# shiny-tree-1b8c.cxxdw.workers.dev — SUSPICIOUS > shiny-tree-1b8c.cxxdw.workers.dev is a phishing site mimicking crypto wallets. Detected by 3 security tools, including MetaMask. Check the full report. ## Summary Is shiny-tree-1b8c.cxxdw.workers.dev Safe? shiny-tree-1b8c.cxxdw.workers.dev presents an active cryptocurrency wallet phishing threat, currently under investigation for deceptive impersonation of legitimate wallet interfaces. This domain is designed to trick users into entering sensitive wallet credentials or private keys, posing a high risk of financial theft and account compromise. The phishing campaign leverages cloud-based infrastructure to host fraudulent wallet login pages, often distributed through phishing emails or malicious ads targeting cryptocurrency users. This domain was flagged by PhishDestroy, MetaMask, and SEAL, and is blocked by these services due to confirmed malicious activity. It resolves to IP address 172.67.157.56 and is registered through Cloudflare, Inc. The SSL certificate issued by Let’s Encrypt suggests an attempt to appear legitimate, but VirusTotal reports 0 detections out of 95 scanners, indicating it currently evades most automated detection systems. This combination of low detection rates and active blocklist presence signals an emerging and evolving threat that requires immediate caution. To mitigate risk, users should avoid interacting with this domain entirely. If you've already visited, do not enter any wallet credentials or private keys. Revoke any permissions granted through your wallet provider’s official interface and run a security scan on your device. Report the domain to your wallet provider and relevant cybersecurity authorities such as PhishDestroy. Always verify URLs manually and use hardware wallets or official apps for transactions. Never click unsolicited links claiming to offer wallet access. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.67.157.56 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["PhishDestroy", "MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a415688a-9ae6-4018-8ef0-d17e74221a15 - PhishDestroy: https://phishdestroy.io/domain/shiny-tree-1b8c.cxxdw.workers.dev/ - LLM endpoint: https://phishdestroy.io/domain/shiny-tree-1b8c.cxxdw.workers.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/shiny-tree-1b8c.cxxdw.workers.dev/ Last updated: 2026-03-31