# rboxlab.com — MALICIOUS

> rboxlab.com is flagged for high-risk phishing and social engineering threats. Avoid this site and check its safety status before proceeding.

## Summary
PhishDestroy identifies rboxlab.com as a high-risk domain involved in phishing activities. The domain exhibits classic social engineering tactics aimed at deceiving users, which poses a significant threat to personal and financial information. It has been flagged for generic phishing, indicating attempts to impersonate legitimate services to harvest credentials or sensitive data.

The domain was registered through Cosmotown, Inc. on February 21, 2026, and resolves to the IP address 173.208.193.58. It appears on one security blocklist and has been referenced in two AlienVault OTX threat intelligence pulses. Google Safe Browsing classifies it under social engineering threats, while VirusTotal reports 18 of 95 security vendors flagging this domain. Gridinsoft rates it with a 0/100 trust score, underscoring the severe risk it poses.

Currently, rboxlab.com is offline, displaying an 'Account Suspended' page, which typically indicates takedown or suspension action by the hosting provider. Users and organizations are advised to remain vigilant against this domain and avoid any interaction. Regular monitoring and updating of blocklists are recommended to prevent exposure to similar phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Account Suspended

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cosmotown, Inc.
- Country: US
- IP: 173.208.193.58
- IP Country: US
- IP City: Kansas City
- IP Org: AS32097 WholeSale Internet, Inc.
- Nameservers: ["ns1.overclockpchosting.net", "ns2.overclockpchosting.net"]
- SSL Issuer: Let's Encrypt / R13

## Detection Status
- VirusTotal: 18 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "Bfore.Ai PreCrime", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c720f-0d47-70c8-a99c-de8ad54f7b8e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/bb525b5b-f8e5-4f99-92b5-2513e2c3033c
- PhishDestroy: https://phishdestroy.io/domain/rboxlab.com/
- LLM endpoint: https://phishdestroy.io/domain/rboxlab.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rboxlab.com/
Last updated: 2026-03-19