bafkreia7m7wyi7xnltk5kqkoy4m3nssthp2vnjertouskbhqknycjtb2o4.ipfs.dweb.link
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of bafkreia7m7wyi7xnltk5kqkoy4m3nssthp2vnjertouskbhqknycjtb2o4.ipfs.dweb.link
This URL appears to be an IPFS-hosted page delivered through the dweb.link gateway, which is associated with decentralized web content distribution. The hostname structure suggests a content-addressed resource rather than a conventional branded website, and the page metadata references an IPFS service worker gateway operated within the broader Protocol Labs ecosystem.
However, the visible page content does not match a typical informational IPFS gateway page. Instead, the screenshot shows a generic "EmailLogin" form requesting an email address and mailbox password, presented as a "Secure Mail Server" login. Based on the domain format, lack of branding, and the mismatch between the metadata and the rendered content, this page appears to be a credential-harvesting login lure rather than a legitimate email service portal.
Safety Assessment for bafkreia7m7wyi7xnltk5kqkoy4m3nssthp2vnjertouskbhqknycjtb2o4.ipfs.dweb.link
Multiple security signals indicate elevated risk at the time of this scan. The URL was flagged by 16 out of 91 security engines, with the detections broadly classifying it as phishing or malicious. The screenshot also shows a generic email-password collection form on an unbranded IPFS gateway URL, which is a common pattern used in credential theft campaigns. This combination of multi-engine consensus and deceptive login-style content is a strong warning sign.
The malware scan also reported a suspicious object associated with the page, and one referenced link/domain was flagged during analysis. In addition, the domain's IP address is listed on one mail-reputation blocklist, which is a weaker signal on its own but still worth noting. Although some blacklist databases were clean at the time of this scan, the overall evidence is outweighed by the phishing detections and the page's apparent attempt to collect mailbox credentials.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site is served over a valid Let's Encrypt certificate and appears to be fronted by Cloudflare infrastructure, with hosting attributed to Protocol Labs and an IP address located in San Francisco, United States. The domain has existed for several years, uses Cloudflare nameservers, and DNSSEC is unsigned. The long age here appears to reflect the gateway domain rather than the trustworthiness of the specific IPFS-hosted content.
From a technical perspective, this is not a typical standalone website but a content-addressed resource hosted through an IPFS gateway. That delivery model can make abusive pages harder to attribute and remove quickly. The mismatch between the benign-looking IPFS gateway metadata and the rendered credential form is a notable concern, and the flagged content path further supports the possibility of deceptive behavior.
Share your experience with this website. Was it safe? Did you encounter any issues?