# polivestia.cfd — SUSPICIOUS

> Investigate polivestia.cfd, a low-risk phishing domain now offline. Learn about its infrastructure and current security status.

## Summary
PhishDestroy identifies polivestia.cfd as a generic phishing domain that posed a low risk to users. The domain was flagged on multiple security blocklists and was associated with deceptive activity targeting unsuspecting victims. Its page title indicated a Cloudflare warning, suggesting hosting or mitigation challenges.

The domain resolves to IP address 188.114.96.3 and was registered through Porkbun LLC on February 21, 2026. VirusTotal analysis showed limited detection, with only 2 out of 95 security vendors flagging it. This low detection rate may reflect either a novel phishing tactic or limited exposure. The domain appeared on three security blocklists, highlighting its suspicious nature within threat intelligence communities.

Currently, polivestia.cfd is offline, with Cloudflare displaying a suspected phishing site warning. Users and security teams are advised to maintain updated blocklists and avoid interaction with this domain or any related URLs. Continued monitoring is recommended to detect potential resurrection or similar domains leveraging the same infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 200)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2027-02-13 00:00:00
- Registrar: Porkbun LLC
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: felipe.ns.cloudflare.com jule.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c5829-41e3-757a-8630-2d9dc71dbdf6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/48e95cbd-6cc9-4a37-8a6e-88152da9d963
- PhishDestroy: https://phishdestroy.io/domain/polivestia.cfd/
- LLM endpoint: https://phishdestroy.io/domain/polivestia.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/polivestia.cfd/
Last updated: 2026-03-19