# ronin-wallet.firebaseapp.com — MALICIOUS

> Beware: ronin-wallet.firebaseapp.com is a crypto drainer site stealing funds. PhishDestroy flags it with 14/95 VirusTotal detections. Check the full report

## Summary
PhishDestroy identifies ronin-wallet.firebaseapp.com as an active crypto drainer posing as a legitimate Ronin wallet service. This fraudulent site lures cryptocurrency users into connecting their wallets under the guise of asset management or transaction validation, then silently drains digital assets through unauthorized blockchain transactions. Users who interact with this domain risk immediate financial loss, as the site is designed to exploit wallet connectivity features to siphon funds without requiring additional authentication. The domain’s behavior aligns with modern crypto drainer kits that leverage social engineering and deceptive interfaces to mimic trusted wallet interfaces.  This domain was flagged by PhishDestroy with an elevated risk rating due to multiple red flags. It registered through Google LLC and carries a valid SSL certificate issued by Google Trust Services, which may lend it false credibility. However, VirusTotal analysis reveals 14 out of 95 security vendors flagged this domain as malicious, indicating widespread suspicion. The site is blocked by the OISD blocklist, a leading open-source threat intelligence feed, and resolves to IP address 199.36.158.100. Its presence on one security blocklist underscores its malicious nature, though the limited blocklist count suggests it may be a newer or less widely detected threat vector.  If you visited or interacted with ronin-wallet.firebaseapp.com, take immediate action to secure your assets. Disconnect any connected wallets immediately using your wallet’s interface or by revoking permissions via blockchain explorer tools such as Etherscan or BscScan. Review recent transaction history for unauthorized transfers and consider transferring remaining funds to a newly created wallet with a unique seed phrase. Enable multi-factor authentication where available and report the domain to your wallet provider and relevant cybersecurity platforms. Always verify website URLs and use official wallet applications or websites directly from verified sources to prevent falling victim to similar crypto drainers.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Google LLC
- IP: 199.36.158.100

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ronin-wallet.firebaseapp.com
- PhishDestroy: https://phishdestroy.io/domain/ronin-wallet.firebaseapp.com/
- LLM endpoint: https://phishdestroy.io/domain/ronin-wallet.firebaseapp.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ronin-wallet.firebaseapp.com/
Last updated: 2026-04-10