# royalpmt.com — SUSPICIOUS

> royalpmt.com impersonates a payment confirmation page to harvest banking credentials. This domain, registered April 28 2022 via Namecheap, currently shows 0/95.

## Summary
PhishDestroy identifies royalpmt.com as an active generic phishing domain posing as a payment confirmation portal. The threat centers on credential harvesting through deceptive checkout screens designed to trick users into entering banking details.


The domain was registered through Namecheap Inc on April 28 2022 and resolves to IP 68.65.122.169. VirusTotal currently shows 0 detections out of 95 engines, indicating it remains under the radar. The SSL certificate was issued by Sectigo Limited, adding a veneer of legitimacy while masking malicious intent.


Immediate mitigation includes blocking the domain and IP at the firewall and DNS layers. Users who encounter this site should cease interaction, clear browser cache, and report the domain through corporate threat channels. Security teams should monitor for any derived domains or IPs sharing the same registrar or certificate issuer profile.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2022-04-28 16:46:06
- Registrar: NAMECHEAP INC
- IP: 68.65.122.169

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7fe32673-d756-49a6-8657-b5679e9830f7
- PhishDestroy: https://phishdestroy.io/domain/royalpmt.com/
- LLM endpoint: https://phishdestroy.io/domain/royalpmt.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/royalpmt.com/
Last updated: 2026-04-11