# PhishDestroy threat dossier — roblox-canjear.online
================================================================

Fetched:   2026-05-07 05:04:00 UTC
Canonical: https://phishdestroy.io/domain/roblox-canjear.online/

## VERDICT
----------------------------------------------------------------
CRITICAL THREAT — DO NOT VISIT
Composite threat score: 100/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      8/95 security vendors flagged this domain
  Flagging vendors: ADMINUSLabs, alphaMountain.ai, CRDF, CyRadar, Google Safebrowsing, Gridinsoft, Seclookup, Webroot
URLQuery:        2 detections
Public blocklists: listed on 1 independent blocklist
Google Safe Browsing: FLAGGED

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      200.58.111.123
Registrar:       Dattatec Corp
Nameservers:     ns1.donweb.com, ns2.donweb.com, ns3.hostmar.com, ns4.hostmar.com
Registered:      2025-08-30
Page title:      Roblox
HTTP response:   200

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2025-08-30 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-05-07 05:43:49 UTC (by PhishDestroy tracker)
First reported:    2026-05-07 02:45:26 UTC (abuse notice filed)
Last verified:     2026-05-07 07:50:04 UTC
Current status:    ACTIVE / observable

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019e004f-b0c5-73dc-b73d-b057eff4f70d/
URLQuery:         https://urlquery.net/report/9a28b0f2-b93f-4e8c-8e6f-1957beb60bf7
Wayback Machine:  https://web.archive.org/web/*/roblox-canjear.online
crt.sh CT logs:   https://crt.sh/?q=%25.roblox-canjear.online
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=roblox-canjear.online
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/roblox-canjear.online
URLhaus:          https://urlhaus.abuse.ch/host/roblox-canjear.online/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-05-07 05:45:09 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies roblox-canjear.online as an active crypto drainer that masquerades as a legitimate Roblox service, specifically targeting users seeking in-game currency or account upgrades. This domain was flagged by Google Safe Browsing under SOCIAL_ENGINEERING and is engineered to trick visitors into connecting crypto wallets or entering payment details under false pretenses. The site leverages social engineering tactics to exploit trust in the Roblox brand, making it a high-risk threat to unsuspecting users.  This domain exhibits multiple red flags confirmed by independent security tools. VirusTotal’s analysis shows 8 out of 95 security vendors have flagged roblox-canjear.online as malicious. The domain was registered through Dattatec Corp on August 30, 2025, indicating it is a recently created threat. It is currently blocked by InversionDNS and appears on 1 known security blocklist, underscoring its malicious nature. Despite using a Let’s Encrypt SSL certificate and resolving to IP 200.58.111.123, these factors do not validate its legitimacy and are commonly exploited by threat actors to appear trustworthy.  If you visited roblox-canjear.online, cease all interaction immediately. Disconnect from the site and avoid entering any credentials or wallet connections. Scan your device with updated antivirus software to detect any potential malware. If you entered payment or crypto wallet information, revoke access to connected wallets, change passwords for associated accounts, and report the incident to your financial institution or crypto platform. Always verify the authenticity of websites by checking official domains and using security tools before engaging.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260507-93C135
Favicon MD5:       318b23730293f6359053e2442a85239f

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/roblox-canjear.online/
JSON API:          https://api.destroy.tools/v1/check?domain=roblox-canjear.online
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 145,402 domains (58,115 alive under monitoring, 87,026 confirmed takedowns/dead). Site: https://phishdestroy.io