# throbbing-salad-708e.saasf.workers.dev — SUSPICIOUS

> The domain throbbing-salad-708e.saasf.workers.dev is flagged as a generic phishing host resolving to 188.114.96.3.

## Summary
PhishDestroy identifies the domain throbbing-salad-708e.saasf.workers.dev as an active generic phishing host designed to harvest user credentials under investigation by security teams. This Workers.dev subdomain leverages Cloudflare infrastructure and a Let's Encrypt SSL certificate to appear legitimate while resolving to IP address 188.114.96.3, a known hosting range. Critical analysis reveals zero detections on VirusTotal despite active circulation, indicating evasion techniques and delayed threat intelligence propagation.  Technical indicators confirm this domain shows adaptive behavior, with zero blocklist detections and zero antivirus coverage across 95 engines at the time of analysis. Registered through Cloudflare, Inc., this Workers.dev subdomain demonstrates host rotation tactics typical of coordinated phishing campaigns. The lack of detection despite 0/95 coverage suggests either novel infrastructure or delayed signature updates from security vendors, requiring immediate user vigilance.  Users who visited this domain should assume credential exposure and immediately rotate passwords for any accounts where credentials may have been entered. Enable multi-factor authentication on all critical accounts as a precaution against credential stuffing attacks. Report the domain to your organization's security team and monitor financial accounts for suspicious transactions. Consider using password managers with phishing detection capabilities to prevent similar threats in the future. The IPv4 address 188.114.96.3 has been associated with previous malicious hosting activity and should be blocked at the network perimeter if possible.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2d630498-c761-478e-9635-0a4fbe1c53dc
- PhishDestroy: https://phishdestroy.io/domain/throbbing-salad-708e.saasf.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/throbbing-salad-708e.saasf.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/throbbing-salad-708e.saasf.workers.dev/
Last updated: 2026-03-30