# cyrexmodes.icu — MALICIOUS

> Cyrexmodes.icu poses as a legitimate service to steal credentials. VirusTotal flags this domain with 5/95 detections.

## Summary
PhishDestroy identifies cyrexmodes.icu as an active generic phishing domain posing an elevated risk to users. This domain is engineered to impersonate trusted services and deceive victims into disclosing sensitive information such as login credentials or financial data. The threat is classified as generic phishing due to its broad, non-targeted approach aimed at capturing any user who interacts with the fraudulent site.  This domain was flagged by 5 out of 95 security vendors on VirusTotal as of the investigation seed 70d7ef. It resolves to IP 188.114.97.3 and was created on March 26, 2026. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and secured with a Let’s Encrypt SSL certificate, which increases its appearance of legitimacy. The low detection ratio indicates limited but present awareness among security tools, suggesting the campaign may be recent or rapidly evolving.  Users encountering cyrexmodes.icu should immediately cease interaction and avoid entering any credentials or personal information. Organizations are advised to block both the domain and the associated IP address at the network perimeter. Users should report the domain to their email providers, browsers, and threat intelligence platforms. Given the domain’s recent creation and low detection rate, heightened vigilance is critical to prevent credential theft and potential downstream attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 20:29:24
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/49bb6002-d732-4a45-b0dc-68ebb90b97cf
- PhishDestroy: https://phishdestroy.io/domain/cyrexmodes.icu/
- LLM endpoint: https://phishdestroy.io/domain/cyrexmodes.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cyrexmodes.icu/
Last updated: 2026-03-29