Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Cloud Services - T1021.007 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Phishing - T1660 Phishing - T1566 Search Engines - T1593.002
Show in Graph
Common Information
Type Value
UUID 0c02f462-3ea6-46ef-ad3c-4dba9a713ee9
Fingerprint b060894a2b2cfb8d
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 14, 2023, 2:05 p.m.
Added to db Oct. 24, 2023, 1:15 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile
Title Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile
Detected Hints/Tags/Attributes 34/2/253
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 8 
r2.dev
Details Domain 154 
urlscan.io
Details Domain 707 
google.com
Details Domain 1 
pub-1f6ee74386dc4dc98c226f8a56f8e8c1.r2.dev
Details Domain 1 
pub-9f884b1d186548eea381cab00a0f702c.r2.dev
Details Domain 1 
pub-c6542b65e10b483d9136554aa9cb05e8.r2.dev
Details Domain 1 
pub-ca01b8d361b540ce8256226365665de0.r2.dev
Details Domain 1 
pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev
Details Domain 1 
pub-5431347746b0455bb6f7dbc419a23952.r2.dev
Details Domain 1 
pub-e4b5beda27a847fc9ff07bdb23b36563.r2.dev
Details Domain 1 
pub-7e28a526d64340e89715cafd3ffddee3.r2.dev
Details Domain 1 
pub-dc7d3a6ae1254ac4b7b0a0873ef10ed1.r2.dev
Details Domain 1 
pub-43c8427c1735476fb4e6b1b456757e0a.r2.dev
Details Domain 1 
pub-48d3a24bafe348799aa16e3fbd5ead78.r2.dev
Details Domain 1 
pub-5705d571c53847759ca1e27912b57837.r2.dev
Details Domain 1 
pub-b889ecc576cd47b8a7dae94590568f86.r2.dev
Details Domain 1 
pub-d0a002d03d4d4468a1a3a4788d44d971.r2.dev
Details Domain 1 
pub-1abd9bef283343da8c867e32a56a6050.r2.dev
Details Domain 1 
pub-4b8c37d5f65746878138f2a1665fc704.r2.dev
Details Domain 1 
pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
Details Domain 1 
pub-16d24eae069c40dcb335224f9555d849.r2.dev
Details Domain 1 
pub-19b440b384f449bc8f30a86a5f3c6049.r2.dev
Details Domain 1 
pub-2b0fffc523034ccc9ffa6fb26d5462e5.r2.dev
Details Domain 1 
pub-50137e365ae14a91ad215a40f880bad1.r2.dev
Details Domain 1 
pub-6502dddebdc447ed9023277db681dd94.r2.dev
Details Domain 1 
pub-d3ef7b90634c41c2aea65d57a1da514f.r2.dev
Details Domain 1 
pub-d1729d90c762460c9395a066038cdaf9.r2.dev
Details Domain 1 
pub-51b3ca6392244b5bb14982b7ddf92f27.r2.dev
Details Domain 1 
pub-c27949832b64423ab5f75bafdf57ba92.r2.dev
Details Domain 1 
pub-00268bd240fc441cb2f8557a6961d87d.r2.dev
Details Domain 1 
pub-b2955bd5cc5a447cba7f9017e8915538.r2.dev
Details Domain 1 
pub-93bd771473c24746860b98ace628fe91.r2.dev
Details Domain 1 
pub-28dfeb6275f8415ba3e6b97dfff9ccfc.r2.dev
Details Domain 1 
pub-9008e63dbf464532acb4ebdafa3bfb86.r2.dev
Details Domain 1 
pub-1b0adb2146a640a0b0ec2645f84b6a9a.r2.dev
Details Domain 1 
pub-7c6128fbcd6a4ed3a12554f7446ffe16.r2.dev
Details Domain 1 
pub-4054e7f05a57459e88c44b940037f4fb.r2.dev
Details Domain 1 
pub-1df03b95474e44baa86a0a11a33527d0.r2.dev
Details Domain 1 
