# dagetzzidxty.hrvgg.biz.id — MALICIOUS

> dagetzzidxty.hrvgg.biz.id is a live crypto drainer page impersonating a major brand. Flagged by 7/95 VirusTotal scanners, verify on PhishDestroy before clicking.

## Summary
PhishDestroy identifies dagetzzidxty.hrvgg.biz.id as an active crypto drainer domain hosting a fraudulent login page designed to steal cryptocurrency assets. The site exploits a typosquatted subdomain of hrvgg.biz.id, leveraging deceptive branding to trick users into connecting wallets and signing malicious transactions. Security research indicates the drainer kit likely integrates with popular wallet extensions, prompting unauthorized transfers upon user interaction.

Technical indicators confirm elevated risk: VirusTotal lists 7/95 security vendors detecting the domain, while VirusTotal’s community sources show consistent malicious activity. The domain resolves to IP 172.67.133.51 via Cloudflare, and operates under a Google Trust Services SSL certificate to appear legitimate. Registered through a privacy-protected registrar, creation date remains within the last 90 days, and the domain is currently blocklisted by 1 major threat intelligence feed (GSB).

As of the latest scan, the domain remains active and responsive, maintaining an elevated risk profile. Users are advised to avoid interaction and verify any suspicious links using PhishDestroy’s real-time scanner. Despite its current exposure in threat feeds, the domain retains potential for continued operation or rapid migration to new infrastructure. Remaining risk is classified as elevated due to ongoing lure campaigns and drainer toolkit deployment.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.67.133.51

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fd5d47d5-c39d-4b0d-9e2f-4a98de784202
- PhishDestroy: https://phishdestroy.io/domain/dagetzzidxty.hrvgg.biz.id/
- LLM endpoint: https://phishdestroy.io/domain/dagetzzidxty.hrvgg.biz.id/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dagetzzidxty.hrvgg.biz.id/
Last updated: 2026-03-22