{"report_id":"c1683bfb-999b-4080-858a-ca7f733db54b","version":6,"status":"done","tags":[],"date":"2025-08-31T23:35:50Z","url":{"schema":"http","addr":"www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits","fqdn":"www.roblox.com.tg","domain":"com.tg","tld":"tg"},"ip":{"addr":"179.43.188.90","port":0,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"final":{"url":{"schema":"https","addr":"www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits","fqdn":"www.roblox.com.tg","domain":"com.tg","tld":"tg"},"title":"roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits"},"submit":{"url":{"schema":"http","addr":"www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits","fqdn":"www.roblox.com.tg","domain":"com.tg","tld":"tg"},"ip":{"addr":"179.43.188.90","port":0,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-05T23:35:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"www.roblox.com.tg","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.roblox.com.tg","ip":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"domain_registered":"2023-03-02","domain_rank":2698642,"first_seen":"2024-10-07T12:17:02Z","last_seen":"2025-08-31T13:43:33.289791Z","alert_count":3,"request_count":3,"received_data":1776,"sent_data":1527,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits","fqdn":"www.roblox.com.tg","domain":"com.tg","tld":"tg"},"ip":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-31T23:35:27.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com.tg","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Aug 2025 20:26:05 GMT","end":"Mon, 24 Nov 2025 20:26:04 GMT"},"fingerprint":{"sha1":"E8:FE:83:EF:56:EE:BB:5D:4D:73:6E:A7:D7:78:2F:73:7D:A5:3B:06","sha256":"22:6B:6A:8C:12:AC:59:6E:0B:00:EB:CE:C8:D7:F8:56:84:03:39:F4:06:D0:88:B8:B3:6B:B0:7A:D0:8A:E7:79"}}},"request":{"raw":"GET /games/2753915549/RED-EVENT-Blox-Fruits HTTP/1.1\r\nHost: www.roblox.com.tg\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 31 Aug 2025 23:35:27 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":218,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"9bfd6d9aa1ae8558a2600d36ea3b109f","sha1":"1bad0bde8283ecedd6b23480df7152eca2c28669","sha256":"ce36c02014aba795dda7e5b013751663e09c15d1e5993bcce17e1ffece1fd1c1","sha512":"bbc760f8e1ae0dfe7893d2bded4a2a96059fdbac44920260b0865e85d1324e7e27ebe99d32e20b14c69174a434f8a84a3159a06a720cda8cb7d7760e028ff247","ssdeep":"","tlshash":"85d023f0660cd7505d500652b7ccb5c3619550f593a54c99e7dea333501fc789038b5d","first_seen":"2025-08-31T23:35:50.322757Z","last_seen":"2025-11-14T01:51:20.809222Z","times_seen":5,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":92,"dns":17,"connect":34,"send":0,"wait":122,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"www.roblox.com.tg","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits","fqdn":"www.roblox.com.tg","domain":"com.tg","tld":"tg"},"ip":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-31T23:35:27.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com.tg","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Aug 2025 20:26:05 GMT","end":"Mon, 24 Nov 2025 20:26:04 GMT"},"fingerprint":{"sha1":"E8:FE:83:EF:56:EE:BB:5D:4D:73:6E:A7:D7:78:2F:73:7D:A5:3B:06","sha256":"22:6B:6A:8C:12:AC:59:6E:0B:00:EB:CE:C8:D7:F8:56:84:03:39:F4:06:D0:88:B8:B3:6B:B0:7A:D0:8A:E7:79"}}},"request":{"raw":"GET /games/2753915549/RED-EVENT-Blox-Fruits HTTP/1.1\r\nHost: www.roblox.com.tg\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 31 Aug 2025 23:35:28 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":218,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"9bfd6d9aa1ae8558a2600d36ea3b109f","sha1":"1bad0bde8283ecedd6b23480df7152eca2c28669","sha256":"ce36c02014aba795dda7e5b013751663e09c15d1e5993bcce17e1ffece1fd1c1","sha512":"bbc760f8e1ae0dfe7893d2bded4a2a96059fdbac44920260b0865e85d1324e7e27ebe99d32e20b14c69174a434f8a84a3159a06a720cda8cb7d7760e028ff247","ssdeep":"","tlshash":"85d023f0660cd7505d500652b7ccb5c3619550f593a54c99e7dea333501fc789038b5d","first_seen":"2025-08-31T23:35:50.322757Z","last_seen":"2025-11-14T01:51:20.809222Z","times_seen":5,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"www.roblox.com.tg","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.roblox.com.tg/favicon.ico","fqdn":"www.roblox.com.tg","domain":"com.tg","tld":"tg"},"ip":{"addr":"179.43.188.90","port":443,"asn":51852,"as":"Private Layer INC","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits","date":"2025-08-31T23:35:28.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com.tg","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Aug 2025 20:26:05 GMT","end":"Mon, 24 Nov 2025 20:26:04 GMT"},"fingerprint":{"sha1":"E8:FE:83:EF:56:EE:BB:5D:4D:73:6E:A7:D7:78:2F:73:7D:A5:3B:06","sha256":"22:6B:6A:8C:12:AC:59:6E:0B:00:EB:CE:C8:D7:F8:56:84:03:39:F4:06:D0:88:B8:B3:6B:B0:7A:D0:8A:E7:79"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.roblox.com.tg\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.roblox.com.tg/games/2753915549/RED-EVENT-Blox-Fruits\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 31 Aug 2025 23:35:28 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 525\r\nx-accel-version: 0.01\r\nlast-modified: Thu, 12 Sep 2024 03:32:00 GMT\r\netag: \"20d-621e3bfd58c00\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"68208984e7e1dd87ab5f7c7d587c7a9b","sha1":"e1257a0d3863d707eb3dda6953068a1ab257585a","sha256":"1cb7faf06f9d66b671a030ad6a5927119bddfc43fa473b9b9dae463f8175da43","sha512":"6d88db780d7f68ac2d0f5828c001f0aec778e990ef95cbc007320b7ecc5cee76c3db4e74813eb8ed3dd85ab98b130f01ec916229b0050166cc222ae9ee2f707c","ssdeep":"","tlshash":"b3f075d3b6c0f6a1d4634113fce2c110559391780902c0a58451fee58bf87da40f0431","first_seen":"2023-06-19T00:28:49Z","last_seen":"2026-04-02T14:37:20.947334Z","times_seen":157,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"www.roblox.com.tg","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}