{"report_id":"cb297da0-f7ab-4f8d-8624-db3c555a0ba7","version":0,"status":"done","tags":[],"date":"2026-07-12T21:09:09Z","url":{"schema":"https","addr":"rover-bots.xyz/","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"ip":{"addr":"91.240.20.15","port":0,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"final":{"url":{"schema":"https","addr":"rover-bots.xyz/","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"title":"RoVer","dom":{"size":155687,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (21776)","md5":"e4da5a6c7d193ea6f439bb5fdf55d62d","sha1":"a0182c29b0f358c3fea13829ba3610416e3ae0db","sha256":"d40ebf7096aa5a43800a25195d2c153deaa2ef3187fdd3b1a531ef997b917e87","sha512":"357e28e017c17761dbfb7de97ae26a5247e0b113246b6531a4bc1973658df4ff03bef156c37c4fbe0fd2ef6460f23f365f2fede15788528ea66e1b79c31dd4f2","ssdeep":"1536:zHRLx1sUBgjkZ3S32S2Sm6XTIj30XOsRQCAZnk2T9hq2zF2CU:V91s0GzXDs3YObCKNTq2kCU","tlshash":"f2e35d254963a19d1c73a81e23e65e172230e003ad05fb4ebaff45648f0fac564d7f6a","dom_hash":"domhashc0cc54f2f4c3d0d916c57af7c58a043a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"rover-bots.xyz/","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"ip":{"addr":"91.240.20.15","port":0,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T21:09:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"rover-bots.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"gateway.rover-space.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"gateway.rover-space.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"rover-bots.xyz","ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"domain_registered":"2026-07-07","domain_rank":0,"first_seen":"2026-07-12T16:39:50.625451Z","last_seen":"2026-07-12T16:39:50.625451Z","alert_count":3,"request_count":3,"received_data":157088,"sent_data":1518,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"cdn.discordapp.com","ip":{"addr":"162.159.129.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-02-26","domain_rank":16705,"first_seen":"2015-08-24T13:06:21Z","last_seen":"2026-07-11T12:59:58.834618Z","alert_count":0,"request_count":1,"received_data":10781,"sent_data":556,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.roblox.com","ip":{"addr":"128.116.21.3","port":443,"asn":22697,"as":"ROBLOX-PRODUCTION","country":"The Netherlands","country_code":"NL"},"domain_registered":"2004-01-30","domain_rank":1776,"first_seen":"2012-05-24T19:56:53Z","last_seen":"2026-07-11T09:30:10.861486Z","alert_count":0,"request_count":1,"received_data":3582,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Arkose Labs","description":"Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.","website":"https://www.arkoselabs.com","common_platform_enumeration":"","icon":"ArkoseLabs.svg","categories":["Security"]}]},{"fqdn":"gateway.rover-space.com","ip":{"addr":"172.67.219.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-21","domain_rank":0,"first_seen":"2026-06-06T23:00:33.00933Z","last_seen":"2026-07-12T16:39:20.491471Z","alert_count":2,"request_count":1,"received_data":697,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rover-bots.xyz/","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"introduction_type":"scriptElement","is_inline":true,"md5":"f420a908a4412be953909af82b11a333","sha1":"18690401f12766f9ce3ebf106f34ade816b628cb","sha256":"bea2feb5d213480878d1f6e5248262cd7a7d71a0cff6f811cc69520688b4bffd","sha512":"c7a244dad8ede948c9ae67e82cebc10347fee5c702ff97f76da0d194b6f1a7987e8fa23267109b7fea99ffabaff7102d2576f4d3ffb2a4cc0e0af46d5ea822d8","ssdeep":"192:p2FKiio+kal+6eaEnpOd89TE4XXX7Q2QMO:BZkG+6eaEHVO","tlshash":"b4e10d2b2aab153806e7b46af2cb2545373680833149da547d7dcb082f54ed0b672bdf","size":7429,"data":"","first_seen":"2026-07-12T16:39:23.304397Z","last_seen":"2026-07-12T22:04:48.848173Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"URL Params:map[actor:server1.conn0.watcher16.process8//obj22 class:Object extensible:true frozen:false isError:false ownPropertyLength:3 preview:map[kind:Object ownProperties:map[avatar:map[configurable:true enumerable:true value:map[type:null] writable:true] id:map[configurable:true enumerable:true value:map[type:null] writable:true] username:map[configurable:true enumerable:true value:map[type:null] writable:true]] ownPropertiesLength:3] sealed:false