Cybercriminals Use CloudFlare’s IPFS Gateway For Phishing Attacks

By Nitish Singh / October 4, 2018

Cybercriminals have found a way to take advantage of Cloudflare’s newly launched IPFS gateway for phishing attacks. The gateway is used in similar fashion to how online attackers take advantage of Azure Blob storage to make login forms look secure and issued by Microsoft.

IPFS is defined as a “peer-to-peer or distributed file system that allows you to share files that will also be distributed to other computers, or nodes, throughout the networked file system. This makes it difficult to take down content stored on IPFS because even if one node is removed, the content will still be available from other nodes.”

Phishing Form Submission Pages

Image Courtesy of Bleeping Computer

Cloudflare SSL protection is deemed to be secure, and browsers do not provide any warnings when visiting websites using IPFS gateways from the company. Phishing attacks take advantage of the security and lure unsuspecting internet users into putting in their personal data on unsecured websites.

Docusign Phishing Site

Image Courtesy of Bleeping Computer

Attackers store the HTML data for phishing websites on the IPFS gateway and display the fake websites via the platform. With an SSL certification issued by Cloudflare, most users will be convinced about the legitimacy of the website and enter their private data.

According to bleeping computer, the pages scanned were being operated by attackers from There are a large number of phishing URLs related to the website, and a number of form submission pages redirect to the platform.

The attackers have been involved with a large number of online phishing schemes this year. Even though most of the URLs do not look legitimate, many internet users are careless about their data and rush into putting their personal data into websites. The findings come right after Cloudflare and Google partnered to offer a new anti-censorship app that takes advantage of both Google and Cloudflare’s DNS servers to prevent DNS manipulation.

What do you think about the phishing attacks taking advantage of Cloudflare’s platform? Let us know in the comments below. And, make sure to follow us on Facebook and Twitter for the latest updates. Thanks!

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: