Phishing Analysis

🔬 Threat Analysis Report

• Ameaça: Phishing de Imitação
• Alvo: Usuários do Roblox
• Método: Falsificação de domínio com potencial roubo de credenciais
• Exfil: Desconhecido, devido a ações de formulário e ofuscação.
• Indicadores: Domínio incompatível, Ofuscação, Envio de formulário JavaScript
• Risco: Alto

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

• atob
• eval
• fromCharCode
• unescape
• hex_escape
• unicode_escape
• base64_strings

🎯 Kit Endpoints

• https://trades.
• https://js.rbxcdn.com/c55290a7a9b53c3a9097db6781f8b4e6.js
• https://en.help.roblox.com/hc/
• https://search.
• https://voice.
• /catalog
• https://feross.org
• /login?returnUrl=
• https://api.
• https://itemconfiguration.
• https://inventory.
• https://tarobi-dev-test.com
• https://js.rbxcdn.com/5c8a2ba3737908f693394045e81ebd71c77cde6f87550ea51f7833e8c98200ae.js
• https://engagementpayouts.
• https://feross.org/opensource
• https://roblox.com
• https://followings.
• https://chat.
• /login?returlUrl=38590234
• https://sourcemaps.rbxcdn.com/internationalCore-db1cf6cdaa102b16.js.map
• https://тест
• https://presence.
• https://catalog.
• https://accountsettings.
• https://js.rbxcdn.com/a3fe79f1bfdd96b7f0ad20eab2de7a05.js
• https://a
• https://app.lightstep.com
• https://sourcemaps.rbxcdn.com/translationResources-69e5843ef57e17f4.js.map
• https://a/c%20d?a=1&c=3
• https://js.rbxcdn.com/df687479f6a19a6541dc4c819b900ac9b19bef72681f89040066b80bf8f82c15.js
• https://js.rbxcdn.com/964fdc5ae2518a2c9c9d73f67eee026b844e68c2d3791ac6c8e28c0f979a3854.js
• https://mui.com/production-error/?code=
• https://tarobi-dev-sandbox.com
• https://www.roblox.com/catalog?CatalogContext=1&Keyword=
• https://www.roblox.com/info/blog?locale=en_us

📡 API Calls Detected

• GET
• https://ro.blox.com/Ebh5?
• https://help.roblox.com/hc/articles/30428367965460
• POST
• https://apis.
• get

📤 Form Action Targets

• /search

🦠 Malicious Files