# cfgahhebo.pojuk.biz.id — MALICIOUS

> cfgahhebo.pojuk.biz.id is a live credential-harvesting phishing page hosted on 103.52.115.131; 5 of 95 VirusTotal scanners flag it. Check the full report.

## Summary
PhishDestroy identifies cfgahhebo.pojuk.biz.id as an active credential-harvesting phishing site posing as a login portal for well-known services. When victims enter their username and password on this fraudulent page, the credentials are immediately transmitted to servers controlled by threat actors, enabling subsequent account takeovers and identity theft. The domain uses social-engineering tactics such as look-alike branding and urgent language to trick users into entering sensitive information without suspicion.

This domain was flagged by PhishDestroy with elevated risk and is currently resolving to IP 103.52.115.131. VirusTotal analysis shows 5 of 95 security vendors detect malicious activity, and the site holds a Let’s Encrypt SSL certificate issued on an unknown date. Registrar information indicates the domain is parked via Pojuk.biz.id, a free subdomain service commonly abused for short-lived phishing campaigns. The combination of low detection rate, fresh infrastructure, and free-hosting platform use highlights the sophistication and rapid deployment nature of this campaign.

If you visited cfgahhebo.pojuk.biz.id, immediately change the password for the account you attempted to access on that site. Enable multi-factor authentication wherever possible. Scan your device with updated antivirus software and monitor financial and email accounts for suspicious activity for at least 30 days. Report the site to your email provider and local cybercrime units using the domain name and IP address to help disrupt the operation. Avoid reusing the same password across multiple services to minimize the impact of potential credential leaks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 103.52.115.131

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ce919645-c610-4b18-a349-8c6fbebe5767
- PhishDestroy: https://phishdestroy.io/domain/cfgahhebo.pojuk.biz.id/
- LLM endpoint: https://phishdestroy.io/domain/cfgahhebo.pojuk.biz.id/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cfgahhebo.pojuk.biz.id/
Last updated: 2026-04-12