🚨 Critical Phishing Alert: Roblox Impersonation

Risk Category: Malicious Phishing & Credential Theft

URLert.com has classified roblox.com.py as a high-risk domain posing a direct threat to user security. Our analysis confirms that this domain is a fraudulent site specifically engineered to impersonate the official Roblox platform for the purpose of executing phishing attacks and account-related scams.

• Credential Harvesting: The site utilizes deceptive branding and a lookalike URL structure to trick users into entering their login credentials, leading to immediate account takeover.
• Malicious Redirects: Visitors are likely to encounter unauthorized redirects that lead to further malware distribution or secondary scam pages.
• Community Evidence: Recent security reports from the community confirm that this domain is actively being used to steal user accounts.
• Infrastructure Profile: The domain is hosted via WIBO-AS WIBO Baltic UAB, an infrastructure provider frequently associated with hosting transient malicious content and fraudulent redirects.

Recommendation: Avoid all interaction with this domain. If you have previously entered your credentials on this site, change your official Roblox password immediately and enable Two-Factor Authentication (2FA) to secure your account.

⚠️ Caution: Suspicious E-commerce Activity

Risk Category: Potential Fraudulent Retail Platform

URLert.com has flagged relan.shop for closer inspection following community reports and technical inconsistencies. While the domain presents itself as an online retail login portal, several indicators suggest a heightened risk to users and their financial data.

• Community Reports: Recent user submissions have flagged this domain for alleged involvement in scamming and suspicious financial activities.
• Site Instability: URLert.com administrators have observed that the website is currently unresponsive. Frequent downtime in relatively new domains is often a red flag for "burnable" sites used in short-term fraudulent campaigns.
• Domain Age & Reputation: Registered approximately 123 days ago, the domain lacks an established reputation or a Tranco traffic ranking. The use of the .shop TLD for a login-only interface without a visible storefront is a common tactic used in phishing or credential harvesting.
• Infrastructure: The site is behind Cloudflare, which masks the true hosting origin, making it difficult to verify the physical location or legitimacy of the operator.

Recommendation: Users are strongly advised to avoid entering any personal, login, or financial information on this site. If you have previously shared credentials or payment details here, we recommend changing your passwords immediately and monitoring your financial statements for unauthorized transactions.

🚨 Critical Threat: OAuth Credential Harvesting

Risk Category: Malicious / Credential Theft

URLert.com has classified drivehub.cfd as a high-risk domain actively engaged in deceptive OAuth credential harvesting. This site is designed to masquerade as a legitimate Google Drive file management tool to trick users into granting broad, unauthorized access to their Google account data.

Our security analysis and community reports have identified the following critical risks:

• Deceptive OAuth Requests: The site utilizes a fake interface to prompt users for Google permissions. Granting these requests may allow attackers to access, download, or delete private files stored in your Google Drive.
• Evasion Tactics: Admin observations indicate the site employs a "front" landing page—appearing as a benign blog—to hide its malicious functionality and evade detection by automated security scanners.
• Malicious Lures: Community reports suggest the domain is frequently associated with the distribution of pirated content, which serves as a lure to attract unsuspecting users to the credential-harvesting interface.
• Infrastructure: Despite being over 1,000 days old, the domain maintains a low reputation score and utilizes Cloudflare services to mask its origin server.

Recommendation: Do NOT authorize any Google OAuth requests from this domain. If you have previously granted permissions to "Drivehub," immediately revoke access via your Google Account Security settings (Security > Third-party apps with account access) and perform a security audit of your files.