# corev3-secure-b4df72d1-ff44b36-ae57.network — MALICIOUS — Crypto Drainer (Wallet Connect Abuse)

> corev3-secure-b4df72d1-ff44b36-ae57.network is a high-risk crypto drainer phishing site now offline. Avoid interaction to protect your wallet.

## Summary
PhishDestroy identifies corev3-secure-b4df72d1-ff44b36-ae57.network as a high-risk crypto drainer targeting cryptocurrency users via a fake Wallet Connect interface. These attacks aim to steal wallet credentials and drain funds, posing serious financial risk.

The domain was created on November 28, 2025, and is registered through NameSilo, LLC. It appeared in 5 security blocklists, flagged by 19 of 95 VirusTotal vendors, and featured in 2 AlienVault OTX pulses. The site resolved to IP 98.84.224.111 and utilized the Wallet Connect Abuse drainer kit. It is currently offline.

Users should never trust suspicious wallet connection prompts from this domain. Always verify URLs before connecting wallets and use official apps only. Report any phishing attempts and avoid clicking unknown links to safeguard crypto assets.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Wallet Connect Abuse)
- Site status: dead (HTTP 403)
- Drainer type: Wallet Connect Abuse
- Page title: wallet connect

## Domain Intelligence
- Registered: 2025-11-28 00:00:00
- Expires: 2026-11-28 00:00:00
- Registrar: NameSilo, LLC
- Country: US
- IP: 98.84.224.111
- IP Country: US
- IP City: Ashburn
- IP Org: AS14618 Amazon.com, Inc.
- Nameservers: dns1.p06.nsone.net dns2.p06.nsone.net dns3.p06.nsone.net dns4.p06.nsone.net
- SSL Issuer: none

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Ermes", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Phishing Database", "Seclookup", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 5 hits
  Lists: ["PhishDestroy", "MetaMask", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019acf05-d59e-74d0-b421-d693447e25cf.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/90452f4a-8eee-4667-ad70-e26f8946c0e0
- PhishDestroy: https://phishdestroy.io/domain/corev3-secure-b4df72d1-ff44b36-ae57.network/
- LLM endpoint: https://phishdestroy.io/domain/corev3-secure-b4df72d1-ff44b36-ae57.network/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/corev3-secure-b4df72d1-ff44b36-ae57.network/
Last updated: 2026-03-19