# roblox.amadscolecy.xyz — SUSPICIOUS > roblox.amadscolecy.xyz poses as Roblox login page to steal accounts. This Roblox-themed domain resolves to 64.29.17.65 and uses Let's Encrypt SSL. ## Summary PhishDestroy identifies roblox.amadscolecy.xyz as an active Roblox account theft scam leveraging a domain crafted to impersonate the official Roblox login portal. This domain employs generic phishing tactics designed to harvest user credentials under the guise of a legitimate Roblox authentication page, posing an immediate threat to players’ accounts and personal data. The attackers registered the domain through NAMECHEAP INC, with creation date set suspiciously for April 01, 2026, indicating likely mock data to evade early detection systems. The domain resolves to IP 64.29.17.65 and utilizes a legitimate Let's Encrypt SSL certificate to enhance credibility and bypass browser security warnings. As of current intelligence, this site remains unflagged with 0/95 detections on VirusTotal. Technical indicators confirm minimal reputation risk but high operational threat. The domain achieved 0 detections across 95 security engines on VirusTotal, is registered under NAMECHEAP INC, and points to IP 64.29.17.65. The domain was created on April 01, 2026, utilizing a Let's Encrypt certificate—likely a factor in its low detection rate. This configuration mimics legitimate infrastructure to deceive users into inputting credentials under false pretenses. No known blocklist entries were found as of this report, and Google Safe Browsing status remains unflagged at this time. This domain is classified as 'under_investigation' but remains active, requiring immediate user caution. Roblox users encountering this domain should refrain from entering any login credentials and report the domain to Roblox support and relevant threat intelligence platforms. Security teams are advised to block the IP 64.29.17.65 and the full domain roblox.amadscolecy.xyz at the network perimeter. While the current threat level is under review, the use of Roblox branding and low detection indicates potential rapid expansion across phishing kits. Users are urged to verify login URLs strictly through official Roblox domains or authenticated channels to prevent account compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-01 20:41:42 - Registrar: NAMECHEAP INC - IP: 64.29.17.65 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/roblox.amadscolecy.xyz - PhishDestroy: https://phishdestroy.io/domain/roblox.amadscolecy.xyz/ - LLM endpoint: https://phishdestroy.io/domain/roblox.amadscolecy.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/roblox.amadscolecy.xyz/ Last updated: 2026-04-03