Security Scan Report: bafkreihhqmsab3s2vhiyta2er32smfqnzp4sqd7g67a6s5cg6xm77wbgdm.ipfs.dweb.link

Submitted: Nov 17, 2025, 9:44:18 AMCompleted: Nov 17, 2025, 9:44:52 AMpubliccompleted
Loading additional data...

Summary

This website contacted 25 IPs in 2 countries across 7 domains to perform 12 HTTP transactions. The main domain is bafkreihhqmsab3s2vhiyta2er32smfqnzp4sqd7g67a6s5cg6xm77wbgdm.ipfs.dweb.link.

Submitted URL: https://bafkreihhqmsab3s2vhiyta2er32smfqnzp4sqd7g67a6s5cg6xm77wbgdm.ipfs.dweb.link/

The Cisco Umbrella rank of the primary domain is #174,969 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 95%

9
Risk Score

Confirmed phishing site harvesting credentials; avoid interaction.

Risk Factors
IPFS hosting combined with password collection
Brand impersonation on an untrusted domain
New/unregistered domain presenting a login page
Credential harvesting form without visible security indicators
Domain age information unavailable

Details

Page Title

Webmail Sign-in

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

suspicious phishing

(27%)

Domain Information

The domain name 'bafkreihhqmsab3s2vhiyta2er32smfqnzp4sqd7g67a6s5cg6xm77wbgdm.ipfs.dweb.link' uses the .link top-level domain; it also runs on subdomain 'bafkreihhqmsab3s2vhiyta2er32smfqnzp4sqd7g67a6s5cg6xm77wbgdm.ipfs'. The registrable portion 'dweb' spans 4 characters with one vowel and 3 consonants. Splitting it apart reveals 2 words: d, web. The median word length lands at two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://bafkreihhqmsab3s2vhiyta2er32smfqnzp4sqd7g67a6s5cg6xm77wbgdm.ipfs.dweb.link/

Page Load Overview

9.30s
Total Load Time
12
HTTP Requests
7
Domains
108 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:241 chars
Detector Agreement:100%

Website Classification

Primary Category

suspicious phishing27% confidence
Type: static
Method: ml+structural

All Detected Categories

suspicious phishing
27%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
12142.251.140.164United States
AS15169GOOGLE
0142.250.186.132United States
AS15169GOOGLE
0104.26.12.205United States
AS13335CLOUDFLARENET
0104.16.174.226United States
AS13335CLOUDFLARENET
0151.101.193.229San Francisco, California, United States
AS54113FASTLY
0209.94.90.3United States
AS40680PROTOCOL
0209.94.90.2United States
AS40680PROTOCOL
0142.250.186.74United States
AS15169GOOGLE
0104.16.175.226United States
AS13335CLOUDFLARENET
0142.250.186.99United States
AS15169GOOGLE
1225--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1B732F762ABF9043D3293D0B931F5A7847E35C107DF41499A78BE2A944FCAE8648777C8

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:U7Uq6jfD9jTZLox1JJyo4+KJAM7R0eyiYtmfePrisLiZi4jb2UO4UWOA+:UABX0eyijGPriyiZi4jDUW8

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:11656:AEYK4lSAJAj9rNAtARTkYRCqJIQQALBACTgX0ABXm0qxszAQAEk8BmGEmwn4z0gkQIAQIWQIQwCMlIQIAEhQKEgpCwIojOOg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffc3c3ffffffffff
Perceptual Hash:b13164cece9b9931
Difference Hash:0016160000000000
Wavelet Hash:fcc0c0fcf0f0f0f0
Color Hash:#2d8646

Other Hashes

Crop Resistant:0016160000000000

Scan History

Scan history not available

Unable to load historical scan data