Today > | 13 High | 29 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

May 28, 2024, 12:59 p.m.

Description

Netskope Threat Labs has been tracking an increase in phishing campaigns hosted on Cloudflare Workers. The campaigns use techniques like HTML smuggling and transparent phishing to evade detections. The phishing pages target Microsoft and Google credentials. Netskope recommends inspecting web traffic to detect and block phishing sites.

Date

Published: May 28, 2024, 12:36 p.m.

Created: May 28, 2024, 12:36 p.m.

Modified: May 28, 2024, 12:59 p.m.

Indicators

yellow-recipe-c615.wl5n4b9b.workers.dev

wood-82c2.jayden1077.workers.dev

voice-chat-e42b.gzklq0kj.workers.dev

wilmse-d767.eoethehorbmnlkntua.workers.dev

uniame-2818.carirentfrsae.workers.dev

ungamj-98bc.neglmlnaay.workers.dev

undec-ab94.djuleircendku.workers.dev

ueana-a505.ncaielazulep.workers.dev

still-poetry-77cd.uitsnnassdtaa3215.workers.dev

shiny-bar-1128.javion1086.workers.dev

shhared-sea-d6d3.krystengraff.workers.dev

sheetrm-1c7f.krystengraff.workers.dev

sheets-term-2b6f.amariruth.workers.dev

sheetg-a014.tyron1133.workers.dev

sharedsing-2723.emmalopes.workers.dev

sheeetss-99b3.sbretasaheliba.workers.dev

shared-grass-549a.uriahmontague.workers.dev

share-wcloud-4b35.uytsaiteqcnljwr.workers.dev

share-one-paper-46a2.rilceharrlyeav.workers.dev

run-sun-a3dc.santanaharmon.workers.dev

shadoc-unit-d523.einureqbaftjc.workers.dev

share-field-7570.yralecaeaghnrsn.workers.dev

recore-3b5e.ilimamecasm.workers.dev

reconnec-tree-fb13.aybnmmtiluah.workers.dev

rondoc-b7ce.lvauayt.workers.dev

proposal-ce2a.cullen1015.workers.dev

pucoby-5cc9.idkiahstknaa.workers.dev

projeeect-sunset-27f3.citlaliheck.workers.dev

project-base-4b4d.tierfaitneuro.workers.dev

profile-auth-51b7.s9afo8oi.workers.dev

penca-cbd8.ilodnswfalen.workers.dev

orange-math-f65b.naacraleindir.workers.dev

oudslc-docs-4c58.pchgpwahni.workers.dev

orebu-cloud-3bde.lwvemrlaensi.workers.dev

nuclo-b1bb.laseiphnel.workers.dev

onionss-78f4.eihnialonmfre.workers.dev

omudipe-3e72.itrlcuvapioelcr.workers.dev

munal-ed0b.lsoysraiae.workers.dev

misty-pond-905a.skniapeoosrp4335.workers.dev

mursu-e366.irakfflazrtgy.workers.dev

messges-bar-9caa.yilurqr6.workers.dev

lucky-mountain-1a8a.88d2jrux.workers.dev

lucky-cloud-09ff.gehabumferv.workers.dev

inv-shee-0d26.ieislnqveulte.workers.dev

late-river-17c7.pn2dotnx.workers.dev

jundoc-sunset-a630.trumneannmseretan.workers.dev

hycloud-c6f3.ylunndoiclrdaa.workers.dev

inboxx-89f1.nkbrehmyetae.workers.dev

id-dew-ad5f.gzklq0kj.workers.dev

hero-thunder-ef0c.lexiegamboa.workers.dev

heets-sun-8ff8.bethbess.workers.dev

haluuu.aardhnrscidcahr.workers.dev

greg-56e7.lleabtiswhe.workers.dev

ground-violet-e1ad.jackreedy.workers.dev

grehu-6d48.aedlripreaz.workers.dev

gentle-feather-d68f.ansley1024.workers.dev

green-shared-211d.ecormllhoi.workers.dev

gentle-voice-fa8b.epd5tuee.workers.dev

generals-dawn-cf0d.dnayipmrindk.workers.dev

frosty-document-5022.dscgs8xo.workers.dev

geea-d27e.elrtuearsddecul.workers.dev

