Phishing Analysis: Roblox

Captura Visual

Informações de Detecção

https://robiox.com.af/games/85966125008822/Untitled-Game?privateServerLinkCode=20571888870702570683313096754436

Detected Brand

Roblox

Country

International

Confidence

100%

HTTP Status

200

Report ID

52a14b58-776…

Analyzed

2026-03-19 05:12

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1C403C872A1206C3761AFA3D6F515B70691D3E70ECB8257E2A1F863760AD9C31FD1341A
CONTENT ssdeep	768:slXB1LyzQBaguqNbygvBRB8A7F9NpBxJ8m8:slXB1LykBa1qN3Xh9NTxJ8m8

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b032338bcdcccd4d
VISUAL aHash	c7c7c3dffffffffe
VISUAL dHash	8c8f0e361a0051d4
VISUAL wHash	46c7c3c7dfff0000
VISUAL colorHash	07007000040
VISUAL cropResistant	8c8f0e361a0051d4,3803226365340a04

Análise de Código

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Falsificação/Phishing
• Alvo: Usuários do Roblox
• Método: Falsificação de domínio e replicação da interface do usuário
• Exfil: Desconhecido, detecção de envio de formulário
• Indicadores: Incompatibilidade de domínio, javascript ofuscado, tentativas de se parecer com o site Roblox
• Risco: ALTO

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

/login?returnUrl=3287289277861444
https://robiox.com.af/info/blog?locale=en_us
/catalog
https://robiox.com.af/catalog?CatalogContext=1&Keyword=

📡 API Calls Detected

https://en.help.roblox.com/hc/articles/7997207259156
get
POST
GET
https://ro.blox.com/Ebh5?pid=experiencestart_mobileweb&is_retargeting=false&af_dp=
https://apis.

📤 Form Action Targets

/search

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain is a clear typo of the official Roblox domain, indicating an attempt to deceive.

Obfuscated JavaScript

The presence of obfuscated JavaScript code indicates that the site is actively trying to hide its malicious intent.

Recent Domain

The domain age is less than 90 days.

Impersonation

The site's visual design closely mimics the legitimate Roblox website, increasing the likelihood of users being deceived.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

Roblox users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

HTTP POST to backend

Avaliação de Risco

CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
180 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Roblox

Official Website

https://www.roblox.com/

Fake Service

Roblox Website

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker likely aims to steal Roblox account credentials through a fake login page, harvesting the information. The presence of form actions extracted points to this.

Secondary Method: Malware Distribution

The site potentially redirects the users to another page with a malicious file for download after stealing their credentials. The obfuscated Javascript might be involved in this redirection.