pub-5d09e89ff38240f2b559297a9206beea.r2.dev
Details Domain 1 
pub-9064d4445dc3440599c3d2cab66301d9.r2.dev
Details Domain 1 
pub-a8f7a7bdbbef4c7aa377b495dabb19ff.r2.dev
Details Domain 1 
pub-c8dc8d57c6e24653a737a5acb81893ee.r2.dev
Details Domain 1 
pub-b0879d66c06e4547a6fe4d002fc9f88e.r2.dev
Details Domain 1 
pub-c92a4cf1fb774dd79b9c7d32023ab3fa.r2.dev
Details Domain 1 
pub-1cd83eaf4a66425d86fb1e8f37610be0.r2.dev
Details Domain 1 
pub-7e71a0ecd46d4dc0ac25e43cbb595918.r2.dev
Details Domain 1 
pub-44c085b5c63b4a438aed0cd194363508.r2.dev
Details Domain 1 
pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev
Details Domain 1 
pub-3b2c4103dbe84e8081aa257826f25d54.r2.dev
Details Domain 1 
pub-62c47a7a8e0a4ca293b31ee18b2baf43.r2.dev
Details Domain 1 
pub-887adfef303443cc97eee0e66e6d6dbc.r2.dev
Details Domain 1 
pub-fbf017af618541b3a76abd75f8dab1b7.r2.dev
Details Domain 1 
pub-ecff9b63c2c1497bbcbe5d573900b143.r2.dev
Details Domain 1 
pub-0e459479bb894ae6a3446ba7783965b0.r2.dev
Details Domain 1 
pub-3a226c66bcda41e4bbeec4790c71c89c.r2.dev
Details Domain 1 
pub-5c8b0c206b484f208b18e2c09e806156.r2.dev
Details Domain 1 
pub-cc4afac7b0304f62946883c1b996ddc3.r2.dev
Details Domain 1 
pub-5c0aa65f5f224858a03e429b595c1811.r2.dev
Details Domain 1 
pub-422f33674c4b4fe182123a25dbb97378.r2.dev
Details Domain 1 
pub-62d1a4086e2a4406ae5e1a788e7a019b.r2.dev
Details Domain 1 
pub-dda005a462634fea953ace187610f4c7.r2.dev
Details Domain 1 
pub-54efd4aa11884bfb834031d41082f502.r2.dev
Details Domain 1 
pub-45f4523b469c4ea18afe1c70ebaabeda.r2.dev
Details Domain 1 
pub-9eaf08966d54441789d558bfe758e12c.r2.dev
Details Domain 1 
pub-b08c2d9bbe594efba55b1b8d4009a382.r2.dev
Details Domain 1 
pub-99eed73366de4872bbe331bbbfb758cf.r2.dev
Details File 4 
webpage.htm
Details File 816 
index.html
Details File 1 
office.html
Details File 1 
emailverification.html
Details File 1 
passwordverification.html
Details File 11 
index2.html
Details File 1 
oeip.html
Details File 1 
dropbox-business.html
Details File 1 
alocate.html
Details File 42 
login.html
Details File 1 
001zzz.html
Details File 1 
authr.html
Details File 1 
keep.html
Details File 1 
apps.html
Details File 3 
link.html
Details File 1 
chi.html
Details File 1 
owaoutlook.html
Details File 1 
diom.html
Details File 3 
code.html
Details File 2 
setting.html
Details File 1 
vm3.html
Details File 1 
dashworkers.html
Details File 1 
backgroundfull.html
Details File 1 
gaames.html
Details File 1 
authe.html
Details File 1 
verywebmail.html
Details File 1 
webmail.html
Details File 1 
ourteam.html
Details File 1 
0012823733.html
Details File 1 
s3m6s5.html
Details File 1 
shaaa.html
Details File 1 
inslo.htm
Details File 1 
wnnslo.htm
Details File 6 
welcome.html
Details File 2 
auth.html
Details File 1 
verication.html
Details File 1 
saved.html
Details File 1 
office365.html
Details File 1 
xtrst.html
Details File 1 
llo.html
Details File 1 
noon.html
Details File 1 
nick.html
