Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://bafkreia5ihvxa3nwohacg5auov7n6ah5rmawhnhm5vo3cddhnmq3mdv7gq.ipfs.dweb.link
Detected Brand
Unknown
Country
International
Confidence
95%
HTTP Status
200
Report ID
257f8c7d-4fdâŠ
Analyzed
2026-02-22 10:26
Final URL (after redirects)
https://bafkreia5ihvxa3nwohacg5auov7n6ah5rmawhnhm5vo3cddhnmq3mdv7gq.ipfs.dweb.link/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A0514471B004BC734282C6E4B2F16B1B35D7C219CF633A0467FC879E5AF6C89DA19589 |
|
CONTENT
ssdeep
|
48:nkJWhc81C9bK3uBiOylgFxIvJhh6J3ZWADMDwcnpHevk:nBJMKunjFOvvh61X4bpHes |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f6a6cc9999886666 |
|
VISUAL
aHash
|
fffee4f8fce4f8e0 |
|
VISUAL
dHash
|
00004c10084c3000 |
|
VISUAL
wHash
|
fcf8e0f8f8e0e0c0 |
|
VISUAL
colorHash
|
070060000c0 |
|
VISUAL
cropResistant
|
00004c10084c3000,d0243202642428c0 |
Code Analysis
Risk Score
65/100
Threat Level
ALTO
â ïž Phishing Confirmed
ð£ Credential Harvester
ð¬ Threat Analysis Report
⢠Threat: Phishing
⢠Target: Webmail users
⢠Method: Credential harvesting
⢠Exfil: Potentially any endpoint capable of receiving data, especially with obfuscation
⢠Indicators: IPFS hash URL, login form, JavaScript obfuscation
⢠Risk: HIGH
ð Obfuscation Detected
- atob
- fromCharCode
- hex_escape
- unicode_escape
- js_packer
ð Risk Score Breakdown
Total Risk Score
95/100
Contributing Factors
Suspicious URL
IPFS hash is not a legitimate domain.
Login Form
Requesting sensitive login information.
Obfuscation
Code obfuscation used to hide malicious code from detection.
ð¬ Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
General public
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
â ïž Indicators of Compromise
- Kit types: Credential Harvester
- 1806 obfuscation techniques
ð¢ Brand Impersonation Analysis
Impersonated Brand
Unknown - Webmail
Fake Service
Webmail login
âïž Attack Methodology
Primary Method: Credential harvesting
The attacker aims to steal user credentials by presenting a fake login form that mimics the appearance of a webmail service. The user enters their email and password, which is then sent to the attacker.
ð Infrastructure Indicators of Compromise
Domain Information
Domain
bafkreia5ihvxa3nwohacg5auov7n6ah5rmawhnhm5vo3cddhnmq3mdv7gq.ipfs.dweb.link
Registered
2017-02-24
Registrar
Unknown
Status
Active
ð€ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://bafkreiegwxj3pfnc2yw57fzl7tfjmdhqqa3qczjjcretig7quyw...
Mar 19, 2026
Unknown
https://bafkreial2cuys7iusfolkwwkfnlitggozipsvdyq7lg4wo4z7tw...
Mar 16, 2026
Platform.co.uk
https://bafkreietmq2owe4mmr4olp44ogax3zu5zxvomkq5cawnxu5viva...
Feb 27, 2026
Pkobp
https://bafkreigpc2vwbbztkll32zobc4asja44hmms2qxkhvypcw4moxt...
Feb 24, 2026
Unknown
https://bafkreibrbyrcuoxifhtpqgkshrysa5uq2u332vhtmzvui7gtius...
Feb 05, 2026
Scan History for bafkreia5ihvxa3nwohacg5auov7n6ah5rmawhnhm5vo3cddhnmq3mdv7gq.ipfs.dweb.link
Found 1 other scan for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.