Phishing Analysis

🔬 Threat Analysis Report

• Amenaza: Suplantación
• Objetivo: Usuarios de Roblox
• Método: Suplantación de dominio e imitación de página de perfil
• Exfil: Potencial robo de credenciales a través de un formulario oculto o promoción de contenido malicioso
• Indicadores: Coincidencia de dominio, JavaScript ofuscado, suplantación de página de Roblox.
• Riesgo: ALTO

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

• atob
• eval
• fromCharCode
• unescape
• hex_escape
• unicode_escape
• base64_strings

🎯 Kit Endpoints

• https://trades.
• https://js.rbxcdn.com/c55290a7a9b53c3a9097db6781f8b4e6.js
• https://en.help.roblox.com/hc/
• https://search.
• https://voice.
• /catalog
• https://feross.org
• /login?returnUrl=
• https://api.
• https://itemconfiguration.
• https://inventory.
• https://tarobi-dev-test.com
• https://js.rbxcdn.com/5c8a2ba3737908f693394045e81ebd71c77cde6f87550ea51f7833e8c98200ae.js
• https://engagementpayouts.
• https://feross.org/opensource
• https://roblox.com
• /login?returlUrl=1958949928
• https://followings.
• https://chat.
• https://sourcemaps.rbxcdn.com/internationalCore-db1cf6cdaa102b16.js.map
• https://тест
• https://presence.
• https://catalog.
• https://accountsettings.
• https://js.rbxcdn.com/a3fe79f1bfdd96b7f0ad20eab2de7a05.js
• https://a
• https://app.lightstep.com
• https://sourcemaps.rbxcdn.com/translationResources-69e5843ef57e17f4.js.map
• https://a/c%20d?a=1&c=3
• https://js.rbxcdn.com/df687479f6a19a6541dc4c819b900ac9b19bef72681f89040066b80bf8f82c15.js
• https://js.rbxcdn.com/964fdc5ae2518a2c9c9d73f67eee026b844e68c2d3791ac6c8e28c0f979a3854.js
• https://mui.com/production-error/?code=
• https://tarobi-dev-sandbox.com
• https://www.roblox.com/catalog?CatalogContext=1&Keyword=
• https://www.roblox.com/info/blog?locale=en_us

📡 API Calls Detected

• get
• GET
• https://help.roblox.com/hc/articles/30428367965460
• POST
• https://apis.
• https://ro.blox.com/Ebh5?

📤 Form Action Targets

• /search

🦠 Malicious Files