# niyuve.cuqico.com — SUSPICIOUS > PhishDestroy warns: niyuve.cuqico.com is a live crypto drainer mimicking 'Web App' since April 2026. Flagged by 0 of 95 VirusTotal vendors, verify URLs before. ## Summary PhishDestroy identifies niyuve.cuqico.com as an active crypto drainer phishing domain impersonating a generic 'Web App' interface. The domain remains operational as of the latest scan and continues to pose a direct threat to unsuspecting users who may interact with it under false pretenses. While the specific cryptocurrency platform or service being impersonated has not been confirmed, the presence of a crypto drainer payload cannot be ruled out given the domain’s configuration and observed behavior patterns. Users are advised to treat this domain as hostile until further forensic analysis is completed. This domain was flagged by 0 of 95 VirusTotal vendors, indicating a lack of widespread detection despite its active status. It was registered through CNOBIN INFORMATION TECHNOLOGY LIMITED, resolves to IP address 2.26.50.28, and was created on April 11, 2026. The domain operates with a valid Let's Encrypt SSL certificate, which may contribute to user trust. Notably, there are currently no public blocklist entries associated with this domain, and its trust scores remain unassessed across major threat intelligence platforms. The absence of detections suggests this campaign may be newly deployed or leveraging evasion tactics to bypass initial screening mechanisms. The current status of niyuve.cuqico.com remains active, with no signs of takedown or mitigation as of this report. Given the high-risk nature of crypto drainer phishing campaigns, which often result in irreversible financial loss, immediate defensive action is recommended. Users should avoid accessing this domain entirely and report any encounters. Organizations are urged to implement network-level blocking for the domain and associated IP (2.26.50.28) to prevent accidental exposure. Additionally, users who may have already interacted with this domain should revoke any connected wallet permissions, transfer remaining assets to a secure wallet, and perform a full security audit. Continuous monitoring for similar domains is advised, as threat actors frequently rotate infrastructure to sustain campaign longevity. PhishDestroy will provide updates as new intelligence emerges. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP ?) - Page title: Web App ## Domain Intelligence - Registered: 2026-04-11 02:44:13 - Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED - IP: 2.26.50.28 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b2a71cb4-17f4-475a-8700-9afaf1bad168 - PhishDestroy: https://phishdestroy.io/domain/niyuve.cuqico.com/ - LLM endpoint: https://phishdestroy.io/domain/niyuve.cuqico.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/niyuve.cuqico.com/ Last updated: 2026-04-12