# one-wallet.cc — SUSPICIOUS

> one-wallet.cc hosts a crypto drainer kit with 3/95 VirusTotal detections — block immediately to protect crypto holdings.

## Summary
PhishDestroy identifies one-wallet.cc as an active crypto drainer domain targeting cryptocurrency wallet users through deceptive wallet impersonation. The domain employs a drainer kit designed to siphon assets from unsuspecting victims who connect compromised wallets. While no direct ties to a specific brand were observed in the analysis, the domain’s infrastructure and operational tactics align with known crypto theft campaigns that lure users under the guise of legitimate wallet services or transaction portals.  This domain was flagged on VirusTotal with a detection score of 3 out of 95 security vendors, indicating limited but concerning recognition within the threat intelligence community. Technical indicators include registration via Amazon Registrar, Inc., a creation date of June 25, 2025, DNS resolution to IP address 172.67.130.225, and a valid SSL certificate issued by Google Trust Services. The domain has not yet been widely listed on major blocklists, which may suggest a recently emerged or opportunistic campaign leveraging the trustworthiness of a Google-issued certificate to deceive targets.  As of the latest threat assessment, one-wallet.cc remains active and poses an elevated risk to users who may interact with it under false pretenses. Immediate blocking of the domain and associated IP is strongly advised to mitigate potential asset loss. Users are urged to verify wallet URLs through official channels and avoid entering private keys or seed phrases on untrusted domains. Continuous monitoring and updating of network defenses are critical to counter evolving tactics employed by crypto drainer operators.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-25 06:59:18
- Registrar: Amazon Registrar, Inc.
- IP: 172.67.130.225

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/42dd79cf-0479-4177-9e55-e628c3555040
- PhishDestroy: https://phishdestroy.io/domain/one-wallet.cc/
- LLM endpoint: https://phishdestroy.io/domain/one-wallet.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/one-wallet.cc/
Last updated: 2026-03-27