# tripscan-map.ru — SUSPICIOUS > PhishDestroy identifies tripscan-map.ru as a credential theft domain with 0/95 VirusTotal detections. Immediate block recommended to prevent account compromise. ## Summary PhishDestroy identifies tripscan-map.ru as a newly active credential theft domain posing as a mapping service. This domain employs a spoofed interface to harvest user credentials, likely targeting unsuspecting visitors through deceptive advertising or phishing emails. Technical analysis indicates the use of a generic drainer kit designed to capture login credentials and session tokens, facilitating unauthorized access to victim accounts. No specific brand impersonation has been confirmed at this stage, but the domain's thematic focus on mapping and travel suggests a potential lure for users seeking navigation tools or location-based services. This domain resolves to IP address 185.130.47.48 and was registered on March 31, 2026, through REGRU-RU, a registrar known for hosting high-risk domains. The domain currently holds a 0/95 detection score on VirusTotal, indicating it has not yet been flagged by security vendors. It utilizes a Let's Encrypt SSL certificate, which provides a false sense of legitimacy to potential victims. Google Safe Browsing has not yet blacklisted this domain, and its recent creation date suggests it is part of a rapidly evolving threat campaign. Additional threat intelligence indicates this domain has not yet appeared on major blocklists, further highlighting its novelty and the need for proactive intervention. As of this report, tripscan-map.ru remains active and under investigation, with a status classified as high-risk due to its credential theft functionality. Immediate action is recommended, including domain blocking at the network level and user awareness campaigns to prevent credential exposure. While the current risk is elevated due to the lack of vendor detections, the absence of historical blocklist entries and the domain's recent registration suggest this threat is still in its early stages. Users are advised to avoid interacting with this domain and to report any suspicious activity to their IT security teams. Further monitoring and analysis are ongoing to determine the full scope of this campaign and to identify potential downstream threats. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 15:01:22 - Registrar: REGRU-RU - IP: 185.130.47.48 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/tripscan-map.ru - PhishDestroy: https://phishdestroy.io/domain/tripscan-map.ru/ - LLM endpoint: https://phishdestroy.io/domain/tripscan-map.ru/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tripscan-map.ru/ Last updated: 2026-04-08