# mtskfstggsd34.d92s.workers.dev — SUSPICIOUS

> PhishDestroy flagged mtskfstggsd34.d92s.workers.dev as a generic phishing domain resolving to IP 188.114.97.3. Avoid interaction; report if encountered.

## Summary
PhishDestroy is currently investigating mtskfstggsd34.d92s.workers.dev, a domain believed to be involved in generic phishing schemes. The domain's infrastructure and lack of specific brand targeting suggests a broad, opportunistic approach to harvesting credentials or sensitive information. No specific drainer kits or malicious payloads have been identified at this stage, but the generic nature of the domain warrants caution.

Technical indicators for mtskfstggsd34.d92s.workers.dev include a VirusTotal detection ratio of 0/95, indicating that it is currently not widely recognized as malicious. The domain resolves to IP address 188.114.97.3. The SSL certificate is issued by Google Trust Services, which is typical for Cloudflare Workers domains, and the domain is registered through Cloudflare, Inc. Further investigation into associated network traffic and potential payload delivery mechanisms is ongoing.

Currently, the domain mtskfstggsd34.d92s.workers.dev is marked as active and under investigation. Immediate response actions include continued monitoring of the domain's activity and potential for malicious behavior. Users are advised to avoid interacting with the domain or any associated content. The risk level is considered under investigation, pending further analysis and confirmation of malicious activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d05b8372-0418-46f0-a5ba-9046cb9d4f95
- PhishDestroy: https://phishdestroy.io/domain/mtskfstggsd34.d92s.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/mtskfstggsd34.d92s.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mtskfstggsd34.d92s.workers.dev/
Last updated: 2026-03-25