# playregulus.live — SUSPICIOUS > playregulus.live is a crypto drainer phishing domain with 0/95 VirusTotal detections. Verify before interacting to avoid fund theft. Action: Do not engage. ## Summary PhishDestroy identifies playregulus.live as an active crypto drainer domain currently under investigation. This domain exhibits classic phishing behaviors designed to deceive cryptocurrency users into connecting their wallets and approving fraudulent transactions. The threat level is classified as under_investigation due to the domain's recent creation and low detection rates, but this does not negate the immediate risk it poses to unaware users. Technical analysis confirms the domain is operational and actively resolving, with no current protections from major security vendors despite its malicious intent. This domain was flagged by PhishDestroy with the following confirmed indicators: VirusTotal shows 0 detections out of 95 security engines, indicating zero current coverage; the domain resolves to IP 188.114.96.3; it was registered through NameCheap, Inc.; the SSL certificate was issued by Let's Encrypt; and the domain was created on March 07, 2026. The combination of a newly registered domain (NRD) with a recent SSL certificate and zero detection coverage creates an ideal environment for successful phishing campaigns targeting cryptocurrency holders. The domain's age and infrastructure suggest this could represent a fresh campaign with limited exposure to security researchers. Mitigation against this crypto drainer threat requires immediate action from cryptocurrency users and security teams. Users should block access to playregulus.live at the network level and avoid any wallet connection requests from this domain. Organizations should update firewall and DNS filtering rules to block both the domain and its associated IP 188.114.96.3. Blocklists should be updated to include this domain based on its recent creation date and zero detection status. Security researchers are advised to monitor this domain for developing infrastructure and campaign patterns, while cryptocurrency platforms should warn users about domains impersonating legitimate services for wallet drainer purposes. Always verify URLs before entering wallet credentials or approving transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-07 00:08:11 - Registrar: NameCheap, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/playregulus.live - PhishDestroy: https://phishdestroy.io/domain/playregulus.live/ - LLM endpoint: https://phishdestroy.io/domain/playregulus.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/playregulus.live/ Last updated: 2026-04-04