Report - s.id/1XCEs

Report Overview

Visited public
2023-12-06 15:29:19
Tags
Submit Tags
URL
s.id/1XCEs
Finishing URL
robiox.com.cm/users/9018750160/profile
IP / ASN
193.84.85.178
#59796 StormWall s.r.o.
Title
Axo blazing - Roblox

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
robiox.com.cm	unknown	2022-12-30	2022-12-29 08:05:17	2023-11-26 15:45:51	3.3 kB	330 kB	188.114.97.1
static.rbxcdn.com	13217	2013-07-17	2017-01-30 11:03:41	2023-12-03 15:26:49	1.0 kB	33 kB	88.221.27.131
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09 07:46:13	2023-12-05 07:34:27	815 B	364 kB	104.22.20.144
tr.rbxcdn.com	7535	2013-07-17	2019-05-23 14:45:13	2023-12-03 05:35:12	1.5 kB	118 kB	23.36.76.186
images.rbxcdn.com	15653	2013-07-17	2013-08-19 13:03:07	2023-12-05 17:53:12	455 B	4.9 kB	88.221.27.80
asnxweb.shop	unknown	2023-01-03	2023-01-03 20:00:16	2023-11-19 19:42:51	479 B	28 kB	172.67.141.72
s.id	134714	2013-08-14	2014-12-04 01:12:34	2023-12-02 05:28:29	1.1 kB	812 B	193.84.85.178
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-06 06:59:18	460 B	16 kB	104.17.25.14
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-06 06:43:40	447 B	31 kB	151.101.130.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-06 15:29:07	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:07	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:07	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:09	low	Client IP	193.84.85.178	ET INFO Observed URL Shortening Service Domain (s .id in TLS SNI)
2023-12-06 15:29:09	low	Client IP	193.84.85.178	ET INFO Observed URL Shortening Service Domain (s .id in TLS SNI)
2023-12-06 15:29:10	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:11	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:11	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:11	low	Client IP	193.84.85.178	ET INFO Observed URL Shortening Service Domain (s .id in TLS SNI)
2023-12-06 15:29:12	low	Client IP	193.84.85.178	ET INFO Observed URL Shortening Service Domain (s .id in TLS SNI)
2023-12-06 15:29:12	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)
2023-12-06 15:29:12	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (s .id)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-06	medium	robiox.com.cm	Sinkholed
2023-12-06	medium	robiox.com.cm	Sinkholed
2023-12-06	medium	robiox.com.cm	Sinkholed
2023-12-06	medium	robiox.com.cm	Sinkholed
2023-12-06	medium	robiox.com.cm	Sinkholed
2023-12-06	medium	robiox.com.cm	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.7.0.min.js	ScriptElement	88 kB	2023-05-12	2025-07-08
Pretty URL code.jquery.com/jquery-3.7.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 23:07 Last Seen2025-07-08 08:26 Times Seen8249 Hash e6c2415c0ace414e5153670314ce99a9 5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6 d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8 Loading...

	cdn.tailwindcss.com/	ScriptElement	364 kB	2023-10-25	2024-08-21
Pretty URL cdn.tailwindcss.com/ IP 104.22.20.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 18:01 Last Seen2024-08-21 03:26 Times Seen133 Hash c193259f53fb33856681902d899d0b04 539d13d4016170493357b58e7efe676b700d31ba 78f70dbdf61859c3a382c96c27880fa5737216af6d491fedf73a3356ccab05bc Loading...

	robiox.com.cm/users/9018750160/profile	ScriptElement	2 B	2023-03-07	2025-07-08
Pretty URL robiox.com.cm/users/9018750160/profile IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-07-08 08:26 Times Seen23183 Hash e1c06d85ae7b8b032bef47e42e4c08f9 71853c6197a6a7f222db0f1978c7cb232b87c5ee 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Loading...

HTTP Transactions (20)

URL IP Response Size

GET s.id/1XCEs

193.84.85.178

302 Found

0 B

URL User Request GET HTTP/2
s.id/1XCEs
IP
193.84.85.178:443
ASN
#59796 StormWall s.r.o.

