This detection rule is crafted to identify suspicious network communication associated with the InterPlanetary File System (IPFS), specifically targeting instances where a user's email address is exposed in the URI. Recent phishing campaigns have exploited IPFS to host malicious credential harvesting webpages, thus necessitating the detection of such behavior. The rule utilizes a regex pattern to search for URIs that contain known IPFS URLs combined with an email address format, suggesting potential credential theft activities. The rule is categorized under low severity, as while it addresses a valid threat vector, false positives may occur due to legitimate uses of IPFS within an organization. Practical implementation of this rule requires careful consideration of the context in which IPFS is used in the environment, ensuring that necessary safeguards against overshadowing legitimate activity are established.