# tripscan72.pw — SUSPICIOUS

> tripscan72.pw is a newly active credential theft domain flagged by 0 of 95 VirusTotal vendors. Immediate action is recommended to block this threat actor.

## Summary
PhishDestroy identifies tripscan72.pw as an active credential theft domain currently under investigation. This domain is associated with a phishing campaign designed to harvest user login credentials under false pretenses. As of the latest assessment, the threat remains active and is being closely monitored for further developments.    This domain was flagged by 0 of 95 VirusTotal vendors, indicating that it has not yet been widely detected by security solutions. The domain resolves to IP address 185.130.47.48 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on March 23, 2026, and is secured with a Let's Encrypt SSL certificate. Historical data shows no prior association with known blocklists or trust score platforms, suggesting this is a newly deployed threat infrastructure.    Given the lack of vendor detections and the domain's recent creation, the risk of exposure to credential theft remains high for unaware users. PhishDestroy advises organizations and individuals to block tripscan72.pw at the network level and educate users about this emerging threat. Additionally, monitor network traffic for connections to the associated IP address (185.130.47.48) and inspect SSL certificates for anomalies. Immediate reporting of any encountered phishing attempts involving this domain is encouraged to aid in ongoing investigations.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 10:46:41
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.130.47.48

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/tripscan72.pw
- PhishDestroy: https://phishdestroy.io/domain/tripscan72.pw/
- LLM endpoint: https://phishdestroy.io/domain/tripscan72.pw/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tripscan72.pw/
Last updated: 2026-04-08