# wallet-checker.cfd — SUSPICIOUS > wallet-checker.cfd is a live crypto-drainer site with 0/95 VirusTotal detections. Block or avoid this drainer immediately. ## Summary PhishDestroy identifies wallet-checker.cfd as an active crypto-drainer domain engineered to empty victim wallets via malicious transaction signing. The site masquerades as an anti-money-laundering tool, leveraging Web3 jargon to lure users into connecting their wallets and signing fraudulent transactions. No specific drainer kit signature has been extracted from the page content yet, indicating either a bespoke or obfuscated payload intended to bypass static detection engines. The domain’s design closely mimics legitimate AML dashboards, suggesting brand impersonation as a secondary tactic to build false trust and increase conversion rates among security-conscious users. wallet-checker.cfd was registered on March 24, 2026 through Global Domain Group LLC and resolves to IPv4 address 95.85.241.94. It holds a valid Let's Encrypt SSL certificate, which may be used to evade browser warnings and phishing filters. VirusTotal currently returns 0 detections out of 95 scanners as of the latest ingestion, highlighting the domain’s ability to evade signature-based antivirus and endpoint protection platforms. The domain has not yet been listed on Google Safe Browsing or other major blocklists, leaving most users unprotected by standard browser-based defenses. These technical indicators suggest an early-stage campaign likely optimized for rapid, high-volume exploitation before detection systems catch up. wallet-checker.cfd remains active and under active threat monitoring. Immediate actions include domain blocking at DNS and network layers, flagging the IP range 95.85.241.0/24 for deep packet inspection, and forcing SSL inspection on outbound traffic to detect TLS-based exfiltration. Risk remains elevated due to low VT coverage and lack of GSB listing, indicating the campaign has not yet peaked in volume or sophistication. Users should treat any interaction with wallet-checker.cfd as high-risk and report the domain to threat intelligence platforms such as URLVoid, PhishTank, and abuse channels of hosting providers. Continuous monitoring is required to detect the first cryptocurrency drain transactions and correlate wallet addresses with known fraudulent clusters. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: AMLConnect and AMLBot: Securing Web3 Transactions Effectively ## Domain Intelligence - Registered: 2026-03-24 21:35:42 - Registrar: Global Domain Group LLC - IP: 95.85.241.94 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8d84027d-6aad-4af5-aa3d-77fd756c5f0d - PhishDestroy: https://phishdestroy.io/domain/wallet-checker.cfd/ - LLM endpoint: https://phishdestroy.io/domain/wallet-checker.cfd/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wallet-checker.cfd/ Last updated: 2026-03-25