# korvesta.icu — SUSPICIOUS

> korvesta.icu is a live crypto drainer domain with 0/95 VirusTotal detections. Hosted on 43.169.13.15 since March 11, 2026, registered via Aceville.

## Summary
PhishDestroy identifies korvesta.icu as an active crypto drainer campaign under investigation. This domain presents a HIGH risk due to its active infrastructure and undetected status on VirusTotal. It resolves to IP 43.169.13.15 and holds a TrustAsia SSL certificate, indicating an attempt to mimic legitimate cryptocurrency services to deceive victims into connecting wallets.  

This domain was flagged with 0 detections out of 95 VirusTotal scanners, registered through Aceville Pte. Ltd. on March 11, 2026, and remains unlisted on all major blocklists as of the latest scan. The absence of detections suggests either a very new deployment or deliberate obfuscation techniques to evade early-stage detection mechanisms.  

Immediate mitigation steps include blocking the domain and IP at the network perimeter using DNS sinkholing or firewall rules. Users should avoid interacting with korvesta.icu or any linked cryptocurrency-related prompts, especially those involving wallet connections. Organizations are advised to update threat intelligence feeds and SIEM rules to include this domain and its associated infrastructure. Monitor for new domains registered through Aceville Pte. Ltd. or resolving to 43.169.13.15, as these may indicate expanding infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-11 21:17:33
- Registrar: Aceville Pte. Ltd.
- IP: 43.169.13.15

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5729e9a9-f9fe-4dfa-910c-0db6cbd26a71
- PhishDestroy: https://phishdestroy.io/domain/korvesta.icu/
- LLM endpoint: https://phishdestroy.io/domain/korvesta.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/korvesta.icu/
Last updated: 2026-03-23