# ratelimit.su — SUSPICIOUS > ratelimit.su flagged as a crypto drainer with 0 of 95 VirusTotal detections. Avoid connecting crypto wallets. Report now. ## Summary PhishDestroy identifies ratelimit.su as an active crypto drainer posing as a rate-limiting service. The domain is currently under investigation for its malicious intent to deceive users into connecting cryptocurrency wallets under false pretenses. This domain was flagged by 0 of 95 VirusTotal vendors, raising immediate concerns about its legitimacy. Registered through REGRU-SU, ratelimit.su resolves to IP 188.114.96.3 and was created on March 22, 2026. The domain utilizes a Let's Encrypt SSL certificate for perceived trustworthiness, though its recent creation and lack of detections suggest a fledgling but rapidly evolving threat. Further analysis reveals no presence on major blocklists at this time, though its low trust scores and fresh registration window indicate a high-risk profile. As of this report, ratelimit.su remains active and unblocked by most security vendors. Users are strongly advised to avoid interacting with the domain or connecting any cryptocurrency wallets to services hosted on this IP. Enterprises should implement network-level blocks for 188.114.96.3 and monitor for related domains registered through REGRU-SU. Immediate reporting to PhishDestroy and local CERT teams is recommended to expedite takedown efforts. Security teams should also update firewall rules and endpoint protections to flag this domain as a crypto drainer threat. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 14:00:18 - Registrar: REGRU-SU - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e833d3a0-f782-443e-9dec-4699419dc5c7 - PhishDestroy: https://phishdestroy.io/domain/ratelimit.su/ - LLM endpoint: https://phishdestroy.io/domain/ratelimit.su/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ratelimit.su/ Last updated: 2026-03-24