# bafkreibupiq2fnvqdhui556opdnhkidbtrdapw46ytd5eis7vqfotuc72y.ipfs.dweb.link — MALICIOUS > PhishDestroy warns users about the phishing threat from bafkreibupiq2fnvqdhui556opdnhkidbtrdapw46ytd5eis7vqfotuc72y.ipfs.dweb.link. Stay safe online. ## Summary PhishDestroy identifies bafkreibupiq2fnvqdhui556opdnhkidbtrdapw46ytd5eis7vqfotuc72y.ipfs.dweb.link as a high-risk phishing domain actively targeting users. Phishing sites like this pose significant threats by attempting to steal sensitive data such as login credentials, financial information, or personal identifiers, leading to potential identity theft and financial loss. The domain’s active status means users remain at risk if they attempt to interact with it. Analysis of this domain reveals it resolves to IP address 209.94.90.3 and was created on February 24, 2017. It is registered through CSC Corporate Domains, Inc., a common registrar, but its reputation is compromised as evidenced by its presence on multiple security blocklists. Additionally, 19 out of 95 security vendors flagged this domain on VirusTotal, underscoring its suspicion. The domain structure references the IPFS decentralized web protocol, which can be leveraged by attackers to evade traditional takedown mechanisms. Users are strongly advised to avoid visiting or interacting with bafkreibupiq2fnvqdhui556opdnhkidbtrdapw46ytd5eis7vqfotuc72y.ipfs.dweb.link. If you suspect any personal information has been submitted to this site, immediately update your passwords and monitor your accounts for unauthorized activity. Utilizing updated security software and enabling browser protections against phishing will also help mitigate the risk posed by such deceptive domains. ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP 200) - Page title: Webmail Sign-in ## Domain Intelligence - Registered: 2026-03-03 17:07:01 - Registrar: CSC Corporate Domains, Inc. - IP: 209.94.90.3 - Nameservers: clarissa.ns.cloudflare.com tate.ns.cloudflare.com ## Detection Status - VirusTotal: 19 vendors flagged Vendors: ["ADMINUSLabs", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Phishing Database", "Sophos", "Trustwave", "URLQuery", "VIPRE", "Webroot", "alphaMountain.ai"] - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["PhishDestroy", "PhishingDB"] ## Live Page Content ### Page Text Webmail Sign-in Checking your browser before accessing the site I am not a robot click on the checkbox to verify if you're human. Try again ZOHO Let's get started Previous session has expired, login to continue Email Password Next Loading... ### External Scripts - https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js - https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js ### Form Fields - password - - email - submit ## Evidence - Screenshot: https://urlscan.io/screenshots/019cb3a8-44f1-7600-8242-6f7d1fff633a.png - Cloudflare Radar: https://radar.cloudflare.com/scan/106a82b0-0e9b-4f55-b4c4-d07ed8564812 - PhishDestroy: https://phishdestroy.io/domain/bafkreibupiq2fnvqdhui556opdnhkidbtrdapw46ytd5eis7vqfotuc72y.ipfs.dweb.link/ ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bafkreibupiq2fnvqdhui556opdnhkidbtrdapw46ytd5eis7vqfotuc72y.ipfs.dweb.link/ Last updated: 2026-03-14