Certificate
IssuerLet's Encrypt
Subjects.id
FingerprintA8:44:D8:10:23:34:06:9B:DB:77:26:E2:38:30:26:D3:2B:B0:40:30
ValidityMon, 25 Sep 2023 12:47:07 GMT - Sun, 24 Dec 2023 12:47:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1XCEs HTTP/1.1
Host: s.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 06 Dec 2023 15:29:03 GMT
content-length: 0
location: https://robiox.com.cm/users/9018750160/profile
cache-control: private, max-age=15
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

s.id/

193.84.85.178

164 B

URL
s.id/
IP
193.84.85.178:0
ASN
#59796 StormWall s.r.o.

Certificate
IssuerLet's Encrypt
Subjects.id
FingerprintA8:44:D8:10:23:34:06:9B:DB:77:26:E2:38:30:26:D3:2B:B0:40:30
ValidityMon, 25 Sep 2023 12:47:07 GMT - Sun, 24 Dec 2023 12:47:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0

HTTP Headers

GET / HTTP/1.1
Host: s.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Wed, 06 Dec 2023 15:29:04 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://s.id

s.id/

193.84.85.178

0 B

URL
s.id/
IP
193.84.85.178:0
ASN
#59796 StormWall s.r.o.

Certificate
IssuerLet's Encrypt
Subjects.id
FingerprintA8:44:D8:10:23:34:06:9B:DB:77:26:E2:38:30:26:D3:2B:B0:40:30
ValidityMon, 25 Sep 2023 12:47:07 GMT - Sun, 24 Dec 2023 12:47:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: s.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 06 Dec 2023 15:29:05 GMT
content-length: 0
location: https://home.s.id
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/flowbite/1.8.0/flowbite.min.css

104.17.25.14

200 OK

16 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/flowbite/1.8.0/flowbite.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
16 kB (15539 bytes)
Hash
197527209dccde9b2a754c8993501793
ceb53238a3cbbc084f84275929d6d8278adcd58d
3160d1aead8785eabca7e23e810460543c7c94b2659d518f7f04c1b3d066a7d3

HTTP Headers

GET /ajax/libs/flowbite/1.8.0/flowbite.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:29:06 GMT
content-type: text/css; charset=utf-8
content-length: 15539
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64c5014c-3cb3"
last-modified: Sat, 29 Jul 2023 12:08:44 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1047555
expires: Mon, 25 Nov 2024 15:29:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qrxkny8tppGVzujp0ifPF%2BEipv2O2vvaT66HYWf4SFb%2BeSkbOGkC3vVKEe6w0bXN3zNp8HRcs9zE41a5PPZ0ZAblJHpjjkrnpIMVMkCI2oz6kErsnTbNJCPX%2FOsmtvj5xuwF4VsO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 831590002861712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.7.0.min.js

151.101.130.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.7.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
30 kB (30308 bytes)
Hash
e6c2415c0ace414e5153670314ce99a9
5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

HTTP Headers

GET /jquery-3.7.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://robiox.com.cm
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-155a6"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Dec 2023 15:29:06 GMT
age: 7074346
x-served-by: cache-lga13623-LGA, cache-bma1637-BMA
x-cache: HIT, HIT
x-cache-hits: 73, 2183
x-timer: S1701876547.586576,VS0,VE0
vary: Accept-Encoding
content-length: 30308
X-Firefox-Spdy: h2

GET cdn.tailwindcss.com/

104.22.20.144

302 Found

0 B

URL GET HTTP/2
cdn.tailwindcss.com/
IP
104.22.20.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 06 Dec 2023 15:29:06 GMT
content-length: 0
cache-control: max-age=14400
location: /3.3.5
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: arn1::iad1::bg74r-1701875888398-fc8ac009b234
cf-cache-status: HIT
age: 615
vary: Accept-Encoding
server: cloudflare
cf-ray: 831590008a05712e-OSL
X-Firefox-Spdy: h2

GET tr.rbxcdn.com/30DAY-Avatar-1EBB795F544BB7C36305ACFBA1A9B982-Png/352/352/Avatar/Png/noFilter

