# hahatogelea.com — SUSPICIOUS > This domain hahatogelea.com impersonates a crypto platform and hosts a crypto drainer. Verify safety scores on PhishDestroy before using. ## Summary PhishDestroy identifies the domain hahatogelea.com as hosting a generic phishing page designed to function as a crypto drainer, actively targeting cryptocurrency users. The threat is currently flagged as under_investigation with a status of active, indicating ongoing malicious activity. Security professionals and users should treat this domain with caution due to its high-risk nature involving direct cryptocurrency theft mechanisms. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating that detection signatures have not yet caught up to its threat potential. The domain was registered through NameCheap, Inc., resolving to IP 92.243.74.2, and was created on December 30, 2025. The SSL certificate is issued by Google Trust Services, which may lend an initial false sense of legitimacy. Despite the absence of VirusTotal detections, the domain remains unlisted on major blocklists, maintaining low visibility for now. PhishDestroy advises immediate caution regarding hahatogelea.com. Users should avoid interacting with the site, especially transactions involving cryptocurrency wallets or login credentials. Security teams are urged to monitor this IP (92.243.74.2) and domain for emerging detection signatures. Block this domain at the network level and report any observed malicious activities to PhishDestroy to contribute to collective threat intelligence. The domain's recent creation and low detection rate suggest it may escalate into a broader campaign; proactive blocking is strongly recommended to prevent compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-30 06:56:14 - Registrar: NameCheap, Inc. - IP: 92.243.74.2 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/063fc9ce-cd73-48da-a584-2ab862d342be - PhishDestroy: https://phishdestroy.io/domain/hahatogelea.com/ - LLM endpoint: https://phishdestroy.io/domain/hahatogelea.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hahatogelea.com/ Last updated: 2026-03-23