# pysduck.lat — SUSPICIOUS

> PhishDestroy has identified pysduck.lat as a live crypto-draining site that is already blocked by MetaMask and SEAL.

## Summary
PhishDestroy identifies pysduck.lat as an active crypto-draining phishing domain currently under investigation.

This domain was flagged by 0 of 95 VirusTotal vendors, registered through PDR Ltd. d/b/a PublicDomainRegistry.com on December 03, 2025, resolves to IP 172.67.174.188, and holds a Google Trust Services SSL certificate. It has also been included on 2 separate security blocklists and is already blocked by SEAL and MetaMask.

As of this advisory, pysduck.lat remains active despite zero detections on VirusTotal, indicating a potential zero-day threat. Organizations and users should immediately block both the domain and its resolved IP (172.67.174.188) at the network perimeter. Additionally, inspect DNS logs for recent resolutions to this domain and audit any endpoints that may have accessed it. Given the domain's recent registration and lack of detection coverage, treat any associated artifacts as high-confidence indicators of compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-03 08:26:01
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.174.188

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d14d923f-cb56-4cad-9760-8b76fff0b7dc
- PhishDestroy: https://phishdestroy.io/domain/pysduck.lat/
- LLM endpoint: https://phishdestroy.io/domain/pysduck.lat/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pysduck.lat/
Last updated: 2026-04-01