Phishing Analysis: Platform.co.uk

Visual Capture

Screenshot of bafkreietmq2owe4mmr4olp44ogax3zu5zxvomkq5cawnxu5vivaa7tzabq.ipfs.dweb.link

Detection Info

https://bafkreietmq2owe4mmr4olp44ogax3zu5zxvomkq5cawnxu5vivaa7tzabq.ipfs.dweb.link/?V2J7Q8KXN=XJ2K5N9PVLYnJpZGdldC5maXR6Z2VyYWxkQHBsYXRmb3JtLmNvLnVrBV9X2J7PKL

Detected Brand

Platform.co.uk

Country

UK

Confidence

95%

HTTP Status

200

Report ID

1df9456d-926…

Analyzed

2026-02-27 06:24

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T123413230A028A8631292C6D877E12B1B35D6C30ACF526B0563FC939967FAD09ED29498
CONTENT ssdeep	24:niPVCCcASZcmDGguDfEaQybnKn/9P6uRPOzRQ6+NeJoFHNHzipkEKHVJFg4uB/es:nCVWhcqGgC9bKVPTJnFHB2K13DHHsN

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	f6a6cc9999886666
VISUAL aHash	ffffe6fee4e4f8f0
VISUAL dHash	00104c100c4c3000
VISUAL wHash	fcf8e0f8f8e0e0c0
VISUAL colorHash	070060000c0
VISUAL cropResistant	00104c100c4c3000,c026292c242528c0

Code Analysis

Risk Score 53/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Platform.co.uk users
• Method: Impersonation of login page using a suspicious domain and IPFS.
• Exfil: Email and Password
• Indicators: Obfuscated Javascript, form submission, suspicious URL.
• Risk: HIGH

🔒 Obfuscation Detected

atob

📡 API Calls Detected

POST

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Suspicious Domain

The domain is not a registered domain and uses IPFS for hosting.

Form Submission

The page includes a form requesting email and password.

Obfuscated Javascript

atob code detected, indicates malicious behavior and attempts to hide what is being done by the javascript.

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

Platform.co.uk users (UK)

Attack Method

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester
3 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Platform.co.uk

Official Website

platform.co.uk

Fake Service

Login Portal

⚔️ Attack Methodology

Primary Method: Credential Harvesting

This is a phishing site designed to steal login credentials. The attacker will likely use the stolen credentials to access the user's platform.co.uk account.

Secondary Method: Social Engineering

The attacker uses the visual layout of Platform.co.uk to trick the user to enter their credentials. This is because it is hosted on IPFS and can be accessed by anyone, so this makes it easier for the attacker to avoid detection by security tools. It also can spread by people sharing the IPFS link.