# werkstatt-west.de — SUSPICIOUS > werkstatt-west.de is a live credential-harvesting site hosted on 185.125.174.18 with a Let's Encrypt cert; no AV has flagged it yet. Avoid any login prompts. ## Summary PhishDestroy identifies werkstatt-west.de as an active credential-harvesting domain seeded 194597 under investigation. This German-named site masquerades as a legitimate workshop portal while secretly collecting usernames and passwords submitted through its login form. Hosted on IP address 185.125.174.18 and secured with a Let’s Encrypt SSL certificate, it currently evades antivirus detection, notching zero detections on VirusTotal out of 95 scanners as of seed 194597. The low VT score suggests either recent deployment or sophisticated evasion tactics rather than benign intent. If you entered any credentials on werkstatt-west.de, immediately change those passwords on a separate, trusted device and enable multi-factor authentication wherever possible. Review account activity for unauthorized logins and consider revoking any session tokens or API keys tied to that password. Run a full antivirus scan and monitor financial accounts for signs of credential stuffing attacks launched from harvested data. Report the domain to your security team or via your organization’s phishing-reporting channel so that blocklists can be updated before others are targeted. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 185.125.174.18 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/werkstatt-west.de - PhishDestroy: https://phishdestroy.io/domain/werkstatt-west.de/ - LLM endpoint: https://phishdestroy.io/domain/werkstatt-west.de/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/werkstatt-west.de/ Last updated: 2026-04-07