# raven.cyberfish.io — MALICIOUS > PhishDestroy identifies raven.cyberfish.io as a brand impersonation site targeting Aave, flagged by 13 of 95 VirusTotal vendors. Avoid interactions immediately. ## Summary PhishDestroy identifies the domain raven.cyberfish.io as an active brand impersonation site targeting the Aave protocol. The domain is currently operational and exhibits tactics consistent with malicious entities attempting to deceive users by mimicking legitimate services. This threat falls under the category of brand impersonation, where attackers create fraudulent websites or services to exploit user trust in well-known brands, particularly in the cryptocurrency and decentralized finance (DeFi) sectors. raven.cyberfish.io was flagged by 13 of 95 VirusTotal security vendors as malicious, indicating a high likelihood of compromise. The domain resolves to the IP address 52.204.246.179 and is registered through MarkMonitor Inc., a registrar often associated with legitimate domain management but sometimes exploited for malicious purposes. The domain was created on November 12, 2017, which may suggest an attempt to appear long-standing, though this does not guarantee legitimacy. The presence of a Let's Encrypt SSL certificate further adds to the appearance of legitimacy, a common tactic employed by attackers to build trust with potential victims. The combination of these factors—including the low trust scores and high blocklist presence—paints a clear picture of a malicious domain designed to deceive. Given the elevated risk level and active status of raven.cyberfish.io, PhishDestroy strongly advises against any interaction with this domain or its associated services. Users should verify the authenticity of websites, especially those related to cryptocurrency and DeFi, by cross-referencing official sources and ensuring correct domain spellings. Organizations and individuals are encouraged to report this domain to their security teams or relevant cybersecurity authorities to prevent further exploitation. Additionally, implementing network-level blocks for this IP address and domain may help mitigate potential risks. Proactive monitoring and user education on recognizing brand impersonation tactics are critical in reducing exposure to such threats. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Aave ## Domain Intelligence - Registered: 2017-11-12 14:33:28 - Registrar: MarkMonitor Inc. - IP: 52.204.246.179 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/980fa04d-4348-4090-9255-23487ab3e2a9 - PhishDestroy: https://phishdestroy.io/domain/raven.cyberfish.io/ - LLM endpoint: https://phishdestroy.io/domain/raven.cyberfish.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/raven.cyberfish.io/ Last updated: 2026-03-23