ScanMalware.com

Security Scan Report: bafkreicbdkvqb7e2flcg4wm6okkyijx5zmut7aamqxeq5s7kmr7syai5xa.ipfs.dweb.link

Submitted: Nov 2, 2025, 10:26:15 PMCompleted: Nov 2, 2025, 10:27:14 PMpubliccompleted
Loading additional data...

Summary

This website contacted 19 IPs in 2 countries across 7 domains to perform 12 HTTP transactions. The main domain is bafkreicbdkvqb7e2flcg4wm6okkyijx5zmut7aamqxeq5s7kmr7syai5xa.ipfs.dweb.link and was registered NaN years ago.

Submitted URL: https://bafkreicbdkvqb7e2flcg4wm6okkyijx5zmut7aamqxeq5s7kmr7syai5xa.ipfs.dweb.link/

AI Security Verdict

High Risk

Confidence: 92%

9
Risk Score

High‑risk phishing page hosted on IPFS; likely credential harvesting.

Risk Factors
IPFS hosting combined with credential collection
Credential harvesting form on a non‑official domain
Hidden password field indicating attempt to obscure input
Brand impersonation (Webmail) on an unusual domain
Unranked domain increasing suspicion
Domain age information unavailable

Details

Page Title

Webmail Sign-in

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Domain 'bafkreicbdkvqb7e2flcg4wm6okkyijx5zmut7aamqxeq5s7kmr7syai5xa.ipfs.dweb.link' uses the .link top-level domain, featuring subdomain 'bafkreicbdkvqb7e2flcg4wm6okkyijx5zmut7aamqxeq5s7kmr7syai5xa.ipfs'. The second-level label 'dweb' is 4 characters long with 1 vowel and three consonants. Splitting it apart reveals two words: d, web. Median word length comes out to 2 characters. Most frequently, 'd' shows up in Catalan. Usage also turns up in Breton and Chinese (Zhuyin) contexts.

Screenshot

Security scan screenshot of https://bafkreicbdkvqb7e2flcg4wm6okkyijx5zmut7aamqxeq5s7kmr7syai5xa.ipfs.dweb.link/

Page Load Overview

27.70s
Total Load Time
12
HTTP Requests
7
Domains
108 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:241 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
12142.250.186.42United States
AS15169GOOGLE
0104.16.174.226United States
AS13335CLOUDFLARENET
0142.250.184.228United States
AS15169GOOGLE
0172.67.74.152United States
AS13335CLOUDFLARENET
0104.16.175.226United States
AS13335CLOUDFLARENET
0216.58.206.36United States
AS15169GOOGLE
0209.94.90.3United States
AS40680PROTOCOL
0142.250.186.99United States
AS15169GOOGLE
02a00:1450:4001:80e::2004Frankfurt am Main, Hesse, Germany
AS15169GOOGLE
0209.94.90.2United States
AS40680PROTOCOL
1219--

Detected Technologies5

IPFS
40%
HTTP/3
40%
Cloudflare Bot Management
40%
Cloudflare
40%
jsDelivr
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T16832E762ABBD043D3293D0B931F5A7847E31C107DF41099A78AD29954FCAE8648777C8

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:U7Uq6jfD9jTZLox1JJyo4+KJAM7R0eyiYtmfdrisLiZi4jb2UO4UWOA+:UABX0eyij1riyiZi4jDUW8

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:11656:AEYK4lSAJAj9rMAtARTkYRCqJIQQALBAGTgX0ABXm0qxszAQAEk8BmGEmwn4z0gkQIAQIWQIQwCMlIQIAEhQKEgJCwIojOOg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffc3c3ffffffffff
Perceptual Hash:b13164cece9b9931
Difference Hash:0016160000000000
Wavelet Hash:fcc0c0fcf0f0f0f0
Color Hash:#4062bf

Other Hashes

Crop Resistant:0016160000000000

Scan History

Scan history not available

Unable to load historical scan data