MalwareTips
DANGEROUS

Critical risk detected

bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link is a look-alike (homoglyph) of a well-known domain. Our security stack flagged multiple threat indicators on this website. Don't enter personal information, deposit money, or download files.

Security Review

Is bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link legit or a scam?

Our verdict:Dangerous· 25/100

IPFS gateway page posing as EmailLogin to harvest email credentials, flagged by multiple phishing databases.

Top reasons
Page contains a login form requesting email and mailbox password with no legitimate service attached.Five separate phishing reports flag this exact IPFS link as a credential harvester.No business registration, contact details, or verifiable company information exists for the page.
bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.linkScanned 3d ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 67·MT 10
Category tags
phishing#Phishing#Data Harvester95% MT confidence
Technical red flags (1)
Lookalike domain suspected
Warning signals (1)
Scam-network signals (5/100)

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
Data unavailable
Domain Age
9 years old
Registered Feb 23, 2017
MT Intelligence
Dangerous
Critical likelihood · 95% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust10/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The page displays a login form titled EmailLogin that requests an email address and mailbox password under a Secure Mail Server label. Our research found five separate reports from phishing trackers explicitly identifying this exact CID and similar dweb.link gateways as credential-harvesting phishing pages. The domain uses a public IPFS gateway with no business registration or contact details, and the content shows no legitimate service. Hosting on .link TLD combined with the generic form and zero positive signals further supports the malicious classification. The clean visual styling does not change the clear intent shown in the body text and external reports.
Full dossier
Analysis complete

Page Content

The page renders a clean login form asking for email and password with the title EmailLogin and a Secure Mail Server label. No contact information, addresses, or legitimate business details appear anywhere on the page.

Infrastructure

Hosted on IP 209.94.90.2 via public IPFS gateway with valid SSL from Let's Encrypt. The IP shows minimal abuse history but the content is a known phishing template.

Domain History

The underlying dweb.link gateway has existed for years, but this specific content-addressed resource has no business registration and appears only in threat feeds.

Web Reputation

Five independent reports label the page as a phishing credential harvester with no counterbalancing positive mentions or reviews found.

Risk Factors
4
  • Page contains a login form requesting email and mailbox password with no legitimate service attached.
  • Five separate phishing reports flag this exact IPFS link as a credential harvester.
  • No business registration, contact details, or verifiable company information exists for the page.
  • Hosted on public IPFS gateway with .link TLD commonly associated with low-trust content.
Positive Signals
2
  • SSL certificate is valid and issued by Let's Encrypt.
  • Hosting IP shows low abuse score in reputation data.
AI Recommendation
Close the page immediately and do not enter any credentials. If you need email access, go directly to your provider's official website.
Scam network detected
2 linked domains correlated

Short name on low-trust .link TLD over-represented on scam farms; uses common CDN resources seen in phishing templates.

cdn.jsdelivr.netcdnjs.cloudflare.com
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link
LIVE RENDER
bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link
1Vague 'Secure Mail Server' label with black dot shown below login button

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

25
/ 100
Moderate visual risk

Visual red flags detected in the screenshot

Clean, fully rendered login form with professional styling and no visible scam patterns such as urgency timers, fake badges, or intrusive elements.

Visual risk25/100

What our vision model saw

1 signal

Vague 'Secure Mail Server' label with black dot shown below login button

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
9.3 yrs
Registered Feb 2017
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
5 scam reports
Key findings
6 headline facts from open-web research
  • Exact domain appears in urlquery.net malware/phishing scan report dated 2026-06-01
  • Page title consistently "EmailLogin" across multiple similar IPFS CIDs on dweb.link
  • Multiple phishing trackers (phishstats.info, phishdestroy.io, pcrisk.com) flag identical "EmailLogin" forms on ipfs.dweb.link as credential harvesters
  • Hosted via Protocol Labs IPFS gateway (IP 209.94.90.2/3); content is decentralized but accessed publicly
  • Listed in threat feeds such as iavsoft.com daily updated threats
  • No business registration, reviews, or legitimate service references found for this specific CID or pattern
Scam reports (5)
Direct quotes from public scam databases, forums, and news.
  • urlquery.netopen

    "bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link/. screenshot. 209.94.90.2. 2026-06-01 17:27"

  • pcrisk.comopen

    "The page shown in the screenshot presents a generic "EmailLogin" form asking for an email address and mailbox password... designed to collect email credentials."