type:object]","filename":"https://rover-bots.xyz/","line_number":2131,"column_number":9},{"level":"log","text":"No Discord info in URL, checking sessionStorage...","filename":"https://rover-bots.xyz/","line_number":2149,"column_number":13},{"level":"log","text":"SessionStorage avatar:map[type:null]","filename":"https://rover-bots.xyz/","line_number":2150,"column_number":13},{"level":"log","text":"SessionStorage username:map[type:null]","filename":"https://rover-bots.xyz/","line_number":2151,"column_number":13}]},"http":[{"url":{"schema":"https","addr":"rover-bots.xyz/","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T21:08:42.202Z","timestamp":1783890522202,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rover-bots.xyz","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Jul 2026 17:31:49 GMT","end":"Mon, 05 Oct 2026 17:31:48 GMT"},"fingerprint":{"sha1":"0C:D1:67:5B:67:11:58:11:28:02:56:B5:C5:89:9F:0E:69:E4:1A:63","sha256":"5F:FB:38:23:DB:34:2D:94:8C:8B:D3:D0:FD:B4:6E:0F:18:E1:6A:D0:0C:F2:FD:D7:48:EF:69:8C:9F:4D:82:B7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rover-bots.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Jul 2026 21:08:42 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Encoding: gzip\r\nContent-Length: 56897\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\nEtag: \"26070-655a50ee36a76-gzip\"\r\nX-Cache: HIT\r\nLast-Modified: Thu, 02 Jul 2026 18:34:28 GMT\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nX-Cache-Url: https://rover-bots.xyz/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}],"data":{"size":155760,"size_decoded":57283,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (21776)","md5":"6399afc75a16a2b0c1a8a1566e12d216","sha1":"11d3aa1b5825f4342ac3f7b7fb4f0bebd35c2fe9","sha256":"7426acd451c245ec504512b6a28c39c083eee8e3f2f3df4071b20d92695228c0","sha512":"2ccac64fb660bcaa6754df3494b6a162232cc963866a8d63f080ef50edcadd67a742c8c4b80e16aefc862e209d8c05b000e2022a72fcc0986e5e7fff734c1c6d","ssdeep":"1536:wHRLx1sUBgjkZ3S32S2Sm6XTIj30XOsRQCAZnk2T9hq2zF8CU:+91s0GzXDs3YObCKNTq2qCU","tlshash":"bae35d254963a19d1c73a81e23e65e172230e003ad05fb4ebaff45648f0fac564d7f6a","first_seen":"2026-07-12T16:39:23.3006Z","last_seen":"2026-07-12T22:04:48.847577Z","times_seen":8,"resource_available":true,"data":null}},"time_used":360,"timings":{"blocked":-1,"dns":136,"connect":42,"send":0,"wait":42,"receive":84,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"rover-bots.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.discordapp.com/avatars/298796807323123712/7338ed45666cd90ec1a6662491a9eb8a","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.129.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rover-bots.xyz/","date":"2026-07-12T21:08:42.864Z","timestamp":1783890522864,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 30 Jun 2026 19:20:57 GMT","end":"Mon, 28 Sep 2026 20:20:43 GMT"},"fingerprint":{"sha1":"0E:2A:22:B7:6A:D3:D5:15:59:33:47:36:69:35:D7:4C:C5:8D:85:85","sha256":"74:A6:CF:F6:20:1A:C6:09:D2:05:BC:90:AE:1E:68:2C:E2:4C:77:66:4D:5F:62:FC:F9:34:5F:67:0A:D7:A2:79"}}},"request":{"raw":"GET /avatars/298796807323123712/7338ed45666cd90ec1a6662491a9eb8a HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 21:08:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 9690\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000\r\nlast-modified: Sat, 11 Jul 2026 23:36:18 GMT\r\nset-cookie: __cf_bm=elbXOGidQ9dNrK260EFkFxQyn8yI3DzwjE2bnWi3NcU-1783890522.8767962-1.0.1.1-fZbCzcmu53W0Y9lNzYBjahgETf0c6hgooRMNilP9xyDeW.6SDUA37piXb8UV5hyreWvm0KblgsCwUxcrDiDECzDp83FPI1iJM.qHpNhNrlDAjfSKXMdqt.cKJqsloeCr; HttpOnly; SameSite=None; Secure; Path=/; Domain=discordapp.com; Expires=Sun, 12 Jul 2026 21:38:42 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HObzO84eV8htBFsH6a3gqKNrgjAH0zdR6StrWtwZsRH78EllLkFfW%2Ft8VXr%2BT45qsR5InoLtwOEZvAQTsNmomgPYv9lwqrt%2BopZZS8v3jCL4XsqTb0Ck1On%2BZwZAxFZGPikLrg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\npriority: u=5,i\r\nserver: cloudflare\r\ncf-ray: a1a30657fcb3b500-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9690,"size_decoded":10781,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"8c9620b17aa05ffe8eb1da96f9d5a31e","sha1":"3b89033766ad1d0bc94582541ce5bfb5018d86fd","sha256":"a3e1a227d1147bd6da31c004db87a78f97f0f041a67642b92b6e50b76cbb8460","sha512":"196102e30149e4d10bf4136bafbd12a560daad7a933618a561d37c78c438b588437ea8df8407819a4a925e52569996d495f3f32a98d94113896a391c83741b5b","ssdeep":"192:KWZkXE3uoJG9QJhalARGGN39IjhJCTVHWAnLr57t6xy/:KWZk9oJl/fQ8RHDn57Z/","tlshash":"3e12bf3e5c5e3fce621407eeadf43adb150587288fc97864b4408226f252c53a312f87","first_seen":"2026-06-06T23:00:37.182642Z","last_seen":"2026-07-12T22:04:48.845898Z","times_seen":12,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":3,"connect":9,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.roblox.com/request-error?code=404","fqdn":"www.roblox.com","domain":"roblox.com","tld":"com"},"ip":{"addr":"128.116.21.3","port":443,"asn":22697,"as":"ROBLOX-PRODUCTION","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rover-bots.xyz/","date":"2026-07-12T21:08:43.198Z","timestamp":1783890523198,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 23 Feb 2026 00:00:00 GMT","end":"Tue, 23 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:64:20:AA:CD:6E:23:3D:9B:F7:54:3D:0C:9A:AC:54:88:35:3F","sha256":"3A:0D:D2:A2:9A:2D:15:47:45:35:CE:97:37:88:4E:19:20:5E:55:F0:86:4D:32:B8:A5:1D:2A:A1:3C:62:DD:57"}}},"request":{"raw":"GET /request-error?code=404 HTTP/1.1\r\nHost: www.roblox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 12 Jul 2026 21:08:42 GMT\r\nserver: public-gateway\r\ncache-control: no-store, must-revalidate, no-cache\r\ncontent-encoding: br\r\nset-cookie: rbx-ip2=1; domain=roblox.com; expires=Sun, 12-Jul-2026 22:08:43 GMT; path=/\nRBXEventTrackerV2=CreateDate=07/12/2026 16:08:43\u0026rbxid=\u0026rbxuid=\u0026browserid=1783890523347004; domain=roblox.com; expires=Thu, 27-Nov-2053 21:08:43 GMT; path=/\nGuestData=UserID=-933935194; domain=.roblox.com; expires=Thu, 27-Nov-2053 21:08:43 GMT; path=/\r\nvary: Accept-Encoding\r\ncontent-security-policy: report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests;  script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' apis.roblox.com roblox.com apis.robloxapp.vnggames.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com cdn.safecharge.com wasm.rbxcdn.com *.px-cloud.net *.px-cdn.net;  img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.openstreetmap.org *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com *.safecharge.com;  connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.robloxapp.vnggames.com *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com wss://realtime-signalr.robloxapp.vnggames.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com *.safecharge.com *.px-cloud.net *.px-cdn.net *.pxchk.net *.px-client.net;\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000\r\nroblox-machine-id: 9adca3f0-a20d-dfc0-01f3-b885f0cad7b1\r\nx-envoy-upstream-service-time: 26\r\nx-terms-message: Terms apply https://rblx.co/TOU.\r\nx-ratelimit-limit: 100, 100;w=60\r\nx-ratelimit-remaining: 99\r\nx-ratelimit-reset: 17\r\nx-roblox-region: us-central_rbx\r\nx-roblox-edge: c074\r\nreport-to: {\"group\":\"network-errors\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://ncs.roblox.com/upload\"}]}\r\nnel: {\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.001,\"failure_fraction\":1}\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Arkose Labs","description":"Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.","website":"https://www.arkoselabs.com","common_platform_enumeration":"","icon":"ArkoseLabs.svg","categories":["Security"]}],"data":{"size":0,"size_decoded":16628,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-13T05:17:44.380376Z","times_seen":17205031,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":3,"connect":21,"send":0,"wait":184,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rover-bots.xyz/RoVer_files/saved_resource.html","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://rover-bots.xyz/","date":"2026-07-12T21:08:42.858Z","timestamp":1783890522858,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rover-bots.xyz","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Jul 2026 17:31:49 GMT","end":"Mon, 05 Oct 2026 17:31:48 GMT"},"fingerprint":{"sha1":"0C:D1:67:5B:67:11:58:11:28:02:56:B5:C5:89:9F:0E:69:E4:1A:63","sha256":"5F:FB:38:23:DB:34:2D:94:8C:8B:D3:D0:FD:B4:6E:0F:18:E1:6A:D0:0C:F2:FD:D7:48:EF:69:8C:9F:4D:82:B7"}}},"request":{"raw":"GET /RoVer_files/saved_resource.html HTTP/1.1\r\nHost: rover-bots.