Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
May 28, 2024, 12:59 p.m.
Tags
External References
Description
Netskope Threat Labs has been tracking an increase in phishing campaigns hosted on Cloudflare Workers. The campaigns use techniques like HTML smuggling and transparent phishing to evade detections. The phishing pages target Microsoft and Google credentials. Netskope recommends inspecting web traffic to detect and block phishing sites.
Date
Published: May 28, 2024, 12:36 p.m.
Created: May 28, 2024, 12:36 p.m.
Modified: May 28, 2024, 12:59 p.m.
Indicators
yellow-recipe-c615.wl5n4b9b.workers.dev
wood-82c2.jayden1077.workers.dev
voice-chat-e42b.gzklq0kj.workers.dev
wilmse-d767.eoethehorbmnlkntua.workers.dev
uniame-2818.carirentfrsae.workers.dev
ungamj-98bc.neglmlnaay.workers.dev
undec-ab94.djuleircendku.workers.dev
ueana-a505.ncaielazulep.workers.dev
still-poetry-77cd.uitsnnassdtaa3215.workers.dev
shiny-bar-1128.javion1086.workers.dev
shhared-sea-d6d3.krystengraff.workers.dev
sheetrm-1c7f.krystengraff.workers.dev
sheets-term-2b6f.amariruth.workers.dev
sheetg-a014.tyron1133.workers.dev
sharedsing-2723.emmalopes.workers.dev
sheeetss-99b3.sbretasaheliba.workers.dev
shared-grass-549a.uriahmontague.workers.dev
share-wcloud-4b35.uytsaiteqcnljwr.workers.dev
share-one-paper-46a2.rilceharrlyeav.workers.dev
run-sun-a3dc.santanaharmon.workers.dev
shadoc-unit-d523.einureqbaftjc.workers.dev
share-field-7570.yralecaeaghnrsn.workers.dev
recore-3b5e.ilimamecasm.workers.dev
reconnec-tree-fb13.aybnmmtiluah.workers.dev
rondoc-b7ce.lvauayt.workers.dev
proposal-ce2a.cullen1015.workers.dev
pucoby-5cc9.idkiahstknaa.workers.dev
projeeect-sunset-27f3.citlaliheck.workers.dev
project-base-4b4d.tierfaitneuro.workers.dev
profile-auth-51b7.s9afo8oi.workers.dev
penca-cbd8.ilodnswfalen.workers.dev
orange-math-f65b.naacraleindir.workers.dev
oudslc-docs-4c58.pchgpwahni.workers.dev
orebu-cloud-3bde.lwvemrlaensi.workers.dev
nuclo-b1bb.laseiphnel.workers.dev
onionss-78f4.eihnialonmfre.workers.dev
omudipe-3e72.itrlcuvapioelcr.workers.dev
munal-ed0b.lsoysraiae.workers.dev
misty-pond-905a.skniapeoosrp4335.workers.dev
mursu-e366.irakfflazrtgy.workers.dev
messges-bar-9caa.yilurqr6.workers.dev
lucky-mountain-1a8a.88d2jrux.workers.dev
lucky-cloud-09ff.gehabumferv.workers.dev
inv-shee-0d26.ieislnqveulte.workers.dev
late-river-17c7.pn2dotnx.workers.dev
jundoc-sunset-a630.trumneannmseretan.workers.dev
hycloud-c6f3.ylunndoiclrdaa.workers.dev
inboxx-89f1.nkbrehmyetae.workers.dev
id-dew-ad5f.gzklq0kj.workers.dev
hero-thunder-ef0c.lexiegamboa.workers.dev
heets-sun-8ff8.bethbess.workers.dev
haluuu.aardhnrscidcahr.workers.dev
greg-56e7.lleabtiswhe.workers.dev
ground-violet-e1ad.jackreedy.workers.dev
grehu-6d48.aedlripreaz.workers.dev
gentle-feather-d68f.ansley1024.workers.dev
green-shared-211d.ecormllhoi.workers.dev
gentle-voice-fa8b.epd5tuee.workers.dev
generals-dawn-cf0d.dnayipmrindk.workers.dev
frosty-document-5022.dscgs8xo.workers.dev
geea-d27e.elrtuearsddecul.workers.dev
