# 5e-play.com — MALICIOUS

> 5e-play.com is a credential theft domain impersonating a gaming portal. VirusTotal flags 8/95 vendors.

## Summary
PhishDestroy identifies 5e-play.com as an active credential theft domain mimicking a gaming portal interface. The domain is engineered to harvest user credentials via a convincing fake login form, likely part of a broader campaign targeting gamers. No specific drainer kit family has been confirmed, but the infrastructure suggests reuse of commoditized phishing templates common in credential theft operations.  

This domain was registered on December 31, 2025, through Hosting Concepts B.V. d/b/a Registrar.eu and resolves to IP 104.21.28.171. Google Safe Browsing has not flagged the domain, and VirusTotal detection remains low at 8/95 security vendors as of the latest scan. The domain leverages a Google Trust Services SSL certificate, which adds superficial legitimacy but does not guarantee safety. No known blocklist entries currently cover this domain.  

The domain remains active and poses an elevated risk due to its recent creation, low detection rate, and use of a trusted SSL certificate. Immediate action is required to block 5e-play.com at the network perimeter and DNS level. Users who may have entered credentials should rotate passwords immediately and enable multi-factor authentication. While the current risk is elevated, proactive blocking and user awareness can significantly reduce exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-31 11:53:24
- Registrar: Hosting Concepts B.V. d/b/a Registrar.eu
- IP: 104.21.28.171

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3c65d320-7149-45ea-98e2-faa2578b4f34
- PhishDestroy: https://phishdestroy.io/domain/5e-play.com/
- LLM endpoint: https://phishdestroy.io/domain/5e-play.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/5e-play.com/
Last updated: 2026-03-27