MalwareTips
DANGEROUS

Crypto scam / wallet-drainer

5 of 93 antivirus engines flag this page as malicious. Signals match fake investment platforms and wallet drainers. Never connect a wallet, paste a seed phrase, or deposit crypto here.

Security Review

Is app.cabana.fi legit or a scam?

Our verdict:Dangerous· 1/100

Official PoolTogether V5 interface flagged as phishing by 5+ antivirus engines and blocked by security scanners, despite legitimate governance and open-source backing.

Top reasons
5 antivirus engines (ADMINUSLabs, Chong Lua Dao, CRDF, CyRadar, Kaspersky) flag the domain as malicious or phishing.Independent security scanners classify app.cabana.fi as phishing and block user access.Page solicits wallet connections and crypto deposits with large prize figures but no visible audit, regulatory disclosure, or security certification.
app.cabana.fiScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 42
Category tags
defi / crypto#Crypto Fraud#Phishing72% MT confidence
Technical red flags (1)
7 of 93 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
7/93
Engines flagged this URL
Domain Age
3 years old
Registered Jul 13, 2023
MT Intelligence
Suspicious
High likelihood · 72% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust42/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain app.cabana.fi is confirmed as the primary frontend for PoolTogether V5, developed by G9 Software Inc., listed on the official PoolTogether ecosystem page, and open-sourced on GitHub. However, 5 of 93 antivirus engines (ADMINUSLabs, Chong Lua Dao, CRDF, CyRadar, Kaspersky) flag it as malicious or phishing, and independent security scanners classify it as a phishing site and block access. The page itself displays a classic DeFi prize-pool interface with wallet-connection prompts and large prize figures, which matches both legitimate PoolTogether vaults and high-risk imitation sites. The domain is 1061 days old (approximately 3 years), has valid SSL, and shows no typosquatting or cloning of unrelated brands. The contradiction between legitimate governance backing and widespread antivirus flagging suggests either a false-positive cascade among security engines or a compromised/imitated interface. The lack of visible regulatory disclosure, audit seals, or contact information on the rendered page increases perceived risk, even though the official PoolTogether documentation confirms this is the real service.
Full dossier
Analysis complete

Page Content

The page displays a DeFi prize-savings interface with a prominent 'Deposit to win up to $71,886' headline and a 'Connect Wallet' call-to-action. Multiple prize-pool cards show large dollar amounts across blockchain networks (Ethereum, Optimism, Arbitrum, Base, Gnosis, World). The tagline 'You can withdraw your full deposit at any time' is presented as reassurance but lacks on-page verification or audit documentation. No visible terms of service, regulatory disclosures, security audit seals, or trust badges appear in the rendered portion.

Infrastructure

The domain uses valid SSL (Let's Encrypt R13, 59 days to expiry), is hosted on IP 76.76.21.123 (abuse score 0/100, 1 historical abuse report), and has no browser blocklist hits. However, 5 of 93 antivirus engines flag it as malicious or phishing: ADMINUSLabs, Chong Lua Dao, CRDF, CyRadar, and Kaspersky. The page is not indexed in global traffic rankings.

Domain History

Registered 1061 days ago (~3 years), the domain shows no homoglyph, IDN, or cross-domain redirect patterns. WHOIS privacy is disabled. The domain age aligns with legitimate long-term DeFi infrastructure, not ephemeral fraud sites.

Web Reputation

Official PoolTogether governance proposals, privacy policy, and ecosystem pages confirm that Cabana.fi and its subdomains are developed and hosted by G9 Software Inc. The open-source repository (github.com/GenerationSoftware/pooltogether-client-monorepo) lists cabana.fi as the main application. Positive coverage appears in Bankless and Medium articles recommending it as the official PoolTogether V5 frontend. However, independent security scanners (Gridinsoft) classify the domain as phishing and block access. No scam complaints or user warnings were found on Reddit, X, or review aggregators.

