# bafkreielfoja7v2ruue4qakymuyspgoz4hriojqprv5mzejt25qn3sebbi.ipfs.dweb.link — MALICIOUS

> The domain bafkreielfoja7v2ruue4qakymuyspgoz4hri.ipfs.dweb.link hosts a high-risk phishing scam masquerading as Docusign. Stay vigilant and avoid interaction.

## Summary
PhishDestroy identifies bafkreielfoja7v2ruue4qakymuyspgoz4hri.ipfs.dweb.link as a high-risk generic phishing threat. This domain impersonated Docusign with a secured document page to deceive victims.

Evidence includes its recent creation date in March 2026, an IP address of 209.94.90.2, registration via CSC Corporate Domains, Inc., and a presence on a security blocklist. VirusTotal reports 16 out of 95 vendors flagging this domain, confirming malicious intent.

Currently offline, this domain is no longer active, reducing immediate danger. Users should remain cautious and avoid clicking suspicious links. Organizations are advised to block this domain and monitor related activity for protection.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 410)
- Page title: Docusign - Secured Document

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 209.94.90.2
- IP Org: Cloudflare CDN
- Nameservers: ["clarissa.ns.cloudflare.com", "tate.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Ermes", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "G-Data", "Gridinsoft", "Kaspersky", "LevelBlue", "Netcraft", "OpenPhish", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce224-966c-7439-b104-bccf5fbc65ab.png
- PhishDestroy: https://phishdestroy.io/domain/bafkreielfoja7v2ruue4qakymuyspgoz4hriojqprv5mzejt25qn3sebbi.ipfs.dweb.link/
- LLM endpoint: https://phishdestroy.io/domain/bafkreielfoja7v2ruue4qakymuyspgoz4hriojqprv5mzejt25qn3sebbi.ipfs.dweb.link/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bafkreielfoja7v2ruue4qakymuyspgoz4hriojqprv5mzejt25qn3sebbi.ipfs.dweb.link/
Last updated: 2026-03-19