Details File 4 
new.html
Details File 1 
oml.html
Details File 1 
encrypted.htm
Details File 1 
lanx_sl1.htm
Details File 1 
hx-adfs_9.html
Details File 1 
bookingmail.html
Details File 1 
dropbox-sign-in.html
Details File 1 
secu3.html
Details File 1 
action.html
Details File 1 
nexc.html
Details File 1 
res.html
Details File 1 
diceyencode.html
Details File 1 
sam365.html
Details File 3 
email.html
Details md5 1 
de2f439c6744426586c7612824c1bac2
Details md5 1 
7e0ea6c6ac8c439a840ed31912409dc9
Details md5 1 
1f6ee74386dc4dc98c226f8a56f8e8c1
Details md5 1 
9f884b1d186548eea381cab00a0f702c
Details md5 1 
c6542b65e10b483d9136554aa9cb05e8
Details md5 1 
ca01b8d361b540ce8256226365665de0
Details md5 1 
a0f9c6938a374a2089f6fad1e6e85d1b
Details md5 1 
5431347746b0455bb6f7dbc419a23952
Details md5 1 
e4b5beda27a847fc9ff07bdb23b36563
Details md5 1 
7e28a526d64340e89715cafd3ffddee3
Details md5 1 
dc7d3a6ae1254ac4b7b0a0873ef10ed1
Details md5 1 
43c8427c1735476fb4e6b1b456757e0a
Details md5 1 
48d3a24bafe348799aa16e3fbd5ead78
Details md5 1 
5705d571c53847759ca1e27912b57837
Details md5 1 
b889ecc576cd47b8a7dae94590568f86
Details md5 1 
d0a002d03d4d4468a1a3a4788d44d971
Details md5 1 
1abd9bef283343da8c867e32a56a6050
Details md5 1 
4b8c37d5f65746878138f2a1665fc704
Details md5 1 
9b0c4b61dcdb4349b13b6e0f0902a227
Details md5 1 
16d24eae069c40dcb335224f9555d849
Details md5 1 
19b440b384f449bc8f30a86a5f3c6049
Details md5 1 
2b0fffc523034ccc9ffa6fb26d5462e5
Details md5 1 
50137e365ae14a91ad215a40f880bad1
Details md5 1 
6502dddebdc447ed9023277db681dd94
Details md5 1 
d3ef7b90634c41c2aea65d57a1da514f
Details md5 1 
d1729d90c762460c9395a066038cdaf9
Details md5 1 
51b3ca6392244b5bb14982b7ddf92f27
Details md5 1 
c27949832b64423ab5f75bafdf57ba92
Details md5 1 
00268bd240fc441cb2f8557a6961d87d
Details md5 1 
b2955bd5cc5a447cba7f9017e8915538
Details md5 1 
93bd771473c24746860b98ace628fe91
Details md5 1 
28dfeb6275f8415ba3e6b97dfff9ccfc
Details md5 1 
9008e63dbf464532acb4ebdafa3bfb86
Details md5 1 
1b0adb2146a640a0b0ec2645f84b6a9a
Details md5 1 
7c6128fbcd6a4ed3a12554f7446ffe16
Details md5 1 
4054e7f05a57459e88c44b940037f4fb
Details md5 1 
1df03b95474e44baa86a0a11a33527d0
Details md5 1 
5d09e89ff38240f2b559297a9206beea
Details md5 1 
9064d4445dc3440599c3d2cab66301d9
Details md5 1 
a8f7a7bdbbef4c7aa377b495dabb19ff
Details md5 1 
c8dc8d57c6e24653a737a5acb81893ee
Details md5 1 
b0879d66c06e4547a6fe4d002fc9f88e
Details md5 1 
c92a4cf1fb774dd79b9c7d32023ab3fa
Details md5 1 
1cd83eaf4a66425d86fb1e8f37610be0
Details md5 1 
7e71a0ecd46d4dc0ac25e43cbb595918
Details md5 1 
44c085b5c63b4a438aed0cd194363508
Details md5 1 
f488d77bc04a4676ad79ee159fe7d8c5
Details md5 1 
3b2c4103dbe84e8081aa257826f25d54
Details md5 1 
62c47a7a8e0a4ca293b31ee18b2baf43
Details md5 1 
887adfef303443cc97eee0e66e6d6dbc
Details md5 1 
fbf017af618541b3a76abd75f8dab1b7
Details md5 1 
ecff9b63c2c1497bbcbe5d573900b143
Details md5 1 
