# curver.finance — MALICIOUS

> curver.finance impersonates Curve and poses a high phishing risk. Site is offline but flagged for social engineering. Stay alert and avoid visiting this domain.

## Summary
PhishDestroy identifies curver.finance as a high-risk phishing domain impersonating the legitimate Curve finance brand. This malicious site was designed to deceive users by mimicking Curve’s interface and branding, putting visitors at risk of social engineering attacks and theft of sensitive information.

The phishing technique used by curver.finance involves replicating Curve's swap page to trick users into submitting private credentials or financial details. The domain was flagged by Google Safe Browsing for social engineering and appears on multiple security blocklists. It was registered recently via HOSTINGER operations, UAB, and is no longer online, which often indicates takedown after detection.

If you have visited curver.finance, PhishDestroy strongly advises checking your financial accounts for unauthorized activity and changing any credentials that might have been exposed. Enable multi-factor authentication where possible and remain cautious of unsolicited communications referencing Curve. Reporting suspicious emails or messages linked to this domain helps protect the wider community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Curve
- Page title: Swap - Curve

## Domain Intelligence
- Registered: 2026-01-19 22:24:02
- Expires: 2027-01-19 00:00:00
- Registrar: HOSTINGER operations, UAB
- Country: LT
- IP: 84.32.84.164
- IP Country: LT
- IP City: Vilnius
- IP Org: AS47583 Hostinger International Limited
- Nameservers: ["ns1.dns-parking.com", "ns2.dns-parking.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "SOCRadar", "Sophos", "Trustwave", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bd8ae-2997-749c-b60d-93f57edd0dd5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9ed04540-dce0-41ba-89e4-ef68aac9afaa
- PhishDestroy: https://phishdestroy.io/domain/curver.finance/
- LLM endpoint: https://phishdestroy.io/domain/curver.finance/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/curver.finance/
Last updated: 2026-03-19