# robloxextension.com — SUSPICIOUS > Beware robloxextension.com—a Roblox-themed crypto drainer impersonating the brand. This domain was flagged by 0 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies robloxextension.com as an active cryptocurrency drainer impersonating Roblox, currently under investigation for credential theft and financial fraud. The domain is categorized under generic_phishing and remains active as of February 2025. This threat specifically targets users seeking unauthorized Roblox extensions or tools, leveraging brand impersonation to deceive victims into divulging sensitive login credentials or cryptocurrency wallet information. This domain resolves to IP address 188.114.96.3 and was registered through TuringSign Inc. d/b/a Cosmotown on February 08, 2025. Despite lacking detections on VirusTotal (0 of 95 vendors), it holds an SSL certificate issued by Google Trust Services, which may contribute to a false sense of legitimacy. The domain has not yet been listed on major blocklists, though its recent creation and suspicious activity warrant heightened scrutiny. Trust scores for associated infrastructure remain neutral due to limited historical data, increasing the risk of unnoticed malicious behavior. Users are strongly advised to avoid interacting with robloxextension.com or any linked pages. To verify the safety of a domain, cross-reference it on PhishDestroy’s database. If you suspect exposure to this threat, immediately revoke any shared credentials, scan connected devices for malware, and monitor financial accounts for unauthorized transactions. Security researchers are encouraged to submit additional intelligence to aid ongoing analysis and mitigation efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-02-08 15:31:27 - Registrar: TuringSign Inc. d/b/a Cosmotown - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9126ce49-932e-433b-823e-48d80e354ad7 - PhishDestroy: https://phishdestroy.io/domain/robloxextension.com/ - LLM endpoint: https://phishdestroy.io/domain/robloxextension.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/robloxextension.com/ Last updated: 2026-03-29