Woker.dev phishing attempts

We are seeing a phishing attempt that appears to be originating on workers.dev on the following URI:

dart-topup.paulobrien.workers.dev/security

Im sorry i dont really know what workers.dev is, what it does or how it works. How do i get this taken down? Is this something that is actually hosted by Cloudflare?

I have raised an abuse ticket with cloudflare but havent had any sort of response at all.

Frank

1 Like

I’m surprised this didn’t happen earlier to be honest (it probably does, just isn’t openly published).

A “worker” works almost just like any server does, so there’s really no limit to what they can do.

So phishing and scams will probably occur more as workers gain popularity… :frowning:

So this is techincally a form of hosting then?

Cloudflares abuse team are totally unresponsive on the matter, I havent even had a confirmation that they revieced my request.

Google is already flagging for phishing.

Thats actually a cloudflare message which is a start, but they need to take it down.

@harris @zack Tagging a bit to get CF eyes on it.

@Boohe Oh it’s certainly hosting, you can make full websites if you wanted.

1 Like

I was seeing on the phone, and missed it was Cloudflare.

1 Like

Abuse reports can be filed via our abuse form here: https://www.cloudflare.com/abuse/ once reviewed the team will respond.

1 Like

Logged it yesterday morning, havent had anything yet.

I reported something a while back and they took care of it.

day 3, and its still up.

Found another one and submitted to cloud flare abuse production.microsoftpassword-update0009-hfhfhf-draspy-rice-57e5.s-hiestand.workers.dev - urlscan.io

Bumping this old thread because it’s a top result on Google for workers.dev abuse

There’s a soultion to all of this! Report the link via https://abuse.cloudflare.com/ This form is NOT to be used for abuse reports!!