# h6.ciimud7.vu — MALICIOUS

> h6.ciimud7.vu is flagged for phishing and social engineering. Avoid this site and learn how to protect yourself with PhishDestroy guidance.

## Summary
PhishDestroy identifies h6.ciimud7.vu as a high-risk phishing domain disguised under the misleading page title 'Energen - Free Bootstrap 4 Template by Colorlib.' This domain poses a significant threat because it aims to trick users into revealing sensitive personal or financial data by mimicking legitimate web content.

This phishing scheme operates by directing visitors to a fake webpage that appears trustworthy but is designed to steal credentials or install malicious software. The domain was created recently on March 11, 2026, and has been flagged by Google Safe Browsing for social engineering, which indicates attempts to deceive users. Additionally, it appears on a security blocklist and is reported by multiple security vendors.

If you have visited h6.ciimud7.vu, it is critical to avoid entering any information and disconnect from the site immediately. Check your accounts for unusual activity and change passwords if you suspect compromise. Using official channels to verify any requests for information is vital. For ongoing protection, users should rely on updated security tools and consult resources like PhishDestroy for alerts on evolving threats such as this one.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Energen - Free Bootstrap 4 Template by Colorlib

## Domain Intelligence
- Registered: 2026-03-11 15:07:01
- Registrar: Sav.com LLC
- Country: US
- IP: 95.3.220.175
- IP Country: TR
- IP City: İzmir
- IP Org: AS9121 Turk Telekomunikasyon Anonim Sirketi
- Nameservers: cheryl.ns.cloudflare.com logan.ns.cloudflare.com
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "LevelBlue", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce207-d343-7079-a9b8-281b985d7314.png
- PhishDestroy: https://phishdestroy.io/domain/h6.ciimud7.vu/
- LLM endpoint: https://phishdestroy.io/domain/h6.ciimud7.vu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/h6.ciimud7.vu/
Last updated: 2026-03-19