# watchhr.biz — MALICIOUS

> PhishDestroy identifies watchhr.biz as a crypto drainer phishing domain. 23/95 VirusTotal vendors flag this scam that targets crypto users.

## Summary
PhishDestroy identifies watchhr.biz as an active crypto drainer phishing domain posing heightened risk to cryptocurrency users. This site is engineered to trick victims into connecting wallets, enabling immediate fund extraction without consent.

This domain was flagged by 23 of 95 VirusTotal security vendors, blocked by Hagezi and Maltrail, and registered through Dynadot Inc on March 05, 2026. It resolves to IP 37.77.150.150 and appears on two security blocklists. The registration date and IP profile suggest a newly deployed campaign with low trust scores across multiple detection engines.

Users should never connect wallets, input private keys, or approve transactions on this domain. If exposure occurred, revoke any wallet permissions immediately via blockchain explorers and monitor accounts for unauthorized transfers. Report the domain to your antivirus vendor and relevant blocklists to prevent further victimization.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-05 12:30:31
- Registrar: Dynadot Inc
- IP: 37.77.150.150

## Detection Status
- VirusTotal: 23 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Hagezi", "Maltrail"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f23bd506-394e-42e1-b212-363bb98f0087
- PhishDestroy: https://phishdestroy.io/domain/watchhr.biz/
- LLM endpoint: https://phishdestroy.io/domain/watchhr.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/watchhr.biz/
Last updated: 2026-03-23