# runtime-scan.com — SUSPICIOUS

> runtime-scan.com flagged for credential harvesting phishing (1/95 VirusTotal detections). Check the full report for technical indicators and safety.

## Summary
PhishDestroy identifies runtime-scan.com as an active credential harvesting phishing domain. The domain mimics a legitimate security scanning service to deceive users into entering sensitive credentials. No specific drainer kit or branded impersonation was detected in initial analysis.


This domain resolves to IP 158.94.208.144 and was registered through OwnRegistrar, Inc. on March 21, 2026. VirusTotal reports a detection score of 1/95 security vendors, while Google Safe Browsing (GSB) has not flagged it. The domain uses a Let's Encrypt SSL certificate, adding a false sense of legitimacy.


Runtime-scan.com remains active with an elevated risk level. Users are advised to avoid interacting with this domain and report it to their security teams. While the current threat is contained, the domain's recent creation and low detection rate suggest potential for future misuse. Remaining risk is moderate due to the domain's plausible naming and SSL certificate.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 22:19:45
- Registrar: OwnRegistrar, Inc.
- IP: 158.94.208.144

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5a521757-1c68-4efa-ba06-5b90532e62e8
- PhishDestroy: https://phishdestroy.io/domain/runtime-scan.com/
- LLM endpoint: https://phishdestroy.io/domain/runtime-scan.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/runtime-scan.com/
Last updated: 2026-03-26