Phishing Analysis: Roblox

Visual Capture

Detection Info

https://roblox.com.ge/games/75861116014995/Obby-2-vibe-New-Poses-REAL?privateServerLinkCode=56754948957177697591926115511284

Detected Brand

Roblox

Country

International

Confidence

100%

HTTP Status

200

Report ID

196cdd2f-b15…

Analyzed

2026-01-02 00:07

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T12903C972A1206C37616FA3D6F515B70691D3E70ECB8297E2A1F863760AD9C31FD1341A
CONTENT ssdeep	384:d+XXB1fD6Wdy+pvLN8rYiMQh4xWSgFAG+ow72iyTFD8AbZeQylnEF1/1LCmcAxJi:dgXB1Ny2QeFgu17byh8A1F9NpBxJ8m8

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b03011cbc7cfc54f
VISUAL aHash	c7c783dffffffffe
VISUAL dHash	9c1f2e0e020051d4
VISUAL wHash	06c7c3c7ffff0000
VISUAL colorHash	07047000000
VISUAL cropResistant	9c1f2e0e020051d4,3d1e5fcce6e686c4

Code Analysis

Risk Score 95/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Roblox credential harvesting phishing kit
• Target: Roblox users
• Method: Fake login form stealing user credentials
• Exfil: Data sent to /search
• Indicators: Domain mismatch (roblox.com.ge), obfuscated JavaScript, JavaScript form submission detected
• Risk: HIGH - Immediate credential theft

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

https://roblox.com.ge/catalog?CatalogContext=1&Keyword=
/login?returnUrl=5807716026081448
/catalog
https://roblox.com.ge/info/blog?locale=en_us

📡 API Calls Detected

GET
https://en.help.roblox.com/hc/articles/7997207259156
POST
https://ro.blox.com/Ebh5?pid=experiencestart_mobileweb&is_retargeting=false&af_dp=
get
https://apis.