Risk Factors
7
  • 5 antivirus engines (ADMINUSLabs, Chong Lua Dao, CRDF, CyRadar, Kaspersky) flag the domain as malicious or phishing.
  • Independent security scanners classify app.cabana.fi as phishing and block user access.
  • Page solicits wallet connections and crypto deposits with large prize figures but no visible audit, regulatory disclosure, or security certification.
  • No contact email, phone, postal address, or social links visible on the page.
  • Tagline 'You can withdraw your full deposit at any time' is an unverifiable on-page claim used to reduce perceived risk.
  • Page is not indexed in global traffic rankings, suggesting low visibility or deliberate exclusion.
  • Visual risk score of 55/100 reflects the combination of wallet-solicitation patterns and missing trust signals.
Positive Signals
5
  • Domain is 1061 days old (~3 years), consistent with legitimate long-term DeFi infrastructure.
  • Confirmed as official PoolTogether V5 interface by G9 Software Inc., listed on pooltogether.com/ecosystem and pooltogether.com/builders.
  • Open-source repository on GitHub (github.com/GenerationSoftware/pooltogether-client-monorepo) provides transparency and community audit.
  • Positive coverage in reputable DeFi media (Bankless, Medium) recommending it as the official PoolTogether V5 frontend.
  • Valid SSL certificate and clean IP reputation (abuse score 0/100) indicate legitimate hosting infrastructure.
AI Recommendation
Do not enter payment details or connect your wallet to this site without independently verifying its authenticity through the official PoolTogether website (pooltogether.com) and GitHub repository. The antivirus flagging and security-scanner blocks create legitimate doubt, even though official documentation supports its legitimacy. If you use PoolTogether, access the interface only through links o
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of app.cabana.fi
LIVE RENDER
app.cabana.fi
1Prominent 'Deposit to win up to $71,886' headline combined with a 'Connect Wallet' CTA — classic crypto prize-pool pattern that solicits wallet connections and deposits

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

55
/ 100
High visual risk

Visual red flags detected in the screenshot

The page presents a DeFi 'prize savings' interface soliciting wallet connections and crypto deposits across multiple chains, with large prize figures and a reassurance that deposits are withdrawable — a pattern associated with both legitimate no-loss lottery protocols and high-risk imitation sites; no URL is legible to confirm domain authenticity.

Visual risk55/100

What our vision model saw

5 signals

Prominent 'Deposit to win up to $71,886' headline combined with a 'Connect Wallet' CTA — classic crypto prize-pool pattern that solicits wallet connections and deposits

Multiple prize pool cards displaying large dollar amounts across several blockchain networks (World, Gnosis, Optimism, Ethereum, Base, Arbitrum) with no visible audit or regulatory disclosure

Tagline 'You can withdraw your full deposit at any time' is an unverifiable on-page claim used to reduce perceived risk of depositing funds

No visible trust badges, terms of service links, regulatory information, or security audit seals anywhere in the rendered portion

Layout and branding (Cabana, palm-tree logo, purple theme, multi-chain prize vaults) is consistent with the known PoolTogether/Cabana DeFi prize savings protocol UI

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for app.cabana.fi, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
2.9 yrs
Registered Jul 2023
Business registration
Active · Unknown
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 1 complaint
Key findings
7 headline facts from open-web research
  • app.cabana.fi is the primary web interface for depositing, withdrawing, and browsing PoolTogether V5 prize vaults (no-loss lottery savings protocol).
  • Cabana.fi and subdomains (including app.cabana.fi) are developed and hosted by G9 Software Inc. / Generation Software, as confirmed in PoolTogether governance proposals, privacy policy, and builders page.
  • Explicitly listed and linked as an official interface on pooltogether.com/ecosystem and pooltogether.com/builders alongside pooltime.app.
  • Open-source repository: github.com/GenerationSoftware/pooltogether-client-monorepo with cabana.fi as the main app.
  • Positive coverage in DeFi media (Bankless article recommends cabana.fi as a main frontend for PoolTogether V5; Medium articles describe it as the official tool).
  • Gridinsoft security scanner (June 2026) flags the domain as phishing with a low trust score and blocks access; no other independent scam reports, complaints, or user warnings found on Reddit, X, or review sites.
  • Domain age of 1061 days (~3 years) aligns with legitimate long-term DeFi project infrastructure; no evidence of typosquatting or cloning of unrelated major brands.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • Gridinsoftopen

    "We flagged App.cabana.fi as phishing. The page behavior matches a common credential-theft flow: impersonation first, urgency second"

  • Gridinsoftopen

    "Gridinsoft blocks this website because it was classified as phishing. app.cabana.fi should not be treated as a safe website."

Business registration
Status: active · Unknown

Operated by G9 Software Inc. (also referred to as Generation Software), which hosts Cabana suite per PoolTogether governance proposal and privacy policy

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found 2 scam reports from independent security scanners (Gridinsoft) classifying app.cabana.fi as phishing and blocking access. However, official PoolTogether governance proposals, privacy policy, and ecosystem pages confirm that Cabana.fi and its subdomains are developed and hosted by G9 Software Inc. The domain is explicitly listed as an official interface on pooltogether.com/ecosystem and pooltogether.com/builders, with positive coverage in Bankless and Medium articles. The open-source repository on GitHub provides additional transparency. No user complaints, scam warnings, or negative reviews were found on Reddit, X, or independent review aggregators. The contradiction between antivirus flagging and legitimate governance backing suggests either a false-positive cascade or a security concern that warrants caution despite official endorsement.

