# unitas-labs.live — SUSPICIOUS

> unitas-labs.live is a crypto drainer phishing site with 0/95 VirusTotal detections. Analyze this active threat before interacting and report if confirmed.

## Summary
PhishDestroy identifies unitas-labs.live as an active crypto drainer phishing domain first observed on March 16, 2026. The site impersonates a legitimate-sounding laboratory (Unitas Labs) to deceive users into connecting cryptocurrency wallets and authorizing malicious transactions via a crypto drainer kit embedded on the landing page. No publicly documented drainer signature (e.g., Venom, Angel, or Inferno) has been attributed to this domain yet, suggesting either a custom or newly deployed variant under active iteration.  unitas-labs.live resolves to IP 172.67.214.167 and is served over a Let’s Encrypt SSL certificate for added legitimacy. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and currently exhibits 0 detections out of 95 engines on VirusTotal. Google Safe Browsing (GSB) and major threat intelligence blocklists have not yet flagged this domain, resulting in a zero-blocklist status as of the latest scan. Domain age is under 48 hours, minimizing historical reputation but increasing the risk of rapid abuse escalation.  This domain remains active and unblocked across most filters, enabling ongoing campaigns. Users are advised to block access at the network level via DNS sinkholing to IP 172.67.214.167 and add the domain to enterprise blocklists immediately. PhishDestroy continues to monitor for signature updates and will escalate classification upon detection of drainer payloads or confirmed thefts. Remaining risk is assessed as HIGH due to active status, zero detections, and absence of countermeasures in standard threat feeds.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-16 09:32:24
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.214.167

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/287eea85-82e9-481f-8587-fb22ef62af39
- PhishDestroy: https://phishdestroy.io/domain/unitas-labs.live/
- LLM endpoint: https://phishdestroy.io/domain/unitas-labs.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/unitas-labs.live/
Last updated: 2026-03-23