  • phishdestroy.ioopen

    "The page poses as an EmailLogin portal, tricking users into surrendering mailbox credentials. No overt brand impersonation or drainer..."

  • phishstats.infoopen

    "Phishing report: dweb.link (US) ... EmailLogin ... IPFS Service Worker Gateway"

  • iavsoft.comopen

    "https://bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link/ listed under Daily Updated Threats"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Multiple independent sources including urlquery.net, pcrisk.com, phishdestroy.io, phishstats.info, and iavsoft.com have flagged this exact IPFS-hosted page as a phishing attempt collecting email credentials. Reports describe it as a generic EmailLogin form with no legitimate business presence. No positive reviews or registrations were found for the CID or pattern.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Low correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (1)
  • Short name on low-trust .link TLD — over-represented on scam farms.
Linked signals (3)
cdn.jsdelivr.netcdnjs.cloudflare.comPattern · LOW Trust TLD

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age9 years old
RegistrarCSC Corporate Domains, Inc.
RegisteredFeb 23, 2017
ExpiresFeb 23, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · E8
ExpiresAug 21, 2026 (79d)
Self-signedNo
Hosting & Technology
HostingProtocol Labs
Server locationUS
Web servercloudflare

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
Suspected
Punycode
No
  • 1301http://bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link/
  • 2200https://bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file1
ISPProtocol Labs
Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

0 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Phishing
Phishing
Low-level signals
0/100
  • AI analyst tagged this as phishing.

Phishing site — act fast

This page shows signs of attempting to steal credentials or impersonate a trusted brand.

  • Do not interact with bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • If you already typed your password — change it now

    Change the password on the legitimate site and anywhere else you re-used it. Turn on two-factor authentication. Review recent account activity.

  • Report the phishing URL

    APWG (Anti-Phishing Working Group) accepts phishing reports at reportphishing@apwg.org. Google Safe Browsing reports help protect other users.

    Open
  • Get help on the forum

    MalwareTips members can help you assess damage and next steps.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

fonts.googleapis.comcdn.jsdelivr.netcdnjs.cloudflare.com

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

  • Our automated security review flags bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Final Verdict

0
Trust / 100
Final Verdict·bafkreiegbqbcfv3bye424hhdqirq2wqiftdkjywtxlivtmx4zyhzkotcta.ipfs.dweb.link
DANGEROUS

This IPFS-hosted page is a fake EmailLogin form built to steal mailbox credentials. Multiple independent trackers confirm it as phishing with no legitimate business behind it. Do not enter any email or password.

Close the page immediately and do not enter any credentials. If you need email access, go directly to your provider's official website.

AV engines
MT passes
2
Net signals
3
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
loureiru.lol
37m ago
Read the review
Dangeroustrust14
cinewhale.cc
56m ago
Read the review
Dangeroustrust39
kabjember.com
2h ago
Read the review
Dangeroustrust41
by42.arswdppo.top
3h ago
Read the review
Dangeroustrust21
astral-games.xyz
3h ago
Read the review
Dangeroustrust25
oneshippros.com
3h ago
Read the review
Dangeroustrust34
movies4u.as
3h ago
Read the review
Dangeroustrust40
cineby.gd
3h ago
Read the review
Dangeroustrust14
lipopeakdrops.com
3h ago
Read the review
Dangeroustrust15
yooutube.com
7h ago
Read the review
Dangeroustrust1
youareanidiot.com
7h ago
Read the review
Dangeroustrust12
flixhd.cc
8h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.