fragrant-mode-6a69.trnnnraibaomti.workers.dev

field-6344.kaley1087.workers.dev

filrem-clouds-f600.larerercgbanelu.workers.dev

falling-hall-35ca.bzefiragnloe1965.workers.dev

fancy-cherry-de6f.8n2jthl6.workers.dev

enjucm-6424.anotudhoeah.workers.dev

encaon-568f.adademord.workers.dev

egfyua-winter-sea-8755.smilingpurple.workers.dev

dry-scene-66f4.so3yeui8.workers.dev

dooocss-5d06.uerupmmllyd.workers.dev

drecloud-1fce.eteispafntejrntan.workers.dev

doooc-cebf.rglegagaoali.workers.dev

doocloud-323b.teerhanlnuchmar.workers.dev

doccc-inv-5685.fsealerly.workers.dev

dooc-dar-b916.slrheeibtuebsid.workers.dev

dhocs-haze-a290.nuiblalrlewln.workers.dev

danu-8a19.nldatwuiassdreeio.workers.dev

dark-river-79b4.jamar1026.workers.dev

d0ocs-ow-9c42.nganarxnksoroo.workers.dev

crownjul-dreasm-7206.olinltjsacnrai.workers.dev

crimson-flower-941f.3invyzig.workers.dev

crimson-cell-4c00.9kgfjtlv.workers.dev

crdoc-term-8097.kasrhienddnhasae.workers.dev

coreplesk-cake-7dbf.leacshlenmmdgza.workers.dev

core-bonus-3844.caileymcclendon.workers.dev

clouuu-1faa.uicnotksbreal.workers.dev

cold-frost-1951.enktcrljfezatoa6437.workers.dev

clouuss-c438.eniatolitse.workers.dev

clouud-1ea1.ehebarotnittk.workers.dev

clouuds-haze-bca9.esalasaimr-c19.workers.dev

cloudsss-e610.rnailruarffoi.workers.dev

clouds-tree-bbeb.lexiegamboa.workers.dev

clous-lab-662a.tlavaeonryersvs.workers.dev

clouds-scene-ed7a.emiliafalk.workers.dev

clouds-tain-fce5.cmcayeyuhnaess.workers.dev

clouds-scene-ad2d.alessandraquinn.workers.dev

clouds-pine-bd47.iodoeamnnsc.workers.dev

clouds-ocd-87e8.nswoadaas.workers.dev

clouds-inv-2f38.oednlakueupsap.workers.dev

clouds-frog-f374.yralecaeaghnrsn.workers.dev

clouds-cake-4525.teairncakli.workers.dev

clouds-bird-906f.inlukbatehret.workers.dev

cloude-dd47.aeancsesekhi.workers.dev

cloudl-191c.aoapuulz.workers.dev

clouds-33b3.citlaliheck.workers.dev

cloudd-9049.tolevilmtohean.workers.dev

cloude-15e5.karsonjacobsen.workers.dev

clouddd-1d8c.eleutamdcdla.workers.dev

cloudd-5d85.eatsosyannatr.workers.dev

cloud-new-grass-82b7.ptakptasyenlki.workers.dev

cloud-init-8373.nuzsidlneae.workers.dev

cloud-base-3540.jalincrowe.workers.dev

cloud-connectors-a7ad.liis6wf5.workers.dev

cloud-3300.lnrtygtenaeailce.workers.dev

cloouds-bar-84ac.slrheeibtuebsid.workers.dev

cloosud-776c.lnskeaysldoavar.workers.dev

cloicel-8251.uckldadoaierbex.workers.dev

chatss-feather-5154.eebufrdrrmsngueum.workers.dev

chaaat-a150.ahiamsomkyyuo.workers.dev

chare-docs-a528.rdleajodex.workers.dev

blou-79bc.hedozriikbe.workers.dev

bitter-glitter-3cd5.epd5tuee.workers.dev

basedbar-df19.joanapatterson.workers.dev

autumn-recipe-1448.5o662488.workers.dev

autumn-haze-7b45.fhzpzvz6.workers.dev

assets-wind-7719.coralcleary.workers.dev

asset-meadow-2e67.karsonjacobsen.workers.dev

aged-sunset-c81b.debra1027.workers.dev

aoelc-0218.ralaeyrifh.workers.dev

ancient-smoke-63e4.95lolkc8.workers.dev

aged-meadow-3eab.iywxz2kh.workers.dev

a0tuh-do.uhirrc.workers.dev

aemus-a2b8.buaiteircsskeor.workers.dev

Attack Patterns

T1566.002

T1566.001

T1566

T1133