# rivalmods.org — SUSPICIOUS

> rivalmods.org distributes fake GTA mod downloads to steal user accounts. Resolves to 188.114.96.3, registered March 30, 2026, undetected on VirusTotal (0/95).

## Summary
PhishDestroy identifies rivalmods.org as a live phishing site masquerading as a GTA modding community to harvest user credentials and payment details. Attackers use this domain to distribute malicious installers that capture login details and payment card data when users attempt to download 'free' game mods. This campaign is currently active and should be treated as hostile.

This domain was flagged through automated detection pipelines after resolving to IP 188.114.96.3, using a Let's Encrypt SSL certificate to appear legitimate. The domain was registered on March 30, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, and remains undetected by 95 VirusTotal engines as of investigation time (0/95 detections). The fresh registration date and clean detection profile suggest this is a newly deployed threat intended to evade legacy defenses.

If you visited rivalmods.org or downloaded anything from the site, immediately run a full antivirus scan on your device and revoke any saved payment methods used on the site. Do not enter credentials or payment details into any forms on the domain. Report the incident to your bank if you entered payment information. Block the domain at your network level and warn others who may have used modding sites recently.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 10:29:45
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/rivalmods.org
- PhishDestroy: https://phishdestroy.io/domain/rivalmods.org/
- LLM endpoint: https://phishdestroy.io/domain/rivalmods.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rivalmods.org/
Last updated: 2026-04-04