Antivirus Engines

Detection matrix · live
7 engines flagged this URL

We cross-check every URL against our antivirus network of 93 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

5Malicious2Suspicious54Harmless93Engines
0
of 93
ADMINUSLabs
Malicious· malicious
Chong Lua Dao
Malicious· malicious
CRDF
Malicious· malicious
CyRadar
Malicious· phishing
Kaspersky
Malicious· phishing
alphaMountain.ai
Suspicious· suspicious
ESET
Suspicious· suspicious

7 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age3 years old
RegistrarHidden
RegisteredJul 13, 2023
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · R13
ExpiresAug 7, 2026 (59d)
Self-signedNo
Hosting & Technology
HostingVercel, Inc
Server locationUS
Web serverVercel

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1308http://app.cabana.fi/
  • 2200https://app.cabana.fi/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file1
ISPVercel, Inc
Usage typeContent Delivery Network

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Crypto Fraud
Crypto Fraud
Low-level signals
25/100
  • AI analyst tagged this as crypto fraud / wallet-drainer.
Phishing
Low-level signals
10/100
  • AI analyst tagged this as phishing.

Crypto scam / wallet-drainer indicators

The page shows patterns common to crypto-investment scams, fake airdrops, and wallet drainers.

  • Do not interact with app.cabana.fi

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Never paste your seed phrase anywhere

    Legitimate wallets, exchanges and support staff will never ask for your 12/24-word recovery phrase. Typing it into any website — even one that looks real — gives attackers full access to your funds.

  • If you already connected a wallet

    Revoke token approvals immediately using revoke.cash or Etherscan's Token Approvals tool. Move remaining funds to a fresh wallet (new seed phrase). Assume the original wallet is compromised.

  • Report the wallet and URL

    File a report at IC3 (FBI Internet Crime Complaint Center) or your country's cybercrime portal. Recovery is unlikely, but reports help law enforcement map the network.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags app.cabana.fi as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — app.cabana.fi scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. app.cabana.fi presents a valid TLSv1.3 certificate issued by Let's Encrypt · R13, expiring in 59 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • app.cabana.fi is 2.9 years old, registered on 7/13/2023. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 7 out of 93 antivirus engines in our malware network flagged app.cabana.fi as malicious or suspicious (5 outright malicious). Even one detection is a meaningful signal.
  • No. app.cabana.fi is not currently listed on the major browser blocklist feeds that modern browsers use.
  • app.cabana.fi resolves to an IP operated by Vercel, Inc in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

Final Verdict

0
Trust / 100
Final Verdict·app.cabana.fi
DANGEROUS

app.cabana.fi is the official web interface for PoolTogether V5, a legitimate no-loss lottery savings protocol, but multiple antivirus engines flag it as phishing or malicious, and independent security scanners block it — creating genuine confusion about whether this is a real service or a credential-theft imitation.

Do not enter payment details or connect your wallet to this site without independently verifying its authenticity through the official PoolTogether website (pooltogether.com) and GitHub repository. The antivirus flagging and security-scanner blocks create legitimate doubt, even though official documentation supports its legitimacy. If you use PoolTogether, access the interface only through links o

AV engines
93
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
vuzewin.com
1h ago
Read the review
Dangeroustrust31
gettintopc.net
1h ago
Read the review
Dangeroustrust42
myteamge.com
2h ago
Read the review
Dangeroustrust28
invitation.soltro.vu
2h ago
Read the review
Dangeroustrust36
getintopc.com
2h ago
Read the review
Dangeroustrust5
web3-finalto.top
3h ago
Read the review
Dangeroustrust1
receita.govpagamentos.com
3h ago
Read the review
Dangeroustrust45
aerwynne.myshoeboxlife.com
3h ago
Read the review
Dangeroustrust35
torrage.info
4h ago
Read the review
Dangeroustrust29
pay.teamhealth.com
5h ago
Read the review
Dangeroustrust45
globalnursing.mindauthors.com
5h ago
Read the review
Dangeroustrust1
bafkreia7m7wyi7xnltk5kqkoy4m3nssthp2vnjertouskbhqknycjtb2o4.ipfs.dweb.link
5h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.