fragrant-mode-6a69.trnnnraibaomti.workers.dev
field-6344.kaley1087.workers.dev
filrem-clouds-f600.larerercgbanelu.workers.dev
falling-hall-35ca.bzefiragnloe1965.workers.dev
fancy-cherry-de6f.8n2jthl6.workers.dev
enjucm-6424.anotudhoeah.workers.dev
encaon-568f.adademord.workers.dev
egfyua-winter-sea-8755.smilingpurple.workers.dev
dry-scene-66f4.so3yeui8.workers.dev
dooocss-5d06.uerupmmllyd.workers.dev
drecloud-1fce.eteispafntejrntan.workers.dev
doooc-cebf.rglegagaoali.workers.dev
doocloud-323b.teerhanlnuchmar.workers.dev
doccc-inv-5685.fsealerly.workers.dev
dooc-dar-b916.slrheeibtuebsid.workers.dev
dhocs-haze-a290.nuiblalrlewln.workers.dev
danu-8a19.nldatwuiassdreeio.workers.dev
dark-river-79b4.jamar1026.workers.dev
d0ocs-ow-9c42.nganarxnksoroo.workers.dev
crownjul-dreasm-7206.olinltjsacnrai.workers.dev
crimson-flower-941f.3invyzig.workers.dev
crimson-cell-4c00.9kgfjtlv.workers.dev
crdoc-term-8097.kasrhienddnhasae.workers.dev
coreplesk-cake-7dbf.leacshlenmmdgza.workers.dev
core-bonus-3844.caileymcclendon.workers.dev
clouuu-1faa.uicnotksbreal.workers.dev
cold-frost-1951.enktcrljfezatoa6437.workers.dev
clouuss-c438.eniatolitse.workers.dev
clouud-1ea1.ehebarotnittk.workers.dev
clouuds-haze-bca9.esalasaimr-c19.workers.dev
cloudsss-e610.rnailruarffoi.workers.dev
clouds-tree-bbeb.lexiegamboa.workers.dev
clous-lab-662a.tlavaeonryersvs.workers.dev
clouds-scene-ed7a.emiliafalk.workers.dev
clouds-tain-fce5.cmcayeyuhnaess.workers.dev
clouds-scene-ad2d.alessandraquinn.workers.dev
clouds-pine-bd47.iodoeamnnsc.workers.dev
clouds-ocd-87e8.nswoadaas.workers.dev
clouds-inv-2f38.oednlakueupsap.workers.dev
clouds-frog-f374.yralecaeaghnrsn.workers.dev
clouds-cake-4525.teairncakli.workers.dev
clouds-bird-906f.inlukbatehret.workers.dev
cloude-dd47.aeancsesekhi.workers.dev
cloudl-191c.aoapuulz.workers.dev
clouds-33b3.citlaliheck.workers.dev
cloudd-9049.tolevilmtohean.workers.dev
cloude-15e5.karsonjacobsen.workers.dev
clouddd-1d8c.eleutamdcdla.workers.dev
cloudd-5d85.eatsosyannatr.workers.dev
cloud-new-grass-82b7.ptakptasyenlki.workers.dev
cloud-init-8373.nuzsidlneae.workers.dev
cloud-base-3540.jalincrowe.workers.dev
cloud-connectors-a7ad.liis6wf5.workers.dev
cloud-3300.lnrtygtenaeailce.workers.dev
cloouds-bar-84ac.slrheeibtuebsid.workers.dev
cloosud-776c.lnskeaysldoavar.workers.dev
cloicel-8251.uckldadoaierbex.workers.dev
chatss-feather-5154.eebufrdrrmsngueum.workers.dev
chaaat-a150.ahiamsomkyyuo.workers.dev
chare-docs-a528.rdleajodex.workers.dev
blou-79bc.hedozriikbe.workers.dev
bitter-glitter-3cd5.epd5tuee.workers.dev
basedbar-df19.joanapatterson.workers.dev
autumn-recipe-1448.5o662488.workers.dev
autumn-haze-7b45.fhzpzvz6.workers.dev
assets-wind-7719.coralcleary.workers.dev
asset-meadow-2e67.karsonjacobsen.workers.dev
aged-sunset-c81b.debra1027.workers.dev
aoelc-0218.ralaeyrifh.workers.dev
ancient-smoke-63e4.95lolkc8.workers.dev
aged-meadow-3eab.iywxz2kh.workers.dev
a0tuh-do.uhirrc.workers.dev
aemus-a2b8.buaiteircsskeor.workers.dev
Attack Patterns
T1566.002
T1566.001
T1566
T1133