# nota4dlari.live — SUSPICIOUS > PhishDestroy identifies nota4dlari.live as a crypto drainer scam posing as a fake reward platform. This domain resolved to 45.194.53. ## Summary PhishDestroy classifies nota4dlari.live as a generic phishing domain specifically engineered as a cryptocurrency drainer kit designed to trick users into connecting wallet credentials and authorizing fraudulent transactions. The landing page impersonates legitimate reward or airdrop platforms, luring victims with false incentives to drain connected wallets. No legitimate brand is being spoofed in this campaign; instead, the threat actor leverages a newly registered, deceptive domain to host a drainer script that intercepts wallet connections and executes unauthorized transfers. The infrastructure is minimal and disposable, consistent with short-lived phishing campaigns targeting crypto users. This domain was flagged by 2 out of 95 security vendors on VirusTotal, indicating low but meaningful detection coverage. It resolves to IP 45.194.53.26 and was registered through NameCheap, Inc. on January 29, 2026—just days ago. The domain holds a valid SSL certificate issued by Google Trust Services, likely to appear more trustworthy to unsuspecting users. Despite the certificate, the domain remains unlisted on major blocklists as of current checks, suggesting it is still in early propagation. The combination of new registration, low VT detection, and lack of historical reputation strongly correlates with malicious intent. As of latest intelligence, nota4dlari.live remains active and unblocked by most filtering systems. Users should immediately block the domain at network and endpoint levels and avoid visiting the site. Security teams are advised to inspect DNS logs for queries to this domain and monitor for wallet drain events linked to 45.194.53.26. While this domain is low in blocklist coverage, its elevated risk stems from active phishing activity and the potential for rapid monetization via crypto theft. Remaining risk is moderate due to ongoing domain use and limited takedown response. Immediate user awareness and proactive blocking are critical to prevent compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-01-29 12:37:01 - Registrar: NameCheap, Inc. - IP: 45.194.53.26 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6aaefa32-7d7a-4296-9bad-a0f1179d96a8 - PhishDestroy: https://phishdestroy.io/domain/nota4dlari.live/ - LLM endpoint: https://phishdestroy.io/domain/nota4dlari.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nota4dlari.live/ Last updated: 2026-03-23