# mdgwin-heylink.tumblr.com — SUSPICIOUS

> mdgwin-heylink.tumblr.com is under scrutiny for potential phishing activity. Avoid interacting with this domain until investigation concludes.

## Summary
PhishDestroy identifies mdgwin-heylink.tumblr.com as a domain currently classified under generic phishing, with an active status and ongoing analysis. Although it has a long-standing registration date dating back to June 8, 2006, the domain's suspicious usage patterns have prompted further examination to confirm malicious intent. The classification remains under investigation pending additional evidence.

From a technical standpoint, the domain resolves to IP address 74.114.154.22 and is registered through MarkMonitor, Inc., a reputable registrar often used for brand protection but occasionally exploited by threat actors. VirusTotal scans reveal zero detections across 95 security vendors, indicating that no immediate flags have been raised by automated systems. Nonetheless, the domain's association with phishing behavior and its presence on certain blocklists or external threat feeds suggest careful monitoring is warranted.

Currently, the domain remains active and unblocked by major security providers, underscoring the importance of vigilance. PhishDestroy recommends avoiding any engagement with mdgwin-heylink.tumblr.com until the investigation is complete. Users should report any suspicious interactions and organizations should consider implementing defensive measures to mitigate potential phishing risks associated with this domain.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: mdgwin-heylink.tumblr.com/

## Domain Intelligence
- Registered: 2026-03-05 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 74.114.154.22
- IP Country: US
- IP City: Ashburn
- IP Org: AS2635 Automattic, Inc
- Nameservers: ns1.tumblr.com ns2.tumblr.com ns3.tumblr.com ns4.tumblr.com
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 0 vendors flagged
  Vendors: []
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/CsTLvGvg/6719a197402e.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/mdgwin-heylink.tumblr.com
- Wayback Machine: https://web.archive.org/web/https://mdgwin-heylink.tumblr.com
- PhishDestroy: https://phishdestroy.io/domain/mdgwin-heylink.tumblr.com/
- LLM endpoint: https://phishdestroy.io/domain/mdgwin-heylink.tumblr.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mdgwin-heylink.tumblr.com/
Last updated: 2026-03-19