# coinroy.com — SUSPICIOUS

> coinroy.com is flagged for generic phishing activity. The domain is offline, but caution is advised before interacting with related links or content.

## Summary
PhishDestroy identifies coinroy.com as a domain engaged in generic phishing activity, categorized with a medium risk level. The domain’s page title "Just a moment..." and registration details suggest attempts to mimic legitimate services to deceive users. Its classification is based on observed behavior typical of phishing campaigns.

Technical analysis shows coinroy.com was registered through NiceNIC International Group Co., Limited and resolves to IP address 104.21.21.42. It has a very low trust score of 1 out of 100 from Gridinsoft, and it appears on three security blocklists. VirusTotal flagged it with 4 out of 95 security vendors indicating malicious intent, bolstering confidence in its phishing classification.

Currently, coinroy.com is offline and no longer serving content. This response reduces immediate user exposure to threats from this domain. Users and administrators should remain cautious of any related URLs or communications referencing this domain. Continued monitoring of associated infrastructure is recommended to prevent future phishing attempts leveraging this or related domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-03-04 13:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.21.42
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: nico.ns.cloudflare.com ziggy.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["CRDF", "Fortinet", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/m56ZSmvB/c74cee1c9e26.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3c464177-8b15-4ad0-befa-d951aa0a12ff
- PhishDestroy: https://phishdestroy.io/domain/coinroy.com/
- LLM endpoint: https://phishdestroy.io/domain/coinroy.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinroy.com/
Last updated: 2026-03-19