# 1km.one — SUSPICIOUS

> PhishDestroy flags 1km.one as a crypto drainer domain with 3/95 VirusTotal detections. Verify safety before clicking to protect your digital assets.

## Summary
PhishDestroy has identified 1km.one as an active crypto drainer domain designed to trick users into unknowingly authorizing unauthorized cryptocurrency transfers. This domain mimics legitimate services to deceive visitors into connecting their wallets or entering sensitive credentials, which are then exploited by threat actors to drain funds. The malicious infrastructure leverages social engineering tactics to appear trustworthy, often impersonating well-known platforms or services to lower user suspicion. Given the elevated risk level assigned to this domain, users are strongly advised to exercise extreme caution when encountering links or advertisements associated with 1km.one.

This domain was flagged by PhishDestroy due to its malicious intent and was found to have triggered alerts from 3 out of 95 security vendors on VirusTotal, indicating a moderate but concerning detection rate. The domain 1km.one was registered through Dynadot Inc on February 07, 2026, and resolves to IP address 188.114.97.3. It is secured with a Let's Encrypt SSL certificate, which threat actors often use to appear legitimate. The combination of a recent registration date and low but notable detection rate suggests this domain is part of a broader campaign targeting cryptocurrency users.

If you have visited 1km.one or interacted with any content associated with this domain, PhishDestroy recommends taking immediate action to secure your digital assets. Disconnect your cryptocurrency wallet from any active sessions and revoke any unauthorized permissions granted during your visit. Use a reputable security tool to scan your devices for malware or unauthorized access. Users are also encouraged to report this domain to PhishDestroy and relevant cybersecurity authorities to aid in takedown efforts. Always verify the legitimacy of domains and links before entering sensitive information or connecting your wallet.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-07 09:53:24
- Registrar: Dynadot Inc
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b8f153d1-30e1-436d-9b34-30bcbc08fd3d
- PhishDestroy: https://phishdestroy.io/domain/1km.one/
- LLM endpoint: https://phishdestroy.io/domain/1km.one/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/1km.one/
Last updated: 2026-03-22