34576011.xyz

https://34576011.xyz/hdkipf2h

104.21.5.157 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

403 · 14.8s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Attention Required! | Cloudflare"

Save

Domain Intelligence: 34576011.xyz

Scanned 2 times since Feb 21, 2026, 11:48 AM UTC

⚠ Medium (35)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Scanner blocked by cloudflare

This scan likely captured a block/challenge page, so the AI analysis may not reflect the real site victims see.

Unknown (due to scanner block characteristics)

Unknown

finance | technology | ecommerce | telecommunications | branding abuse · 4/5/2026

Summary

The URL 34576011.xyz/hdkipf2h presents a Cloudflare blocking page rather than an impersonated brand page. However, the page title is Attention Required! | Cloudflare and the SSL cert is newly issued for a 0-day domain, with a risk сигнал for brand impersonation AI indicating AT&T impersonation. The visible page content does not show a specific brand, and the domain is extremely new (.xyz) with Cloudflare-provided blocking UI, suggesting possible attempt to bypass scans rather than a direct credential phishing form. The absence of static HTML forms in the initial source supports SPA behavior, but no concrete brand branding is detectable from the static content provided.

Attack Techniques (3)

Newly registered domain (0 days) as a phishing surfaceTyposquat/brand impersonation signals flagged by AI (AT&T impersonation detected)Brand impersonation via Cloudflare-block UI on a non-official domain

Indicators of Compromise (3)

▸Domain: 34576011.xyz (very new, suspicious TLD .xyz)

▸Page title impersonates AT&T (AI-detected impersonation signal)

▸SSL cert issued by Let's Encrypt for a brand-impersonating domain (new cert, 0 days old)

Risk AssessmentUsed in abuse reports

Scanner detected a new, potentially typosquatted domain (34576011.xyz) using a Cloudflare block page. The page title claims Cloudflare protection rather than an official brand login, but the risk signals include AI-detected AT&T impersonation and a near-zero domain age, which strongly indicate phishing preparation or impersonation. The presence of Cloudflare’s block UI and a fresh TLS certificate from Let’s Encrypt further supports suspicious activity intended to deflect crawlers while potentially capturing credentials on a dynamic SPA. Given the absence of verifiable brand elements in the static HTML and the new-domain risk factors, this domain warrants high scrutiny and proactive takedown / blocking actions.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence