# robxitoploit.lol — SUSPICIOUS > PhishDestroy identifies robxitoploit.lol as a Roblox-themed phishing page hosting a fake 'BLUYS Script Execution' drainer. 0/95 VirusTotal detections. ## Summary The domain robxitoploit.lol is under active investigation as a generic phishing host masquerading as an Advanced Roblox Script Executor named 'BLUYS Script Execution'. This fraudulent page specifically impersonates Roblox tooling, luring users into downloading or executing a crypto drainer disguised as a legitimate script executor. The page title and branding closely mimic legitimate Roblox executor offerings to maximize deception and drive installations of malicious payloads. Forensic analysis reveals the following technical indicators: the domain was registered on April 03, 2026 through PDR Ltd. d/b/a PublicDomainRegistry.com, resolves to IP address 188.114.96.3, and currently holds a Let's Encrypt SSL certificate. Despite its recent creation and low detection profile, VirusTotal shows 0 detections out of 95 engines as of the last scan, indicating it is not yet widely flagged. The domain remains unblocked by Google Safe Browsing (GSB) and has not been added to major threat intelligence blocklists. As of this report, the status of robxitoploit.lol is active and under investigation. Users are advised not to access or interact with this domain. PhishDestroy is tracking this threat and will coordinate takedown and blocklisting efforts with hosting providers and registrars. The risk level remains under investigation but is currently assessed as elevated due to the active hosting of a potential drainer payload. Immediate caution is recommended for any users who may have visited this domain or downloaded content from it. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: BLUYS Script Execution - Advanced Roblox Script Executor ## Domain Intelligence - Registered: 2026-04-03 09:44:42 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/robxitoploit.lol - PhishDestroy: https://phishdestroy.io/domain/robxitoploit.lol/ - LLM endpoint: https://phishdestroy.io/domain/robxitoploit.lol/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/robxitoploit.lol/ Last updated: 2026-04-04