# trip71.top — SUSPICIOUS

> trip71.top is a crypto drainer mimicking Trip.com (VT 0/95). Register ed 2026-03-23; still active. Block immediately.

## Summary
PhishDestroy identifies trip71.top as an active crypto-drainer domain crafted to impersonate Trip.com, leveraging homographic and lookalike techniques to trick users into connecting fraudulent cryptocurrency wallets. The landing page closely mirrors Trip.com’s branding, including color scheme and layout, while injecting malicious JavaScript payloads designed to drain connected wallets upon user interaction. No specific drainer kit fingerprint is yet confirmed, but the domain’s rapid registration and SSL issuance suggest opportunistic deployment of off-the-shelf phishing toolkits.

Technical indicators for trip71.top are as follows: VirusTotal detection rate is 0/95 engines, indicating zero coverage as of the latest scan. The domain is registered via NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP 188.114.97.3, and was created on March 23, 2026. The SSL certificate was issued by Let’s Encrypt, and no Google Safe Browsing (GSB) block has been applied at this time. No third-party blocklist entries were found during initial checks.

Current status of trip71.top is active and propagating, with no detections or blocks in place. Immediate response includes adding the domain and its resolving IP to enterprise blocklists and DNS sinkholes. Users should be warned not to access trip71.top or any Trip.com lookalike domains not served directly from trip.com or its official CDN. The risk remains under investigation but is assessed as elevated due to the combination of zero detection, recent creation, and clear intent to deceive. Continuous monitoring and proactive user education are recommended to prevent wallet compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 18:26:50
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/trip71.top
- PhishDestroy: https://phishdestroy.io/domain/trip71.top/
- LLM endpoint: https://phishdestroy.io/domain/trip71.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trip71.top/
Last updated: 2026-04-07