# rarvom.icu — SUSPICIOUS

> rarvom.icu shows signs of phishing activity with an active status. Stay alert and avoid interactions. Get the latest safety insights now.

## Summary
PhishDestroy identifies rarvom.icu as a domain linked to generic phishing attempts, currently categorized with a risk level under investigation. Although no definitive detections have been confirmed by major security vendors so far, the domain remains active and flagged due to suspicious indicators. This cautious approach ensures users remain informed of potential threats even when conclusive evidence is pending.

The domain was registered recently on March 06, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar sometimes associated with transient or malicious domain registrations. It resolves to the IP address 188.114.96.3. Despite thorough VirusTotal analysis showing zero detections, the domain's young age combined with its registration details and active status on PhishDestroy's radar suggest a high likelihood of phishing intent, motivating ongoing monitoring and investigation.

Users and organizations are advised to exercise vigilance and refrain from interacting with rarvom.icu until further analysis clarifies its safety. PhishDestroy continues to track the domain’s behavior and threat landscape. Implementing standard anti-phishing measures such as email filtering, endpoint protection, and user education remains the best defense while the investigation is underway.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: Rarvom - Worldwide Decentralized Marketplace

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: kayden.ns.cloudflare.com margot.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["alphaMountain.ai", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc2d7-bf05-72d8-bfcb-5583c0fb9a9a.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/rarvom.icu
- Wayback Machine: https://web.archive.org/web/https://rarvom.icu
- PhishDestroy: https://phishdestroy.io/domain/rarvom.icu/
- LLM endpoint: https://phishdestroy.io/domain/rarvom.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rarvom.icu/
Last updated: 2026-03-19