# bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.dweb.link — MALICIOUS > PhishDestroy identifies a sophisticated IPFS phishing link (bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.dweb. ## Summary PhishDestroy identifies elevated-risk phishing impersonating a generic brand via the IPFS-hosted domain bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.dweb.link. The domain is currently active and poses a credible threat to users interacting with IPFS gateways or decentralized web services. This infrastructure masquerades as legitimate content while harvesting credentials or delivering malicious payloads under the guise of a trusted brand. Security teams should treat this domain as a high-confidence phishing indicator and block all associated traffic immediately. This domain was flagged by 18 of 95 VirusTotal vendors, blocked by OISD, and resolves to IP 209.94.90.2. Registered through CSC Corporate Domains, Inc., the domain was created on February 24, 2017, and appears on one security blocklist. Its SSL certificate, issued by Let's Encrypt, maintains a deceptive appearance of legitimacy despite its malicious purpose. These technical indicators, combined with its persistent hosting on IPFS infrastructure, highlight the sophistication of this phishing campaign and its ability to evade traditional detection methods. The domain's age and registrar choice suggest deliberate long-term positioning within trusted IPFS ecosystems. The current status of this IPFS phishing domain remains active, and users are strongly advised against interacting with any content linked to this endpoint. Organizations should immediately block the domain at the network level and inspect gateway logs for signs of compromise. Security teams are urged to audit IPFS-related traffic and distribute threat intelligence to prevent downstream exploitation. Additionally, users should verify all IPFS content through trusted sources and avoid entering credentials into untrusted interfaces. Proactive monitoring and user education remain critical in mitigating the risks posed by this sophisticated phishing infrastructure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2017-02-24 01:05:27 - Registrar: CSC Corporate Domains, Inc. - IP: 209.94.90.2 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d6068943-7c6e-4ef7-9060-007a5970df3c - PhishDestroy: https://phishdestroy.io/domain/bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.dweb.link/ - LLM endpoint: https://phishdestroy.io/domain/bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.dweb.link/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.dweb.link/ Last updated: 2026-03-29