0e459479bb894ae6a3446ba7783965b0
Details md5 1 
3a226c66bcda41e4bbeec4790c71c89c
Details md5 1 
5c8b0c206b484f208b18e2c09e806156
Details md5 1 
cc4afac7b0304f62946883c1b996ddc3
Details md5 1 
5c0aa65f5f224858a03e429b595c1811
Details md5 1 
422f33674c4b4fe182123a25dbb97378
Details md5 1 
62d1a4086e2a4406ae5e1a788e7a019b
Details md5 1 
dda005a462634fea953ace187610f4c7
Details md5 1 
54efd4aa11884bfb834031d41082f502
Details md5 1 
45f4523b469c4ea18afe1c70ebaabeda
Details md5 1 
9eaf08966d54441789d558bfe758e12c
Details md5 1 
b08c2d9bbe594efba55b1b8d4009a382
Details md5 1 
99eed73366de4872bbe331bbbfb758cf
Details Url 4 
https://pub-<32_alphanumeric_string>.r2.dev/webpage.htm
Details Url 1 
https://pub-de2f439c6744426586c7612824c1bac2.r2.dev/index.html?pu=hxxps://pub-7e0ea6c6ac8c439a840ed31912409dc9.r2.dev/index.html
Details Url 1 
http://pub-1f6ee74386dc4dc98c226f8a56f8e8c1.r2.dev/office.html
Details Url 1 
http://pub-9f884b1d186548eea381cab00a0f702c.r2.dev/emailverification.html
Details Url 1 
http://pub-c6542b65e10b483d9136554aa9cb05e8.r2.dev/passwordverification.html
Details Url 1 
http://pub-ca01b8d361b540ce8256226365665de0.r2.dev/index2.html
Details Url 1 
http://pub-a0f9c6938a374a2089f6fad1e6e85d1b.r2.dev/index2.html
Details Url 1 
http://pub-5431347746b0455bb6f7dbc419a23952.r2.dev/oeip.html
Details Url 1 
http://pub-e4b5beda27a847fc9ff07bdb23b36563.r2.dev/dropbox-business.html
Details Url 1 
http://pub-7e28a526d64340e89715cafd3ffddee3.r2.dev/alocate.html
Details Url 1 
http://pub-dc7d3a6ae1254ac4b7b0a0873ef10ed1.r2.dev/login.html
Details Url 1 
http://pub-43c8427c1735476fb4e6b1b456757e0a.r2.dev/index2.html
Details Url 1 
http://pub-48d3a24bafe348799aa16e3fbd5ead78.r2.dev/001zzz.html
Details Url 1 
http://pub-5705d571c53847759ca1e27912b57837.r2.dev/authr.html
Details Url 1 
http://pub-b889ecc576cd47b8a7dae94590568f86.r2.dev/keep.html
Details Url 1 
http://pub-d0a002d03d4d4468a1a3a4788d44d971.r2.dev/apps.html
Details Url 1 
http://pub-1abd9bef283343da8c867e32a56a6050.r2.dev/link.html
Details Url 1 
http://pub-4b8c37d5f65746878138f2a1665fc704.r2.dev/chi.html
Details Url 1 
http://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/owaoutlook.html
Details Url 1 
http://pub-16d24eae069c40dcb335224f9555d849.r2.dev/diom.html
Details Url 1 
http://pub-19b440b384f449bc8f30a86a5f3c6049.r2.dev/code.html
Details Url 1 
http://pub-2b0fffc523034ccc9ffa6fb26d5462e5.r2.dev/setting.html
Details Url 1 
http://pub-50137e365ae14a91ad215a40f880bad1.r2.dev/link.html
Details Url 1 
http://pub-6502dddebdc447ed9023277db681dd94.r2.dev/vm3.html
Details Url 1 
http://pub-d3ef7b90634c41c2aea65d57a1da514f.r2.dev/dashworkers.html
Details Url 1 
http://pub-d1729d90c762460c9395a066038cdaf9.r2.dev/backgroundfull.html
Details Url 1 
http://pub-51b3ca6392244b5bb14982b7ddf92f27.r2.dev/gaames.html
Details Url 1 
http://pub-c27949832b64423ab5f75bafdf57ba92.r2.dev/authe.html
Details Url 1 
