# roycbank.com — MALICIOUS

> PhishDestroy identifies roycbank.com as a high-risk banking scam impersonating a financial brand. This domain was created in March 2026 and already has 11/95.

## Summary
PhishDestroy identifies roycbank.com as a high-risk banking phishing domain designed to mimic legitimate financial institutions and steal user credentials or payment details. This domain poses as 'roycbank,' likely leveraging brand confusion to deceive victims into entering sensitive data on fraudulent login or payment forms. No evidence suggests the use of advanced drainer kits (e.g., clipboard hijackers or web injects), but the site’s structure strongly indicates a fraudulent front with backend data exfiltration mechanisms typical of credential harvesting campaigns.  roycbank.com resolves to IP address 194.36.191.196 and was registered on March 12, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating high-risk domains. VirusTotal analysis reveals detection coverage at 11 out of 95 security vendors, indicating moderate but not universal recognition of its malicious nature. Google Safe Browsing has classified the domain under the SOCIAL_ENGINEERING category, and it holds a valid SSL certificate issued by Let’s Encrypt, which may help it evade browser-based security warnings. The domain’s recent creation and low-to-moderate blocklist presence suggest it is part of a rapidly evolving campaign targeting users unfamiliar with its illegitimacy.  As of current analysis, roycbank.com remains active and unblocked by most consumer-grade defenses. Immediate containment is recommended through network-level DNS blocking and browser-based Safe Browsing integration. Users who have accessed the site should avoid entering any financial or personal information and scan devices for malware. While the domain’s infrastructure is still developing, its recent registration and partial detection rate indicate a significant and growing threat. Users are advised to treat any interaction with this domain with extreme caution and report it to relevant authorities or security vendors for takedown. The risk level is classified as high due to the domain’s active status, brand impersonation intent, and partial evasion of detection systems.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-12 10:18:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 194.36.191.196

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9a0d48d2-95c9-4870-b7a8-4849656e993d
- PhishDestroy: https://phishdestroy.io/domain/roycbank.com/
- LLM endpoint: https://phishdestroy.io/domain/roycbank.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/roycbank.com/
Last updated: 2026-03-23