# travalume.org — SUSPICIOUS > travalume.org operates a crypto drainer phishing scam. PhishDestroy flags this domain — 0/95 VT detections as of Oct 9, 2025. Verify now on PhishDestroy. ## Summary PhishDestroy identifies travalume.org as an active crypto drainer phishing site impersonating travel and financial services. Registered on October 09, 2025, this domain (travalume.org) distributes a drainer kit designed to steal cryptocurrency from unsuspecting users by mimicking legitimate travel booking or financial login portals. The campaign appears to target users seeking travel deals or investment opportunities, leveraging urgency and perceived legitimacy to trick victims into connecting wallets or entering credentials. This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal currently shows 0/95 detection engines flagging the site, indicating low community awareness. The domain is registered through Dynadot Inc and resolves to IP 34.101.211.111. The SSL certificate is issued by Let's Encrypt, adding a false sense of security. The domain is newly created as of October 9, 2025, suggesting a recent launch to evade blocklists. At this time, Google Safe Browsing (GSB) has not yet blacklisted the domain, and third-party threat intelligence systems report zero blocklist inclusions. As of this assessment, travalume.org remains active and poses a high risk to cryptocurrency users. Immediate mitigation is advised: block the domain and IP at the network perimeter. Users should avoid visiting the site and verify any financial or login links using PhishDestroy before interaction. Despite low VirusTotal detection, the presence of a drainer kit and recent domain registration strongly indicate malicious intent. PhishDestroy continues to monitor and will update this assessment as new data emerges. Remaining risk is classified as active and high due to the drainer infrastructure and lack of widespread detection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-09 07:02:36 - Registrar: Dynadot Inc - IP: 34.101.211.111 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1482429b-24a8-4281-8536-b80c38c38351 - PhishDestroy: https://phishdestroy.io/domain/travalume.org/ - LLM endpoint: https://phishdestroy.io/domain/travalume.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/travalume.org/ Last updated: 2026-03-24