# bafkreigbusqj4yxziaot23aithjzlj7zijyjlnair564n27p5x6olurvi4.ipfs.dweb.link — MALICIOUS

> PhishDestroy flags bafkreigbusqj4yxziaot23aithjzlj7zijyjlnair564n27p5x6olurvi4.ipfs.dweb.link as an active crypto drainer with 14/95 VirusTotal detections.

## Summary
PhishDestroy identifies this IPFS gateway as a live crypto drainer posing as a legitimate storage endpoint. The domain resolves to 209.94.90.2 and leverages a Let’s Encrypt SSL certificate to appear trustworthy, but it is actively harvesting wallet credentials and private keys from unsuspecting users who interact with the page. Security vendors have already begun flagging this infrastructure, with 14 out of 95 engines on VirusTotal detecting malicious content at the time of analysis.  This domain was registered through CSC Corporate Domains, Inc. on February 24, 2017, making it appear long-standing and legitimate at first glance. However, the recent uptick in detections—14/95 on VirusTotal—combined with its association with crypto drainer campaigns, places it in the elevated-risk category. The infrastructure behind the domain (209.94.90.2) has been linked to multiple phishing operations targeting cryptocurrency users, particularly those interacting with decentralized applications or storage services. The combination of an aged registration date and active malicious hosting suggests a sophisticated threat actor using trusted infrastructure to evade detection.  If you visited this domain, immediately disconnect from the internet, revoke any permissions granted to connected wallets or applications, and transfer remaining assets to a newly generated wallet. Use a reputable security tool like PhishDestroy to scan your system for malware or browser extensions that may have captured sensitive data. Report this domain to your wallet provider and consider enabling multi-factor authentication on all crypto-related accounts. Avoid interacting with IPFS gateways unless you have verified their legitimacy through independent sources.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2017-02-24 01:05:27
- Registrar: CSC Corporate Domains, Inc.
- IP: 209.94.90.2

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/99466c0b-cb74-4ba6-88b0-66345ef2165d
- PhishDestroy: https://phishdestroy.io/domain/bafkreigbusqj4yxziaot23aithjzlj7zijyjlnair564n27p5x6olurvi4.ipfs.dweb.link/
- LLM endpoint: https://phishdestroy.io/domain/bafkreigbusqj4yxziaot23aithjzlj7zijyjlnair564n27p5x6olurvi4.ipfs.dweb.link/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bafkreigbusqj4yxziaot23aithjzlj7zijyjlnair564n27p5x6olurvi4.ipfs.dweb.link/
Last updated: 2026-03-22