23.36.76.186

200 OK

51 kB

URL GET HTTP/2
tr.rbxcdn.com/30DAY-Avatar-1EBB795F544BB7C36305ACFBA1A9B982-Png/352/352/Avatar/Png/noFilter
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerDigiCert Inc
Subject*.rbxcdn.com
Fingerprint57:F4:96:1E:91:3F:6A:81:F5:96:11:C2:4F:5C:1C:6A:22:31:83:A7
ValidityThu, 06 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type
PNG image data, 352 x 352, 8-bit/color RGBA, non-interlaced\012- data
Size
51 kB (51069 bytes)
Hash
eb5ce0ace7a31f5b3f66e52b04463258
fffed7fd2382b5d0bf00763da4fcf14c3c34b4eb
9bbd209a72653e480aa98978c17bfe2d3032bc7b6c162b6cf3a09ddacaa61d7f

HTTP Headers

GET /30DAY-Avatar-1EBB795F544BB7C36305ACFBA1A9B982-Png/352/352/Avatar/Png/noFilter HTTP/1.1
Host: tr.rbxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://robiox.com.cm/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 51069
content-type: image/Png
server: Kestrel
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: ea2eeec63bb6
x-roblox-region: us-central
x-roblox-edge: atl1
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
cache-control: max-age=31536000
expires: Thu, 05 Dec 2024 15:29:07 GMT
date: Wed, 06 Dec 2023 15:29:07 GMT
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET tr.rbxcdn.com/30DAY-AvatarHeadshot-1EBB795F544BB7C36305ACFBA1A9B982-Png/180/180/AvatarHeadshot/Png/noFilter

23.36.76.186

200 OK

28 kB

URL GET HTTP/2
tr.rbxcdn.com/30DAY-AvatarHeadshot-1EBB795F544BB7C36305ACFBA1A9B982-Png/180/180/AvatarHeadshot/Png/noFilter
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerDigiCert Inc
Subject*.rbxcdn.com
Fingerprint57:F4:96:1E:91:3F:6A:81:F5:96:11:C2:4F:5C:1C:6A:22:31:83:A7
ValidityThu, 06 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (27506 bytes)
Hash
caceef5007929c184ef77987a0918ef7
a260172ce1a505dbd2864f2985e7e1bace8702ce
2b13782ce2af97f78c74fa234bb500ba46883992cb8b5acf071810ce57df2803

HTTP Headers

GET /30DAY-AvatarHeadshot-1EBB795F544BB7C36305ACFBA1A9B982-Png/180/180/AvatarHeadshot/Png/noFilter HTTP/1.1
Host: tr.rbxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://robiox.com.cm/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 27506
content-type: image/Png
server: Kestrel
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: b2afa34d28b2
x-roblox-region: us-central
x-roblox-edge: mia4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
cache-control: max-age=31536000
expires: Thu, 05 Dec 2024 15:29:07 GMT
date: Wed, 06 Dec 2023 15:29:07 GMT
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET images.rbxcdn.com/7bba321f4d8328683d6e59487ce514eb

88.221.27.80

200 OK

4.4 kB

URL GET HTTP/2
images.rbxcdn.com/7bba321f4d8328683d6e59487ce514eb
IP
88.221.27.80:443
ASN
#20940 Akamai International B.V.

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerDigiCert Inc
Subject*.rbxcdn.com
Fingerprint57:F4:96:1E:91:3F:6A:81:F5:96:11:C2:4F:5C:1C:6A:22:31:83:A7
ValidityThu, 06 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.4 kB (4414 bytes)
Hash
7bba321f4d8328683d6e59487ce514eb
ae0edd3d76e39c564740b30e4fe605b4cd50ad48
68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54

HTTP Headers

GET /7bba321f4d8328683d6e59487ce514eb HTTP/1.1
Host: images.rbxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: GzCCAywjceEIiQRIQqEGEbyp30IKA5lwG7ObJLAYM8K+btiDkDUlIi6zbSLRck05jEi5HDzjsZE=
x-amz-request-id: 6NFDHHY2VX8SKYM9
last-modified: Tue, 06 Sep 2022 22:21:51 GMT
etag: "7bba321f4d8328683d6e59487ce514eb"
x-amz-version-id: aPgoUuQuV6R.ptR45HukIEFVMsyAdOSo
accept-ranges: bytes
content-type: image/x-icon
server: AmazonS3
content-length: 4414
cache-control: public, max-age=27159418
date: Wed, 06 Dec 2023 15:29:08 GMT
X-Firefox-Spdy: h2