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Jul 2026 21:08:42 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 276\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":276,"size_decoded":471,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"f753ec3a67d9800ac0d54d80c0362ddd","sha1":"34adc15e7f52c8a2517e388ae584171491eae5d4","sha256":"514b2a8ae293aa3c77418b809a0b0e75d67fcb1907bbaa111eebf69fac23f9fd","sha512":"b6e1ee06642441f592282fcdbff4113cb2ebbb9e85f279832e5289e35159db9ce57616ff2083a080800ff406c958d24b1dcab97eef23a2f2d02d42546ad95c6c","ssdeep":"","tlshash":"ddd02bef5093638b1d12156039c615c2274d52eaa87a45e83d86d487529893ecd9ba88","first_seen":"2026-07-12T16:39:53.654306Z","last_seen":"2026-07-12T21:09:09.781938Z","times_seen":2,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"rover-bots.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rover-bots.xyz/RoVer_files/saved_resource(1).html","fqdn":"rover-bots.xyz","domain":"rover-bots.xyz","tld":"xyz"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://rover-bots.xyz/","date":"2026-07-12T21:08:42.860Z","timestamp":1783890522860,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rover-bots.xyz","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Jul 2026 17:31:49 GMT","end":"Mon, 05 Oct 2026 17:31:48 GMT"},"fingerprint":{"sha1":"0C:D1:67:5B:67:11:58:11:28:02:56:B5:C5:89:9F:0E:69:E4:1A:63","sha256":"5F:FB:38:23:DB:34:2D:94:8C:8B:D3:D0:FD:B4:6E:0F:18:E1:6A:D0:0C:F2:FD:D7:48:EF:69:8C:9F:4D:82:B7"}}},"request":{"raw":"GET /RoVer_files/saved_resource(1).html HTTP/1.1\r\nHost: rover-bots.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Jul 2026 21:08:42 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 276\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":276,"size_decoded":471,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"f753ec3a67d9800ac0d54d80c0362ddd","sha1":"34adc15e7f52c8a2517e388ae584171491eae5d4","sha256":"514b2a8ae293aa3c77418b809a0b0e75d67fcb1907bbaa111eebf69fac23f9fd","sha512":"b6e1ee06642441f592282fcdbff4113cb2ebbb9e85f279832e5289e35159db9ce57616ff2083a080800ff406c958d24b1dcab97eef23a2f2d02d42546ad95c6c","ssdeep":"","tlshash":"ddd02bef5093638b1d12156039c615c2274d52eaa87a45e83d86d487529893ecd9ba88","first_seen":"2026-07-12T16:39:53.654306Z","last_seen":"2026-07-12T21:09:09.781938Z","times_seen":2,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":42,"send":0,"wait":73,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"rover-bots.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gateway.rover-space.com/favicon.ico","fqdn":"gateway.rover-space.com","domain":"rover-space.com","tld":"com"},"ip":{"addr":"172.67.219.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rover-bots.xyz/","date":"2026-07-12T21:08:42.970Z","timestamp":1783890522970,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rover-space.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 06:01:06 GMT","end":"Thu, 20 Aug 2026 06:01:05 GMT"},"fingerprint":{"sha1":"CC:4E:15:F1:89:24:06:D3:F1:72:CE:45:F2:67:D7:AE:C6:2C:EA:9F","sha256":"AD:03:9F:88:2D:60:A1:67:CF:8C:C6:4E:5B:E7:40:00:57:F2:8C:71:9E:00:07:BB:01:B4:2D:39:56:BE:B1:B5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gateway.rover-space.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 \r\nserver: cloudflare\r\ndate: Sun, 12 Jul 2026 21:08:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\neggy-wall: 15.6\r\nabuse: abuse@eggywall.org\r\nnel: {\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.1,\"failure_fraction\":1}\r\nlocation: https://www.roblox.com/request-error?code=404\r\nstrict-transport-security: max-age=604800; includeSubdomains\r\ncross-origin-opener-policy: same-origin-allow-popups\r\naccess-control-allow-credentials: true\r\nx-cache-url: https://gateway.rover-space.com/favicon.ico\r\nx-frame-options: ALLOWALL\r\nx-cache: HIT\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1a30658ed63569b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-13T05:17:44.380376Z","times_seen":17205031,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":31,"connect":18,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"gateway.rover-space.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"gateway.rover-space.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