http://pub-00268bd240fc441cb2f8557a6961d87d.r2.dev/verywebmail.html
Details Url 1 
http://pub-b2955bd5cc5a447cba7f9017e8915538.r2.dev/webmail.html
Details Url 1 
http://pub-93bd771473c24746860b98ace628fe91.r2.dev/ourteam.html
Details Url 1 
http://pub-28dfeb6275f8415ba3e6b97dfff9ccfc.r2.dev/0012823733.html
Details Url 1 
http://pub-9008e63dbf464532acb4ebdafa3bfb86.r2.dev/s3m6s5.html
Details Url 1 
http://pub-1b0adb2146a640a0b0ec2645f84b6a9a.r2.dev/shaaa.html
Details Url 1 
http://pub-7c6128fbcd6a4ed3a12554f7446ffe16.r2.dev/inslo.htm
Details Url 1 
http://pub-4054e7f05a57459e88c44b940037f4fb.r2.dev/wnnslo.htm
Details Url 1 
http://pub-1df03b95474e44baa86a0a11a33527d0.r2.dev/welcome.html
Details Url 1 
http://pub-5d09e89ff38240f2b559297a9206beea.r2.dev/auth.html
Details Url 1 
http://pub-9064d4445dc3440599c3d2cab66301d9.r2.dev/verication.html
Details Url 1 
http://pub-a8f7a7bdbbef4c7aa377b495dabb19ff.r2.dev/saved.html
Details Url 1 
http://pub-c8dc8d57c6e24653a737a5acb81893ee.r2.dev/office365.html
Details Url 1 
http://pub-b0879d66c06e4547a6fe4d002fc9f88e.r2.dev/xtrst.html
Details Url 1 
http://pub-c92a4cf1fb774dd79b9c7d32023ab3fa.r2.dev/llo.html
Details Url 1 
http://pub-1cd83eaf4a66425d86fb1e8f37610be0.r2.dev/index.html
Details Url 1 
http://pub-7e71a0ecd46d4dc0ac25e43cbb595918.r2.dev/index.html
Details Url 1 
http://pub-44c085b5c63b4a438aed0cd194363508.r2.dev/index2.html
Details Url 1 
http://pub-f488d77bc04a4676ad79ee159fe7d8c5.r2.dev/index2.html
Details Url 1 
http://pub-3b2c4103dbe84e8081aa257826f25d54.r2.dev/noon.html
Details Url 1 
http://pub-62c47a7a8e0a4ca293b31ee18b2baf43.r2.dev/emailverification.html
Details Url 1 
http://pub-887adfef303443cc97eee0e66e6d6dbc.r2.dev/nick.html
Details Url 1 
http://pub-fbf017af618541b3a76abd75f8dab1b7.r2.dev/new.html
Details Url 1 
http://pub-ecff9b63c2c1497bbcbe5d573900b143.r2.dev/oml.html
Details Url 1 
http://pub-0e459479bb894ae6a3446ba7783965b0.r2.dev/docusign
Details Url 1 
http://pub-3a226c66bcda41e4bbeec4790c71c89c.r2.dev/lanx_sl1.htm
Details Url 1 
http://pub-5c8b0c206b484f208b18e2c09e806156.r2.dev/hx-adfs_9.html
Details Url 1 
http://pub-cc4afac7b0304f62946883c1b996ddc3.r2.dev/bookingmail.html
Details Url 1 
http://pub-5c0aa65f5f224858a03e429b595c1811.r2.dev/dropbox-sign-in.html
Details Url 1 
http://pub-422f33674c4b4fe182123a25dbb97378.r2.dev/secu3.html
Details Url 1 
http://pub-b2955bd5cc5a447cba7f9017e8915538.r2.dev
Details Url 1 
http://pub-62d1a4086e2a4406ae5e1a788e7a019b.r2.dev/action.html
Details Url 1 
http://pub-dda005a462634fea953ace187610f4c7.r2.dev/nexc.html
Details Url 1 
http://pub-54efd4aa11884bfb834031d41082f502.r2.dev/res.html
Details Url 1 
http://pub-45f4523b469c4ea18afe1c70ebaabeda.r2.dev/index.html
Details Url 1 
http://pub-9eaf08966d54441789d558bfe758e12c.r2.dev/diceyencode.html
Details Url 1 
http://pub-b08c2d9bbe594efba55b1b8d4009a382.r2.dev/sam365.html
Details Url 1 
http://pub-99eed73366de4872bbe331bbbfb758cf.r2.dev/email.html