# haber364tr.live — MALICIOUS > PhishDestroy warns haber364tr.live is a crypto drainer domain flagged by 17/95 VirusTotal vendors. Avoid transactions on this Let's Encrypt site created March. ## Summary PhishDestroy identifies haber364tr.live as an active crypto drainer domain designed to deceive users into connecting crypto wallets and authorizing malicious transactions. This site mimics legitimate services to exploit Web3 users, with threat actors leveraging social engineering to trick victims into approving token transfers or NFT transactions that drain funds directly from connected wallets. Technical analysis confirms the domain resolves to IP address 64.89.161.43 and operates under a Let's Encrypt SSL certificate to appear trustworthy, though SSL presence does not guarantee legitimacy in crypto drainer campaigns. This domain was flagged by 17 out of 95 VirusTotal security vendors, indicating elevated malicious reputation. Domain registration data shows the site was created on March 22, 2026, and is sponsored by GoDaddy.com, LLC. The recent creation date combined with low domain age often correlates with malicious intent in phishing and crypto drainer operations. Security researchers have observed rapid turnover in such domains, with attackers frequently deploying new sites to evade detection. Users who visited haber364tr.live or connected any crypto wallet to this domain should immediately revoke any approved permissions through their wallet interface, disconnect the wallet from suspicious sites, and transfer remaining funds to a newly generated wallet address. Enable hardware wallet authentication where possible, monitor accounts for unauthorized transactions, and report any suspicious activity to your wallet provider or relevant blockchain security teams. Avoid interactions with unsolicited links and verify URLs through official channels before any financial transaction. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 17:33:49 - Registrar: GoDaddy.com, LLC - IP: 64.89.161.43 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d0386a70-fbd1-44bb-b069-fd2729d9f5da - PhishDestroy: https://phishdestroy.io/domain/haber364tr.live/ - LLM endpoint: https://phishdestroy.io/domain/haber364tr.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/haber364tr.live/ Last updated: 2026-03-23