# 1inch-web.cc — MALICIOUS

> 1inch-web.cc is a high-risk brand impersonation site flagged for social engineering. Avoid it and never share personal info or crypto keys.

## Summary
PhishDestroy identifies 1inch-web.cc as a high-risk domain impersonating the legitimate 1inch decentralized exchange platform. This site was registered in February 2026 and is currently offline after being detected on multiple security blocklists. Users who encounter this domain should be aware that it poses a significant threat by mimicking a trusted DeFi service to deceive visitors.

The phishing technique used by 1inch-web.cc involves copying the page title and branding of the authentic 1inch exchange to lure users into believing it is a legitimate site. This method aims to trick victims into entering sensitive information such as private keys or wallet credentials, which can then be stolen for fraudulent purposes. The domain has been flagged by Google Safe Browsing for social engineering and detected by several security vendors, reinforcing its malicious intent.

If you have visited 1inch-web.cc, it is crucial to immediately cease any interaction with the site and avoid providing personal or financial data. Users should scan their devices for malware and change passwords or private keys associated with their cryptocurrency wallets. Staying vigilant and verifying URLs before accessing DeFi platforms can prevent falling victim to such impersonation scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: 1inch
- Page title: 1inch Exchange: Optimize Your DeFi Token Swaps

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Spaceship, Inc.
- Country: US
- IP: 104.21.68.253
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["angelina.ns.cloudflare.com", "carlos.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "Sophos", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01993dbc-adc4-73be-a4ae-c5c48a7b5167.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5b1596ca-1de3-436f-9180-54cf0d17af0d
- PhishDestroy: https://phishdestroy.io/domain/1inch-web.cc/
- LLM endpoint: https://phishdestroy.io/domain/1inch-web.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/1inch-web.cc/
Last updated: 2026-03-19