# bafybeiekvbkc27u3kvrewpwebvllbhpsys5a4lzks4pkgsio3xlw5pcngq.ipfs.dweb.link — MALICIOUS

> This bafybeiekvbkc27u3kvrewpwebvllbhpsys5a4lzks4pkgsio3xlw5pcngq.ipfs.dweb.link domain poses as a Windows Defender error to steal credentials.

## Summary
PhishDestroy identifies bafybeiekvbkc27u3kvrewpwebvllbhpsys5a4lzks4pkgsio3xlw5pcngq.ipfs.dweb.link as an active high-risk generic phishing domain impersonating Microsoft Windows Defender SmartScreen errors to deceive users into exposing sensitive information. This domain leverages social engineering tactics through a fraudulent error page claiming system compromise, a common tactic used by credential drainer kits to harvest login details under the guise of security alerts. The infrastructure appears designed to exploit trust in Windows security warnings while bypassing user scrutiny through obfuscated IPFS hosting.  This domain resolves to IP address 209.94.90.2 and was registered through CSC Corporate Domains, Inc. on February 24, 2017. VirusTotal analysis reveals 15 out of 95 security vendors flag this domain as malicious, indicating partial but not universal detection coverage. Google Safe Browsing categorizes this threat under SOCIAL_ENGINEERING, confirming its use of deceptive practices to manipulate users. The domain employs a Let's Encrypt SSL certificate to enhance legitimacy, while its longstanding registration date paradoxically suggests either domain squatting or prolonged malicious persistence awaiting vulnerable targets.  The threat remains active despite partial detection, with current status indicating ongoing operation. Users should immediately block this domain at network and endpoint levels. Organizations are advised to implement DNS filtering solutions referencing PhishDestroy's threat intelligence feeds containing seed identifier 14cb8f. Immediate actions include isolating any systems that accessed this domain, resetting exposed credentials, and deploying behavioral analysis tools to detect similar credential harvesting attempts. The persistent activity and partial detection coverage underscore the critical need for layered security measures and continuous threat intelligence updates to mitigate residual risk from this sophisticated phishing campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Page title: Defender smart screen error

## Domain Intelligence
- Registered: 2017-02-24 01:05:27
- Registrar: CSC Corporate Domains, Inc.
- IP: 209.94.90.2

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fb3de2c5-4394-435e-8e7f-06cdb4463e7d
- PhishDestroy: https://phishdestroy.io/domain/bafybeiekvbkc27u3kvrewpwebvllbhpsys5a4lzks4pkgsio3xlw5pcngq.ipfs.dweb.link/
- LLM endpoint: https://phishdestroy.io/domain/bafybeiekvbkc27u3kvrewpwebvllbhpsys5a4lzks4pkgsio3xlw5pcngq.ipfs.dweb.link/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bafybeiekvbkc27u3kvrewpwebvllbhpsys5a4lzks4pkgsio3xlw5pcngq.ipfs.dweb.link/
Last updated: 2026-04-11