Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://www.roblox.com.ml/games/126884695634066/Grow-a-Garden?privateServerLinkCode=803082840166890579133236661534
Detected Brand
Roblox
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
0618052a-7deβ¦
Analyzed
2026-06-07 10:15
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F523B672A2211837A17F93D9F415F71591E3E70FCA825BE1B1F8A3660AD9C21FD0351A |
|
CONTENT
ssdeep
|
768:5jZ3+oXWobr45WXIAGGOZxeLoP+ybyOmu2rvrvEr3GDdCvBREvjZm8qeFndiEK:5d7XWobr4UXIAGGOZxeLoP+yGjM7HXEO |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b13133cecccc6c65 |
|
VISUAL
aHash
|
c7c7c3cfffdfffff |
|
VISUAL
dHash
|
9e1e0e1e36383a3a |
|
VISUAL
wHash
|
02c383c3c3cfc3cf |
|
VISUAL
colorHash
|
07000001241 |
|
VISUAL
cropResistant
|
9e1e0e1e36383a3a,9d1b3f9b9b98111c |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
β οΈ Phishing Confirmed
π£ Credential Harvester
π£ OTP Stealer
π£ Card Stealer
π£ Banking
π£ Personal Info
π Credential Harvesting Forms
π Obfuscation Detected
- atob
- eval
- fromCharCode
- unescape
- document.write
- hex_escape
- unicode_escape
- base64_strings
π― Kit Endpoints
- https://www.roblox.com/catalog?CatalogContext=1&Keyword=
- https://www.roblox.com/catalog
- /info/blog?locale=en_us
π‘ API Calls Detected
- https://apis.
- https://ro.blox.com/Ebh5?
- GET
- get
- https://ro.blox.com/Ebh5?pid=experiencestart_mobileweb&is_retargeting=false&af_dp=
- https://help.roblox.com/hc/articles/30428367965460
- POST
π€ Form Action Targets
- /search
π Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
Credential Harvesting
Credential harvesting detected with 1 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 222 technique(s) to evade detection
π¬ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Roblox users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend
β οΈ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 222 obfuscation techniques
π’ Brand Impersonation Analysis
Impersonated Brand
Roblox
Official Website
https://www.roblox.com
Fake Service
Banking/payment service
βοΈ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 222 techniques to evade detection by security scanners and make reverse engineering more difficult.
π Infrastructure Indicators of Compromise
Domain Information
Domain
www.roblox.com.ml
Registered
Unknown
Registrar
Unknown
Status
Age unknown
Hosting Information
Provider
Unknown
ASN
π€ AI-Extracted Threat Intelligence
Scan History for www.roblox.com.ml
Found 10 other scans for this domain
-
https://www.roblox.com.ml/users/157721381134/profi...
https://www.roblox.com.ml/games/76499455986864/Unt...
https://www.roblox.com.ml/users/261698163581/profi...
https://www.roblox.com.ml/games/127394985960784/sw...
https://www.roblox.com.ml/games/134593989811059/X1...
https://www.roblox.com.ml/users/443938777883/profi...
https://www.roblox.com.ml/users/366791769105/profi...
https://www.roblox.com.ml/users/305537976748/profi...
http://www.roblox.com.ml/users/347832283771/profil...
https://www.roblox.com.ml/users/271864473634/profi...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.