GET robiox.com.cm/Gotham-Font/GothamMedium.ttf

188.114.97.1

200 OK

65 kB

URL GET HTTP/3
robiox.com.cm/Gotham-Font/GothamMedium.ttf
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerGoogle Trust Services LLC
Subjectrobiox.com.cm
Fingerprint88:56:D7:B3:11:D9:B3:6C:EA:55:62:AF:DE:41:1C:DB:44:58:6F:D2
ValidityFri, 20 Oct 2023 13:20:04 GMT - Thu, 18 Jan 2024 13:20:03 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 14 names, Macintosh, HTF Gotham\252 Copr. 2000 The Hoefler Type Foundry, Inc. Info: www.typography.comGothamMediumTra\012- data
Size
65 kB (64898 bytes)
Hash
77171d8f5b5283f9d47a3434704bf944
74c87f67010f63777e33c5114c76b1fc67e4ae5b
b5b3eb8e443fe9e3976dedaa2650d68d37d992c4e4e2e7676674a1f3027e2a41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Gotham-Font/GothamMedium.ttf HTTP/1.1
Host: robiox.com.cm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/users/9018750160/profile
Cookie: PHPSESSID=9de42c5c0aa2ee7c2c0dd81bc581944c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:29:07 GMT
content-type: font/ttf
last-modified: Wed, 09 Aug 2023 08:17:28 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkmqBaYIJbndxi3E7LAWqHCrb5%2BU32NJvBa6aLbDoOidS3REWRGp0qQmt7zG3YJNMbBHrucf%2FvKzRHcmTnfhWvAabHujZpk13CMBX2NpRc5vPC4GRlTlvBRYsq0DPY1z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83159006fa3e0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET robiox.com.cm/sponsorship.php?id=1

188.114.97.1

200 OK

4.9 kB

URL GET HTTP/3
robiox.com.cm/sponsorship.php?id=1
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerGoogle Trust Services LLC
Subjectrobiox.com.cm
Fingerprint88:56:D7:B3:11:D9:B3:6C:EA:55:62:AF:DE:41:1C:DB:44:58:6F:D2
ValidityFri, 20 Oct 2023 13:20:04 GMT - Thu, 18 Jan 2024 13:20:03 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
4.9 kB (4864 bytes)
Hash
0bb376bc0ade6914b36f6712c52dd1e9
0c19169294b943eafb1ff5313ebfd8b5a4330eb2
dee3c0735afe5c7b1a34fae92c84f59c96e75d693971779b8eb29c43cc8ab9dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sponsorship.php?id=1 HTTP/1.1
Host: robiox.com.cm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/users/9018750160/profile
Cookie: PHPSESSID=9de42c5c0aa2ee7c2c0dd81bc581944c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:29:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcoXICYcDXoK9vKjVNHFc1faweXQZFU5uLVE%2BGFjgphUTs3hHO21c8T1gEvqEmXquCGCoXGbkG%2FDpINo4X%2BwT1Xc4omwlj6nerlpgvKqr8dHsy6mQFSb8Mi7IzT3nsRv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83159006b9f50b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET static.rbxcdn.com/fonts/source-sans-pro-v9-latin-regular.woff2

88.221.27.131

200 OK

14 kB

URL GET HTTP/2
static.rbxcdn.com/fonts/source-sans-pro-v9-latin-regular.woff2
IP
88.221.27.131:443
ASN
#20940 Akamai International B.V.

