:A7:BA:F4:02:35:5A:8E:26:1A:28:11:13:6E:A9:04:93:AF:53","sha256":"4A:D3:2C:0E:A9:6E:49:2B:0F:83:76:28:51:24:AD:FC:65:D0:91:9D:87:49:B8:B5:AE:97:5D:33:87:86:7D:7C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: roblox-account-returned.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 75457\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 25 Oct 2025 00:36:41 GMT\r\netag: \"add71c0169ac86b6354271447a10d9c9\"\r\nlast-modified: Fri, 24 Oct 2025 03:39:04 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::6qbwb-1761352601888-287d19feac41\r\ncontent-length: 13078\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42834,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"bd08edc875a15fc5945353c3e37590fb","sha1":"a08e75c439532c2f22fab74dfa49fa203fb59218","sha256":"a1d708974fe1d202d570180456c2443fe23107c1e065cd7c795cb65085303542","sha512":"31f8b38e1ec6d0ead86e79533dcb44cb1842ddae58f6e79169b68626cfa66f6bcea6c6d33338ea166e56f047f776d3212f76a2e8a7e4edd9f1582f681581e2b8","ssdeep":"384:9W44iYxzAIL+FbVqBb0xUoWbanSZgFuEs7sHkULAG0qU0qPC4qYlMYx8mK2YyZvk:9W436zAO+FbVqBkW2nIEIG0p0SnMchA9","tlshash":"7413fa6a710404654173a37aef52470df9ba802bbb03031e76fc66495ff2958c67bed8","first_seen":"2025-10-25T00:37:06.098214Z","last_seen":"2025-10-25T00:37:06.098214Z","times_seen":1,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":37,"dns":9,"connect":1,"send":0,"wait":10,"receive":55,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]}},{"url":{"schema":"https","addr":"roblox-account-returned.vercel.app/favicon.ico","fqdn":"roblox-account-returned.vercel.app","domain":"roblox-account-returned.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://roblox-account-returned.vercel.app/","date":"2025-10-25T00:36:42.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 Aug 2025 16:25:33 GMT","end":"Sat, 22 Nov 2025 16:25:32 GMT"},"fingerprint":{"sha1":"65:BC:A7:BA:F4:02:35:5A:8E:26:1A:28:11:13:6E:A9:04:93:AF:53","sha256":"4A:D3:2C:0E:A9:6E:49:2B:0F:83:76:28:51:24:AD:FC:65:D0:91:9D:87:49:B8:B5:AE:97:5D:33:87:86:7D:7C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: roblox-account-returned.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://roblox-account-returned.vercel.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Sat, 25 Oct 2025 00:36:42 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-vercel-error: NOT_FOUND\r\nx-vercel-id: arn1::srcdp-1761352602314-6d7cca007ff1\r\ncontent-length: 79\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"be2fa0c7a5baea59c47734867011ff01","sha1":"a72661af2dc41f07b117284bda9e420f4c6ce17b","sha256":"af514ef5cb658e36c235175fc7ca2b362eb4a2a8034af3be36b7d066427b1be2","sha512":"c53c4b1479d782b3c4c5cc119ba317f63af4043e6abb0a203c6aa9a1cd5b4f5515bc3bd29b509d35c52925f7ff9721a5fe5bf883917197e00e8323f63078b663","ssdeep":"","tlshash":"2ba0220f32a80c8cb3cc0030320a033e2800003bfe20ea0020ec3a302328acff302088","first_seen":"2025-10-25T00:37:06.100018Z","last_seen":"2025-10-25T00:37:06.100018Z","times_seen":1,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}