# nvnew23.live — SUSPICIOUS

> nvnew23.live is an active cryptocurrency drainer site detected by PhishDestroy. This domain uses a Let's Encrypt SSL certificate to impersonate legitimate.

## Summary
PhishDestroy identifies nvnew23.live as an active cryptocurrency drainer domain engaged in generic phishing operations. This site poses an elevated threat to users by masquerading as a legitimate service to trick victims into connecting cryptocurrency wallets, thereby facilitating unauthorized asset transfers. The domain leverages deception tactics typical of drainer kits, which are designed to extract funds directly from connected wallets without user consent. While no specific brand impersonation has been confirmed, the generic nature of the domain suggests opportunistic targeting rather than a focused campaign against a particular organization or service.


This domain was flagged by PhishDestroy with a VirusTotal detection score of 1 out of 95 security vendors, indicating low but present visibility among security tools. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to the IP address 172.67.222.206. The domain was created on January 22, 2026, and currently shows no presence on the Google Safe Browsing (GSB) blocklist or other major threat intelligence feeds. At the time of analysis, no additional blocklist entries were recorded, suggesting this is a newly activated threat with limited exposure in global threat databases.


nvnew23.live remains an active and confirmed threat as of the seed 11686a analysis. Immediate blocking of this domain at the network and endpoint level is recommended to mitigate risk. Users should avoid accessing this site and report any incidents of wallet compromise to their service providers. The current risk level is elevated due to the active status and lack of widespread detection, though the domain’s recent creation may limit its operational scope. Ongoing monitoring is advised as this campaign may evolve or expand in scope. PhishDestroy continues to track this domain and will update intelligence as new data becomes available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-01-22 16:15:16
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.222.206

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6afd60fc-c24e-4826-83a2-e3cffd127911
- PhishDestroy: https://phishdestroy.io/domain/nvnew23.live/
- LLM endpoint: https://phishdestroy.io/domain/nvnew23.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nvnew23.live/
Last updated: 2026-03-24