# bafybeibt7gvufsgdp3colbyw7ax6k6zl7hra6uebf3bfwhjmop5h76geki.ipfs.dweb.link — MALICIOUS

> The domain bafybeibt7gvufsgdp3colbyw7ax6k6zl7hra... is associated with high-risk phishing. Avoid interaction and verify sources before clicking.

## Summary
PhishDestroy identifies the domain bafybeibt7gvufsgdp3colbyw7ax6k6zl7hra6uebf3bfwhjmop5h76geki.ipfs.dweb.link as a high-risk generic phishing threat. This domain is currently active and poses significant dangers to users by potentially harvesting sensitive information through deceptive tactics.

Supporting intelligence shows that this domain resolves to the IP address 209.94.90.2 and is registered via CSC Corporate Domains, Inc., with a creation date of February 24, 2017. Notably, it appears on two security blocklists, and 19 out of 95 security vendors flagged it on VirusTotal, underscoring its malicious nature. The combination of an unusually long, complex subdomain and its hosting on an IP flagged in multiple security sources adds to its suspicious infrastructure.

Users are strongly advised to avoid visiting this domain or providing any personal or financial information if prompted. PhishDestroy recommends maintaining updated security software and using URL filtering tools to block access to this and similar domains. The domain remains active, and caution should be exercised to mitigate exposure to potential phishing scams linked to it.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Webmail

## Domain Intelligence
- Registered: 2017-02-24 01:05:27
- Registrar: CSC Corporate Domains, Inc.
- IP: 209.94.90.2
- Nameservers: clarissa.ns.cloudflare.com tate.ns.cloudflare.com

## Detection Status
- VirusTotal: 18 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CyRadar", "DNS8", "ESET", "Emsisoft", "Ermes", "Forcepoint ThreatSeeker", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Phishing Database", "Sophos", "Trustwave", "VIPRE", "Webroot", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Live Page Content

### Page Text
Webmail Email: Password: This is a very important security measure, . To protect your email account. Your account may be restricted until you can verify your identity.

### External Scripts
- https://code.jquery.com/jquery-2.2.4.min.js

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccd44-2494-717b-b80e-50681efcf1ee.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/6194487b-c792-4b92-869c-3c8d31f7ad76
- PhishDestroy: https://phishdestroy.io/domain/bafybeibt7gvufsgdp3colbyw7ax6k6zl7hra6uebf3bfwhjmop5h76geki.ipfs.dweb.link/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bafybeibt7gvufsgdp3colbyw7ax6k6zl7hra6uebf3bfwhjmop5h76geki.ipfs.dweb.link/
Last updated: 2026-03-14