MalwareTips
DANGEROUS

Tech-support scam — do not call

22 of 92 antivirus engines flag this page as malicious. Microsoft, Apple, and your ISP never call or pop up to ask for remote access or payment. Don't call any numbers shown, don't install "support" tools, and close the page — ideally by ending the browser process.

Security Review

Is rwen1.yianboa9nhiha5.com legit or a scam?

Our verdict:Dangerous· 1/100

Tech-support scam posing as a service notice; flagged by six antivirus engines including BitDefender and alphaMountain.ai as phishing.

Top reasons
Six antivirus engines flag the domain as malicious or phishing, including BitDefender and alphaMountain.ai.Domain registered only 106 days ago—typical of temporary scam infrastructure.Page displays a fake service notice designed to create urgency and direct users to a fake support channel.
rwen1.yianboa9nhiha5.comScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 18
Category tags
tech-support-scam#Tech Support Scam#Phishing92% MT confidence
Warning signals (1)
Domain is 3 months old

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
Engines flagged this URL
Domain Age
3 months old
Registered Feb 21, 2026
MT Intelligence
Dangerous
Critical likelihood · 92% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust18/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The page displays a fake 'Domain Notice' in English and Chinese claiming the address is 'no longer in service' and directing visitors to 'contact our online support team.' This is a classic tech-support scam pattern: create urgency and confusion, then funnel users to a fake support channel. Six antivirus engines—ADMINUSLabs, alphaMountain.ai, BitDefender, Chong Lua Dao, Cluster25, and CRDF—flag the domain as malicious or phishing. The domain was registered only 106 days ago, typical of throwaway scam infrastructure. The page contains zero legitimate contact details (no email, phone, or address), only a generic support link. The external domain loaded (cuia9-cioahqs9.com) is another suspicious indicator. The SSL certificate is valid but that alone does not legitimise a scam operation.
Full dossier
Analysis complete

Page Content

The page displays a bilingual 'Domain Notice' claiming the address is no longer in service and prompting visitors to contact an online support team. No legitimate business information, contact details, or service explanation is provided. The message is designed to create confusion and urgency, a hallmark of tech-support scams.

Infrastructure

The domain is hosted on IP 91.192.107.135 with a clean abuse score and no reported abuse history. SSL is valid (Sectigo, 259 days to expiry). However, legitimate infrastructure does not redeem malicious intent. The page loads an external domain (cuia9-cioahqs9.com), which may be used for credential harvesting or further phishing.

Domain History

Registered 106 days ago via GoDaddy with privacy protection disabled. The short age and throwaway-style domain name (rwen1.yianboa9nhiha5.com) are consistent with temporary scam infrastructure. The domain is not indexed in global traffic rankings, indicating no legitimate traffic or business presence.

Web Reputation

Six antivirus engines flag the domain as malicious or phishing: ADMINUSLabs (malicious), alphaMountain.ai (phishing), BitDefender (phishing), Chong Lua Dao (malicious), Cluster25 (phishing), and CRDF (malicious). Browser blocklists are clean, but the high antivirus detection rate is a strong signal. The page is categorised as a tech-support scam by our threat-intelligence layer.

Risk Factors
7
  • Six antivirus engines flag the domain as malicious or phishing, including BitDefender and alphaMountain.ai.
  • Domain registered only 106 days ago—typical of temporary scam infrastructure.
  • Page displays a fake service notice designed to create urgency and direct users to a fake support channel.
  • Zero legitimate contact information (no email, phone, or business address) on the page.
  • External domain (cuia9-cioahqs9.com) loaded on the page, likely used for credential harvesting.
  • Not indexed in global traffic rankings, indicating no legitimate business presence.
  • Scam-family match: Tech-Support Scam pattern confirmed by our threat-intelligence layer.
Positive Signals
3
  • Valid SSL certificate issued by Sectigo with 259 days to expiry.
  • Hosting IP has clean abuse reputation (0/100 abuse score, no reports).
  • No malware or suspicious code detected in our sandbox analysis.
AI Recommendation
Do not visit this site or click any links on it. Do not enter any personal, financial, or login information. If you received a link to this page, report it to your email provider or the platform where you found it.
Scam network detected
1 linked domain correlated

External domain cuia9-cioahqs9.com is loaded on the page and may be part of the same scam network used for credential harvesting or further phishing attacks.

cuia9-cioahqs9.com
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of rwen1.yianboa9nhiha5.com
LIVE RENDER
rwen1.yianboa9nhiha5.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for rwen1.yianboa9nhiha5.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
3 months
Registered Feb 2026
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Research summary
Narrative write-up from our AI analyst

No independent review aggregators provided ratings for this domain.

