# getrewards.roblox-635.workers.dev — SUSPICIOUS > getrewards.roblox-635.workers.dev is a crypto drainer site flagged by 0 of 95 VirusTotal vendors. This domain impersonates Roblox to steal credentials. ## Summary PhishDestroy identifies the domain getrewards.roblox-635.workers.dev as an active credential theft portal impersonating the Roblox gaming platform. The site is currently under investigation for generic phishing activity, specifically targeting user credentials under the guise of offering rewards. Given the domain's structure and worker.dev subdomain, it leverages Cloudflare's infrastructure to obscure its origins while hosting a fraudulent interface mimicking legitimate Roblox reward systems. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely recognized as malicious by antivirus engines. The domain is registered through Cloudflare, Inc., resolving to the IP address 188.114.96.3 via a Let's Encrypt SSL certificate. The exact creation date of the domain is not publicly disclosed, but its worker.dev subdomain suggests recent deployment, likely within the past few months. The domain has not been listed on any major blocklists at this time, and its trust scores remain unverified due to the lack of detections. The current status of this domain is active and under investigation, with no immediate takedown actions reported. Given the absence of detections and the sophisticated use of Cloudflare's services, the risk of encountering this credential theft portal remains high for unsuspecting users. To mitigate exposure, PhishDestroy recommends blocking the domain at the network level, avoiding any interaction with suspicious Roblox reward links, and reporting such domains to Roblox's abuse team and VirusTotal for further analysis. Users should also enable multi-factor authentication on their Roblox accounts and remain vigilant for unsolicited reward offers. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/getrewards.roblox-635.workers.dev - PhishDestroy: https://phishdestroy.io/domain/getrewards.roblox-635.workers.dev/ - LLM endpoint: https://phishdestroy.io/domain/getrewards.roblox-635.workers.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/getrewards.roblox-635.workers.dev/ Last updated: 2026-04-07