# henabit.com — SUSPICIOUS

> PhishDestroy warns that henabit.com hosts a crypto drainer scam, mimicking a login page. VirusTotal reports 0/95 detections despite active threats since March.

## Summary
PhishDestroy identifies henabit.com as a recently activated crypto drainer domain designed to steal cryptocurrency wallet credentials. This domain, registered through Hello Internet Corp on March 12, 2026, resolves to IP 104.21.66.152 and operates under a valid Let’s Encrypt SSL certificate to appear legitimate. Despite its active status, VirusTotal currently shows 0 out of 95 security engines detecting this threat, leaving users vulnerable to unknowingly submitting wallet access details to malicious actors.


The threat posed by henabit.com is a classic crypto drainer scheme, where victims are tricked into entering their wallet recovery phrases or private keys into a counterfeit login interface. The domain’s recent creation date suggests a hastily deployed campaign, likely targeting users through phishing emails, social media impersonation, or fraudulent advertisements. The absence of detections on VirusTotal highlights the challenge of early-stage threat identification, emphasizing the need for proactive verification tools like PhishDestroy to mitigate risks before widespread compromise.


If you have visited henabit.com or entered any credentials, immediately revoke wallet access permissions, transfer funds to a secure wallet, and scan your device with updated antivirus software. Use PhishDestroy’s verification tool to confirm the legitimacy of domains before interacting, and report suspicious activity to help protect the broader community from evolving crypto scams.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-12 23:07:01
- Registrar: Hello Internet Corp
- IP: 104.21.66.152

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4b9c4125-67a3-45c1-be70-272389ef6d3e
- PhishDestroy: https://phishdestroy.io/domain/henabit.com/
- LLM endpoint: https://phishdestroy.io/domain/henabit.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/henabit.com/
Last updated: 2026-03-27