This detection rule identifies messages containing links associated with the InterPlanetary File System (IPFS), specifically targeting those that include 'ipfs' in the domain or URL. The need for this rule arises from the recent discovery of phishing sites using IPFS to evade traditional web filtering mechanisms. The detection logic focuses on both links within the message body and specific characteristics of the domain. The rule explicitly excludes links from the legitimate 'ipfs.com' domain, as well as certain high-reputation domain hosts as identified in the Tranco and Umbrella lists. By analyzing sender profiles, the rule further mitigates false positives by considering the sender's history of malicious activity or spam.