Requested by
https://robiox.com.cm/sponsorship.php?id=1
Certificate
IssuerDigiCert Inc
Subject*.rbxcdn.com
Fingerprint57:F4:96:1E:91:3F:6A:81:F5:96:11:C2:4F:5C:1C:6A:22:31:83:A7
ValidityThu, 06 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14308, version 1.3276\012- data
Size
14 kB (14308 bytes)
Hash
58dd2a1c6d7861ea261912ba153ac8e3
235c384b9599ed2099f8fda87ba7bc8917eb1aa4
599d93e0748728edc6bd55a82a52bff61196b149d566a67d4ed86d55d9c520aa

HTTP Headers

GET /fonts/source-sans-pro-v9-latin-regular.woff2 HTTP/1.1
Host: static.rbxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://robiox.com.cm
DNT: 1
Connection: keep-alive
Referer: https://static.rbxcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
last-modified: Wed, 22 Nov 2023 11:03:42 GMT
accept-ranges: bytes
etag: "0bbc68d331dda1:0"
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubdomains
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
content-length: 14308
x-roblox-region: us-central
x-roblox-edge: cdg1
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 15:29:09 GMT
date: Wed, 06 Dec 2023 15:29:09 GMT
rbx-cdn-provider: ak
access-control-expose-headers: Rbx-Cdn-Provider
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET cdn.tailwindcss.com/3.3.5

104.22.20.144

200 OK

364 kB

URL GET HTTP/2
cdn.tailwindcss.com/3.3.5
IP
104.22.20.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
ASCII text, with very long lines (50801)
Size
364 kB (363693 bytes)
Hash
c193259f53fb33856681902d899d0b04
539d13d4016170493357b58e7efe676b700d31ba
78f70dbdf61859c3a382c96c27880fa5737216af6d491fedf73a3356ccab05bc

HTTP Headers

GET /3.3.5 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://robiox.com.cm/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:29:06 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: gzip
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: arn1::iad1::lck5r-1699930824829-703e942ad63c
last-modified: Tue, 14 Nov 2023 03:00:25 GMT
cf-cache-status: HIT
age: 1250716
vary: Accept-Encoding
server: cloudflare
cf-ray: 83159000eaba712e-OSL
X-Firefox-Spdy: h2

GET robiox.com.cm/Gotham-Font/Gotham-Bold.otf

188.114.97.1

200 OK

128 kB

URL GET HTTP/3
robiox.com.cm/Gotham-Font/Gotham-Bold.otf
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerGoogle Trust Services LLC
Subjectrobiox.com.cm
Fingerprint88:56:D7:B3:11:D9:B3:6C:EA:55:62:AF:DE:41:1C:DB:44:58:6F:D2
ValidityFri, 20 Oct 2023 13:20:04 GMT - Thu, 18 Jan 2024 13:20:03 GMT

File type
OpenType font data\012- data
Size
128 kB (127472 bytes)
Hash
722c5f898bbca8b2eb3fce0287688326
acd8beda0d3d0d108f94092cece27d1ab74ddada
88b3795f97ee469c9e30430b54d35c11cdf28c96e3e71d0122e37e6bf025c0b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Gotham-Font/Gotham-Bold.otf HTTP/1.1
Host: robiox.com.cm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/users/9018750160/profile
Cookie: PHPSESSID=9de42c5c0aa2ee7c2c0dd81bc581944c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:29:07 GMT
content-type: font/otf
last-modified: Wed, 09 Aug 2023 08:19:52 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=by6tJd%2FUcoyzlUlnZ%2BCzO02E5AZCG%2FUW2CVzLpQKOLGWKRuYbIsCO6eLAqM3VshcQ2a5eScjAx%2F27zCMDTmOaEE%2Fu%2FztXl0ynBsjJu%2FQ85%2F278QT004m4vi1BBPRoPPV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83159006ea270b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET robiox.com.cm/getthumb.php?id=27170037

188.114.97.1

302 Found

51 kB

URL GET HTTP/3
robiox.com.cm/getthumb.php?id=27170037
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerGoogle Trust Services LLC
Subjectrobiox.com.cm
Fingerprint88:56:D7:B3:11:D9:B3:6C:EA:55:62:AF:DE:41:1C:DB:44:58:6F:D2
ValidityFri, 20 Oct 2023 13:20:04 GMT - Thu, 18 Jan 2024 13:20:03 GMT

File type

Size
51 kB (51069 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /getthumb.php?id=27170037 HTTP/1.1
Host: robiox.com.cm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/users/9018750160/profile
Cookie: PHPSESSID=9de42c5c0aa2ee7c2c0dd81bc581944c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Wed, 06 Dec 2023 15:29:07 GMT
content-type: text/html; charset=UTF-8
location: https://tr.rbxcdn.com/30DAY-Avatar-1EBB795F544BB7C36305ACFBA1A9B982-Png/352/352/Avatar/Png/noFilter
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qsiE438pzmq1IwpX6CJke64o4VCHZmVKoWYYwLUXDfNC16JKt8g7ikdznUW8ZJsOe%2FkSfz6vhK7k5rwDPbphJ1WtR7bVnehfq13QEGeO3eRhwYlGBdB2f6fGHAipMgsv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 831590000b1a0b02-OSL
alt-svc: h3=":443"; ma=86400

GET robiox.com.cm/Gotham-Font/GothamBook.ttf

188.114.97.1

200 OK

57 kB

URL GET HTTP/3
robiox.com.cm/Gotham-Font/GothamBook.ttf
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerGoogle Trust Services LLC
Subjectrobiox.com.cm
Fingerprint88:56:D7:B3:11:D9:B3:6C:EA:55:62:AF:DE:41:1C:DB:44:58:6F:D2
ValidityFri, 20 Oct 2023 13:20:04 GMT - Thu, 18 Jan 2024 13:20:03 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 14 names, Macintosh, HTF Gotham\252 Copr. 2000 The Hoefler Type Foundry, Inc. Info: www.typography.comGothamBookTrans\012- data
Size
57 kB (56676 bytes)
Hash
b54724f54d4dd3f6796e3c4cc422f998
ed5bc8195822fc962503b042d0f5a1f406782f24
742359d475131a75ff057224151c7b384ef0b89556212709a5e34a9409983876

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Gotham-Font/GothamBook.ttf HTTP/1.1
Host: robiox.com.cm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/users/9018750160/profile
Cookie: PHPSESSID=9de42c5c0aa2ee7c2c0dd81bc581944c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 06 Dec 2023 15:29:07 GMT
content-type: font/ttf
last-modified: Wed, 09 Aug 2023 08:19:44 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPdvmABTJRNOmSoAcC%2F1t4WZoWGkXRB8FPB1%2BzO42GoG6Z34AciqBPm8Hd3Q9ZLrffFDh9yCrfM7YBqM7v0VrvLMmrIdk6Xw809tAUgJKlu2bbg9S7M4876T8YwRgKMU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83159006fa2f0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET static.rbxcdn.com/css/page___91499eb369d75ba185c90bb0415c3266_m.css/fetch

88.221.27.131

200 OK

16 kB

URL GET HTTP/2
static.rbxcdn.com/css/page___91499eb369d75ba185c90bb0415c3266_m.css/fetch
IP
88.221.27.131:443
ASN
#20940 Akamai International B.V.

Requested by
https://robiox.com.cm/sponsorship.php?id=1
Certificate
IssuerDigiCert Inc
Subject*.rbxcdn.com
Fingerprint57:F4:96:1E:91:3F:6A:81:F5:96:11:C2:4F:5C:1C:6A:22:31:83:A7
ValidityThu, 06 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (12859), with CRLF line terminators
Size
16 kB (16409 bytes)
Hash
7aa8676fc389e1fbc55a8443998674c5
7ff1cb8c9331cdfa61cb92c2427a17b63770a8ee
65a711d5d266ccfc8a465750d5a9a3ffd927ec24eb0fc5c12b906d89ac0c0972

HTTP Headers

GET /css/page___91499eb369d75ba185c90bb0415c3266_m.css/fetch HTTP/1.1
Host: static.rbxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-encoding: gzip
last-modified: Sun, 01 Jan 2006 06:00:00 GMT
content-security-policy: report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; script-src 'self' 'unsafe-inline' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com ajax.aspnetcdn.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com imasdk.googleapis.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net cdn.veriff.me lightstep.com
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
content-length: 4185
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
cache-control: public, must-revalidate, max-age=31535954
expires: Thu, 05 Dec 2024 15:28:23 GMT
date: Wed, 06 Dec 2023 15:29:09 GMT
vary: Accept-Encoding
rbx-cdn-provider: ak
access-control-expose-headers: Rbx-Cdn-Provider
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET asnxweb.shop/getheadshot.php?id=27170037&width=180&height=180&format=png

