Tactic or Technique: IPFS

Attackers use IPFS, the InterPlanetary File System, to host phishing pages, malware, and other malicious content in a way that’s difficult to take down. Unlike traditional hosting, IPFS is decentralized, so content is distributed across many nodes instead of sitting on a single server.
A phishing email may include a link that appears to lead to a legitimate website but actually points to an IPFS gateway. Blocking one gateway isn’t enough—the content stays live as long as it’s being shared, and can be accessed through any public node. Each file has a unique identifier, making it easy for attackers to keep it online and hard for defenders to remove.
This tactic gives attackers persistence and reach. Security tools that rely on domain reputation or blocklists often miss these links, creating longer exposure windows for malware delivery or credential theft.
Attack Types (2):
Credential Phishing
Malware/Ransomware
Detection Methods (6):
Sender analysis
URL analysis
File analysis
Natural Language Understanding
Whois
Content analysis
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: IPFS
3mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
IPFS
Sender analysis
URL analysis
Attachment: EML file with IPFS links
5mo ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
IPFS
File analysis
URL analysis
Vendor compromise: GovDelivery message with suspicious link
8mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Free subdomain host
IPFS
Social engineering
Evasion
Impersonation: Brand
Natural Language Understanding
URL analysis
Whois
Credential phishing: Engaging language with IPFS link
2y ago
May 3rd, 2024
Sublime Security
Credential Phishing
Free file host
Free subdomain host
IPFS
Content analysis
Natural Language Understanding
URL analysis