# wild-grass-c84e.oxyictixjwfnus5269.workers.dev — SUSPICIOUS

> Beware: wild-grass-c84e.oxyictixjwfnus5269.workers.dev is a fake login page stealing credentials. VirusTotal shows 0/95 detections so far. Check the full report.

## Summary
PhishDestroy identifies wild-grass-c84e.oxyictixjwfnus5269.workers.dev as a recently activated credential-harvesting domain posing as a legitimate service page. This Workers.dev subdomain mimics a grass-themed login portal to trick users into surrendering usernames and passwords. The page is served over HTTPS with a Google Trust Services certificate, giving it a veneer of legitimacy, but the underlying infrastructure—registered through Cloudflare and resolving to IP 188.114.96.3—is linked to active phishing campaigns.  This domain was flagged after VirusTotal scans returned zero detections across 95 security engines, indicating it evades most antivirus and anti-phishing filters. While the exact creation date is under investigation, the domain’s recent registration and zero detections suggest it is part of a fast-evolving campaign designed to bypass early detection. The use of a Workers.dev subdomain allows threat actors to rapidly deploy and discard malicious pages without maintaining traditional hosting infrastructure.  If you visited this site and entered any login details, change your password immediately on a trusted device and enable two-factor authentication where possible. Run a full antivirus scan and review account activity for signs of unauthorized access. Report the domain to your email provider or IT team and avoid interacting with similar links in the future. Monitor financial and personal accounts closely for suspicious activity following exposure to this threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/df5c9a61-72f2-43f2-9dbd-cf65f5692264
- PhishDestroy: https://phishdestroy.io/domain/wild-grass-c84e.oxyictixjwfnus5269.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/wild-grass-c84e.oxyictixjwfnus5269.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wild-grass-c84e.oxyictixjwfnus5269.workers.dev/
Last updated: 2026-04-12