172.67.141.72

302 Found

28 kB

URL GET HTTP/2
asnxweb.shop/getheadshot.php?id=27170037&width=180&height=180&format=png
IP
172.67.141.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://robiox.com.cm/users/9018750160/profile
Certificate
IssuerGoogle Trust Services LLC
Subjectasnxweb.shop
Fingerprint41:A6:17:70:98:13:56:CC:8D:F6:73:05:2C:58:6B:16:B2:85:CA:ED
ValidityWed, 25 Oct 2023 18:03:07 GMT - Tue, 23 Jan 2024 18:03:06 GMT

File type

Size
28 kB (27506 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /getheadshot.php?id=27170037&width=180&height=180&format=png HTTP/1.1
Host: asnxweb.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 06 Dec 2023 15:29:07 GMT
content-type: text/html; charset=UTF-8
location: https://tr.rbxcdn.com/30DAY-AvatarHeadshot-1EBB795F544BB7C36305ACFBA1A9B982-Png/180/180/AvatarHeadshot/Png/noFilter
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BySdpq2kJ0XJCFRvnrLERU9K%2BxWhSCfSKHJuhiS0fB%2Fq8HmrJLSCCf5VXLuy6qGryvFc9acCcMmwUcyw0JIjv8Dq%2BEeKigR%2BIZ7MLRSxbehBLyHavXM7pqlNgkiKtyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 831590008ede0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET tr.rbxcdn.com/c6385df17c1c88666475a34feb90a776/728/90/Image/Jpeg

23.36.76.186

200 OK

37 kB

URL GET HTTP/2
tr.rbxcdn.com/c6385df17c1c88666475a34feb90a776/728/90/Image/Jpeg
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://robiox.com.cm/sponsorship.php?id=1
Certificate
IssuerDigiCert Inc
Subject*.rbxcdn.com
Fingerprint57:F4:96:1E:91:3F:6A:81:F5:96:11:C2:4F:5C:1C:6A:22:31:83:A7
ValidityThu, 06 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 727x90, components 3\012- data
Size
37 kB (37259 bytes)
Hash
d47417da10e5e048ac94f754a544eec9
357c1fa6ef3eaa194e65480784230d90259e0c16
af92f7a686df5fa042bd9c4fd231215835080432d8729296f3f7cfe5ad95d051

HTTP Headers

GET /c6385df17c1c88666475a34feb90a776/728/90/Image/Jpeg HTTP/1.1
Host: tr.rbxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://robiox.com.cm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 37259
content-type: image/Jpeg
server: Kestrel
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: 342030b653a5
x-roblox-region: us-central
x-roblox-edge: iad4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
cache-control: max-age=31536000
expires: Thu, 05 Dec 2024 15:29:09 GMT
date: Wed, 06 Dec 2023 15:29:09 GMT
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET robiox.com.cm/users/9018750160/profile

188.114.97.1

200 OK

21 kB

URL User Request GET HTTP/2
robiox.com.cm/users/9018750160/profile
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectrobiox.com.cm
Fingerprint88:56:D7:B3:11:D9:B3:6C:EA:55:62:AF:DE:41:1C:DB:44:58:6F:D2
ValidityFri, 20 Oct 2023 13:20:04 GMT - Thu, 18 Jan 2024 13:20:03 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1726)
Size
21 kB (21068 bytes)
Hash
372fe58f7beafb4aab19da966a926c8e
839e2dad33207965e7c19c3c3cf7db742d3c903e
1710cc902ff4002a01ceec0730293458d89ca5d3b9964f78c6e48d037b7a5eb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /users/9018750160/profile HTTP/1.1
Host: robiox.com.cm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:29:06 GMT
content-type: text/html; charset=UTF-8
x-robots-tag: noindex
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
set-cookie: PHPSESSID=9de42c5c0aa2ee7c2c0dd81bc581944c; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FfCrG1hVqVuLFNhCFZPZtan2DIjDQCLl3xgYICcTLnr0W6%2FzQVK9Ia3vGuPSHz61ivJZ3zZHuQcm7bOw%2BTpTqSnvhTePmuUJSZYpkpJv4q1BjZw%2FjDl2lFPqMGpFYkWm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83158fef8ca2b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN