# accountrestore.live — MALICIOUS > PhishDestroy warns: accountrestore.live is a credential phishing site that impersonates a login portal. VirusTotal shows 15/95 vendors flag it. ## Summary PhishDestroy identifies accountrestore.live as an active crypto wallet-draining credential phishing domain operating at elevated risk. This site lures users with a plausible “account restore” theme, then harvests private keys or seeds to drain connected wallets in real time. Victims who enter credentials or connect wallets risk irreversible loss of funds, often within minutes, as attackers immediately sweep assets to controlled exchanges or mixers. The domain’s behavior mirrors that of known “crypto-drainer” toolkits such as Venom, PinkDrainer, or Inferno, which automate theft once credentials are submitted. This domain was flagged by PhishDestroy after 15 out of 95 VirusTotal security vendors classified it as malicious. It was registered on March 17, 2025 through NameCheap, Inc., and resolved to IP 104.21.92.230 at the time of analysis. The site also holds a valid Let’s Encrypt SSL certificate, which attackers use to appear legitimate and bypass browser warnings. Given its recent creation and low detection rate, accountrestore.live poses a heightened threat to cryptocurrency users who may mistake it for an official recovery portal. If you visited accountrestore.live, immediately revoke any connected wallet permissions using tools like Revoke.cash or Rabby’s permission manager. Do not re-enter private keys or seed phrases on any site. Scan your device with Malwarebytes or Windows Defender to check for infostealers. Report the domain to PhishDestroy and your wallet provider. Consider rotating wallet addresses and enabling hardware wallet signing for all future transactions to reduce exposure. Always verify domains via trusted sources before entering sensitive information. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-17 05:37:55 - Registrar: NameCheap, Inc. - IP: 104.21.92.230 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/accountrestore.live - PhishDestroy: https://phishdestroy.io/domain/accountrestore.live/ - LLM endpoint: https://phishdestroy.io/domain/accountrestore.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/accountrestore.live/ Last updated: 2026-04-09