Report - 9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev/

Report Overview

Visitedpublic

2025-08-09 11:36:35

Tags

phishing suspicious

Submit Tags

URL

9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev/

Finishing URL

9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev/

IP / ASN

35.199.40.91

#396982 GOOGLE-CLOUD-PLATFORM

Title

9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev/

Phishing - Generic phishing

Suspicious - Suspicious Javascript code

Phishing - Known Phishing Kit detected

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev	unknown	2022-01-14	2025-08-05	2025-08-05	1.8 kB	46 kB	35.199.40.91
code.jquery.com	634	2005-12-10	2012-05-21	2025-08-06	618 B	70 kB	151.101.66.137
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-08-06	637 B	50 kB	104.18.10.207
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-08-06	518 B	87 kB	142.250.178.74
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-04-05	2025-08-06	1.1 kB	213 kB	104.18.11.207
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-08-06	643 B	20 kB	104.17.24.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-08-06	525 B	3.5 kB	104.16.175.226

Related reports

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
YARAhub by abuse.ch	9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev/	malware	Detects file containing Telegram Bot API
Quad9 DNS	9000-firebase-upgradewebmail40-1753446631738.cluster-f4iwdviaqvc2ct6pgytzw4xqy4.cloudworkstations.dev	malicious	Sinkholed

JavaScript (9)

HASH

FROM

Size

First Seen

Last Seen

45f35510181b63a4f931e152dbd84211

DocumentWrite

14 kB

2025-08-05

2025-08-13

Introduced by DocumentWrite

First Seen 2025-08-05

Last Seen 2025-08-13

Times Seen 11

Size 14 kB (14107 bytes)

MD5 45f35510181b63a4f931e152dbd84211

SHA1 85a16e3acfe22be1dfdb2e91af017bd2f743d7cd

SHA256 bb349a9c277381cd3448584317a11545b993971d7d2e9b8ea66051e372fb64a2

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

Format Code

HTTP Transactions (10)

	URL	IP	Response	Size