# rbxrewards.roblox-635.workers.dev — SUSPICIOUS > rbxrewards.roblox-635.workers.dev hosts a fake Roblox login page to steal credentials. VirusTotal confirms 0/95 detections. ## Summary PhishDestroy identifies rbxrewards.roblox-635.workers.dev as an active fake Roblox login phishing domain designed to harvest user credentials and session tokens. The domain mimics official Roblox reward pages to trick victims into entering their login details, which are then exfiltrated to attacker-controlled servers. The page leverages Cloudflare Workers to host the phishing content under a workers.dev subdomain, a tactic commonly used to evade traditional domain-based blocklists. This domain was flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category, confirming its malicious intent. VirusTotal currently shows 0/95 security engines detecting the threat, highlighting how new or evasive phishing pages can fly under the radar initially. The domain was registered through Cloudflare, Inc. and resolves to IP address 188.114.97.3. Let's Encrypt provides the SSL certificate, which does not indicate legitimacy as phishing domains frequently obtain valid certificates to appear trustworthy. Users who visited this domain should immediately change their Roblox password and enable two-factor authentication. Check all connected devices for unauthorized logins and revoke any unfamiliar sessions. Scan your system with updated antivirus software and review financial accounts for suspicious transactions. Report the domain to PhishDestroy to help protect others from this credential harvesting campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/rbxrewards.roblox-635.workers.dev - PhishDestroy: https://phishdestroy.io/domain/rbxrewards.roblox-635.workers.dev/ - LLM endpoint: https://phishdestroy.io/domain/rbxrewards.roblox-635.workers.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rbxrewards.roblox-635.workers.dev/ Last updated: 2026-04-05