# royal-queen-453b.cxcde.workers.dev — SUSPICIOUS

> PhishDestroy identifies royal-queen-453b.cxcde.workers.dev as a fraudulent Microsoft login page hosted on 188.114.96.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies royal-queen-453b.cxcde.workers.dev as a Microsoft-themed phishing domain actively distributing fake login portals. The page mimics Microsoft’s authentication interface to steal Office 365 or Azure credentials. Visitors risk account takeover, unauthorized data access, and potential lateral movement within corporate networks if reused passwords are compromised. This domain resolves to IP 188.114.96.3 and leverages a Let’s Encrypt SSL certificate to appear legitimate.  This domain was flagged by PhishDestroy through automated scanning and behavioral analysis. Intelligence shows it has zero detections on VirusTotal as of the latest scan, indicating it evades common antivirus signatures. It is registered through Cloudflare and operates under a workers.dev subdomain, a common tactic used by threat actors to rapidly deploy and rotate malicious infrastructure. The lack of detections suggests the campaign is either very new or highly targeted.  If you visited this site, do not enter any login credentials or personal information. Check your Microsoft account for suspicious activity and enable multi-factor authentication immediately. Report the domain to Microsoft via their phishing portal and update any shared passwords. Scan your device for malware using reputable security software and monitor accounts for unusual login attempts. Avoid clicking links from unsolicited emails or messages claiming to be from Microsoft.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e9676e9c-c2a1-4804-8cbe-cdaa361cb24e
- PhishDestroy: https://phishdestroy.io/domain/royal-queen-453b.cxcde.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/royal-queen-453b.cxcde.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/royal-queen-453b.cxcde.workers.dev/
Last updated: 2026-03-30