Phishing Analysis

🔬 Threat Analysis Report

• Threat: Brand impersonation phishing
• Target: Roblox users
• Method: Fake website to trick users into thinking it's Roblox
• Exfil: Unknown - but likely credential harvesting if the website had forms
• Indicators: Domain mismatch (rroblox.com.es vs roblox.com), obfuscated JavaScript, domain age unknown but likely recent
• Risk: HIGH - Potential for credential theft or malware installation

🔒 Obfuscation Detected

• atob
• eval
• fromCharCode
• unescape
• hex_escape
• unicode_escape
• base64_strings

📡 API Calls Detected

• /privacy.html
• /chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.NoiZiPQKB433yeByBxIn9-w_HeeSa-OQco_20Wr4iwDdlvaJjenEzg.bKIE1ia9nNZR33oLk78_kg.vIbI7eWnKl_Q1JV_jjDsZDbK3IPt4INctumN3ZKS07OsJ682boplhw5QARTiEwtozeXK9sq5iBYo35JZXHHi7aJDvqM7QEJc-So29-_WUSyY-fLWB3A16MeuJbllB2bN2SNG-yXDaA8juMXDobc4EoROjVjrBb2okoq3mVilHaXMapOLvTJWzWT_2R9lLcvIiFxuAulr6lu1YrrLTYg5pO1UbZUtvugFEutVoeWealKbMslXP_3JvgArkeyk4baYdpcGRGKlcv-ihIsy1o9HcQdLhxH5wmQor0spESrZBv4wlqzPq66ECLYkvKWWE3wa.BioxWxk2rPW7etTgqO_UOA&t=69576c33&token=1f7cdef47d66f7dff1fb54e4dd95af687f6fb15c
• POST
• GET