Antivirus Engines

Detection matrix · live
22 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

22Malicious0Suspicious43Harmless92Engines
0
of 92
ADMINUSLabs
Malicious· malicious
alphaMountain.ai
Malicious· phishing
BitDefender
Malicious· phishing
Chong Lua Dao
Malicious· malicious
Cluster25
Malicious· phishing
CRDF
Malicious· malicious
CyRadar
Malicious· phishing
Emsisoft
Malicious· phishing
ESET
Malicious· phishing
Forcepoint ThreatSeeker
Malicious· phishing
Fortinet
Malicious· phishing
G-Data
Malicious· phishing
Gridinsoft
Malicious· phishing
Kaspersky
Malicious· phishing
LevelBlue
Malicious· phishing
Lionic
Malicious· phishing
Netcraft
Malicious· malicious
Rising
Malicious· phishing
SOCRadar
Malicious· malware
Sophos
Malicious· phishing
VIPRE
Malicious· phishing
Webroot
Malicious· malicious

22 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Sandbox Render
Page rendered in a safe sandbox
Requests made0
Unique IPs0
Countries0
Detected brandsNone

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.
  • Scam family match: Tech-Support Scam.

Domain & Encryption

Domain History
Age3 months old
RegistrarGoDaddy.com, LLC
RegisteredFeb 21, 2026
ExpiresFeb 21, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.2
IssuerSectigo Limited · Sectigo Public Server Authentication CA DV R36
ExpiresFeb 21, 2027 (259d)
Self-signedNo
Hosting & Technology
HostingDREAM CLOUD INNOVATION LIMITED
Server locationJP
Web serverMicrosoft-IIS/8.5

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://rwen1.yianboa9nhiha5.com/
  • 2200https://rwen1.yianboa9nhiha5.com/

Server Reputation

Hosting
CountryUnknown
NetworkUnknown
IP addressUnknown
Abuse Intelligence
Confidence score0%
Reports on file0
ISPDREAM CLOUD INNOVATION LIMITED
Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

0 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Tech Support Scam
Tech Support Scam
High likelihood
0/100
  • Classic tech-support scare copy found (fake Microsoft/Apple alert, remote-access instructions).
  • Primary scraped category: fake tech-support page.
  • AI analyst tagged this as a tech-support scam.
Phishing
Low-level signals
0/100
  • AI analyst tagged this as phishing.

Tech-support scam — do not call

Pages like this impersonate Microsoft, Apple, or your ISP to trick you into calling a number or granting remote access.

  • Do not interact with rwen1.yianboa9nhiha5.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Do not call the number and do not install any "support" tool

    Microsoft, Apple, Google, and legitimate ISPs never show a pop-up with a phone number. Installing AnyDesk, TeamViewer, or "Windows Support" at their request hands over your computer.

  • Close the page — end the browser process if needed

    If the page has locked your browser, press Ctrl+Shift+Esc (Windows) or Cmd+Option+Esc (Mac) and end the browser task. Reopen your browser with "Don't restore tabs".

  • If you already gave remote access or paid

    Disconnect the device from the internet. Run a full scan with Malwarebytes or a reputable AV. Change your passwords from a different device. Call your bank to dispute any payment and request a new card.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

cuia9-cioahqs9.com

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

  • Our automated security review flags rwen1.yianboa9nhiha5.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Final Verdict

0
Trust / 100
Final Verdict·rwen1.yianboa9nhiha5.com
DANGEROUS

This is a tech-support scam domain masquerading as a service notice. Six antivirus engines flag it as phishing or malicious, the domain is only 106 days old, and it contains no legitimate business contact information—only a generic 'contact support' link designed to harvest credentials.

Do not visit this site or click any links on it. Do not enter any personal, financial, or login information. If you received a link to this page, report it to your email provider or the platform where you found it.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust16
brazil-2sl.pages.dev
1m ago
Read the review
Dangeroustrust1
speedpathlogistics.best
3m ago
Read the review
Dangeroustrust12
grok73k.com
3m ago
Read the review
Dangeroustrust9
ddose007.info.in
4m ago
Read the review
Dangeroustrust1
bitbotclaim.pages.dev
5m ago
Read the review
Dangeroustrust41
rainbet.com
5m ago
Read the review
Dangeroustrust5
multisecuredprotocol.pages.dev
7m ago
Read the review
Dangeroustrust1
lledger-com-start.pages.dev
7m ago
Read the review
Dangeroustrust1
regularisation-sante.com
9m ago
Read the review
Dangeroustrust1
akunpemulihan.my.id
9m ago
Read the review
Dangeroustrust37
download2343.mediafire.com
9m ago
Read the review
Dangeroustrust19
vidbox.pages.dev
28m ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.