# roprxy.xyz — SUSPICIOUS

> roprxy.xyz is linked to credential theft with 0 of 95 VirusTotal detections. Registered via GMO Internet, Inc. Monitor and avoid this domain.

## Summary
The domain roprxy.xyz is currently under investigation for involvement in a credential theft campaign. This domain is categorized under generic phishing with a specific focus on harvesting user credentials. There is no verified brand impersonation associated with this domain at this time, but its activity remains active and poses a potential risk to users.

According to the latest intelligence, roprxy.xyz resolves to the IP address 172.67.128.100 and uses an SSL certificate issued by Google Trust Services, which could lend a false sense of security to victims. The domain was registered on May 13, 2025, through GMO Internet, Inc. Despite its malicious intent, VirusTotal analysis shows 0 out of 95 vendors currently flag the domain, indicating it might be a newly emerging threat or operating below detection thresholds. There are no reported blocklist entries or trust scores available at this time.

Given the active status of roprxy.xyz and its role in credential theft, users and network defenders should exercise caution. It is recommended to block access to this domain at the network level and monitor for any suspicious login attempts that may stem from credential compromise. Security teams should update detection rules and educate users about the risks of unsolicited links or login requests from unfamiliar domains. Continuous monitoring and timely threat intelligence sharing will be critical to mitigate potential harm from this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-05-13 00:30:37
- Registrar: GMO Internet, Inc.
- IP: 172.67.128.100

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7e10ea59-b6ae-4584-868f-d4865353556e
- PhishDestroy: https://phishdestroy.io/domain/roprxy.xyz/
- LLM endpoint: https://phishdestroy.io/domain/roprxy.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/roprxy.xyz/
Last updated: 2026-03-28