# corewalletdesktop.live — MALICIOUS > corewalletdesktop.live is a malicious crypto drainer impersonating a desktop wallet. 6/95 VirusTotal vendors flagged this domain. ## Summary PhishDestroy has identified corewalletdesktop.live as an active crypto drainer posing as a legitimate desktop wallet application. This domain is engineered to deceive users into connecting cryptocurrency wallets, whereupon malicious scripts siphon funds to attacker-controlled addresses. Victims who interact with the site risk immediate and irreversible financial loss without technical recourse. The operational window for this threat is narrow but critical, with domain registration occurring on March 17, 2026, indicating a recently deployed campaign targeting unsuspecting users seeking wallet management tools. This domain exhibits multiple technical indicators that corroborate its malicious nature. VirusTotal analysis reveals 6 out of 95 security vendors have flagged corewalletdesktop.live as malicious, reflecting a consensus on its harmful intent despite limited blocklist coverage. The domain resolves to IP address 216.198.79.1 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently associated with abusive registrations. SSL encryption via Let's Encrypt lends superficial legitimacy, masking the domain's true purpose as a crypto-draining operation. Given the domain's recent creation and the sophistication of its impersonation tactics, the risk level is assessed as elevated due to the irreversible financial consequences for affected users. Users who have visited corewalletdesktop.live should treat the interaction as a potential security incident. Immediately disconnect any connected cryptocurrency wallets and revoke any permissions granted to the site through wallet settings. Scan connected devices for malware, as crypto drainers often bundle secondary payloads to maintain persistence. Report the domain to PhishDestroy for inclusion in blocklists and share indicators of compromise with your organization’s security team. If funds were transferred or wallet credentials entered, contact your wallet provider or financial institution immediately for incident response assistance. Proactive verification of wallet-related domains remains the most effective defense against such threats. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Page title: corewalletdesktop.live ## Domain Intelligence - Registered: 2026-03-17 22:08:43 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 216.198.79.1 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a4db9d22-3d6b-44b9-a387-40c35748e6c2 - PhishDestroy: https://phishdestroy.io/domain/corewalletdesktop.live/ - LLM endpoint: https://phishdestroy.io/domain/corewalletdesktop.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/corewalletdesktop.live/ Last updated: 2026-03-23