# bafybeifisnl2ds5xiv6ip76ppn3honte5z7kacfhp3gpgdisk7gr2w5pqm.ipfs.dweb.link — MALICIOUS

> Beware of phishing attempts from bafybeifisnl2ds5xiv6ip76ppn3honte5z7k... Avoid clicking suspicious links and verify site authenticity.

## Summary
PhishDestroy identifies a high-risk generic phishing threat associated with the domain bafybeifisnl2ds5xiv6ip76ppn3honte5z7kacfhp3gpgdisk7gr2w5pqm.ipfs.dweb.link. This domain impersonates a help page for Barclays, attempting to deceive users into divulging sensitive information. The phishing attempt is active and poses a significant risk to users, leveraging trust in a well-known financial institution.

The domain was registered on March 12, 2026, through CSC Corporate Domains, Inc., and is hosted on the IPFS decentralized web infrastructure. VirusTotal flags this domain by 15 out of 95 security vendors, and it appears on two security blocklists, confirming its malicious nature. The long and complex domain name is designed to evade casual detection while mimicking legitimate services.

Currently, the domain remains active and continues to target users. PhishDestroy strongly advises against interacting with this site or providing any personal or financial data. Users should verify URLs carefully, rely on official channels for banking support, and report suspicious domains to security teams. Maintaining vigilance and up-to-date security software is essential to mitigate risks from such phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: help | Barclays

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- Nameservers: ["clarissa.ns.cloudflare.com", "tate.ns.cloudflare.com"]
- SSL Issuer: E7

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "G-Data", "Kaspersky", "LevelBlue", "Lionic", "OpenPhish", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bc6e7-f532-76c3-a2b2-0e40b5589604.png
- PhishDestroy: https://phishdestroy.io/domain/bafybeifisnl2ds5xiv6ip76ppn3honte5z7kacfhp3gpgdisk7gr2w5pqm.ipfs.dweb.link/
- LLM endpoint: https://phishdestroy.io/domain/bafybeifisnl2ds5xiv6ip76ppn3honte5z7kacfhp3gpgdisk7gr2w5pqm.ipfs.dweb.link/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bafybeifisnl2ds5xiv6ip76ppn3honte5z7kacfhp3gpgdisk7gr2w5pqm.ipfs.dweb.link/
Last updated: 2026-03-19