9000-firebase-deskcrypt0011-1773850667186.cluster-2nmnojxdmnfh2vwda4kd7uoumu.cloudworkstations.dev
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of 9000-firebase-deskcrypt0011-1773850667186.cluster-2nmnojxdmnfh2vwda4kd7uoumu.cloudworkstations.dev
This domain appears to be a subdomain hosted on the cloudworkstations.dev platform, which is associated with cloud-based development or remote workstation environments. The hostname structure suggests it may have been generated for a specific workspace, project instance, or temporary deployment rather than representing a conventional public-facing business website.
Based on the available categorization data, the domain has been associated by multiple web-classification providers with phishing, fraud, and spam-related activity. There is no indication here of a recognizable brand, organization, or established public service operating the site, and the lack of ranking data suggests it is not a widely visited mainstream website.
The domain is registered through a major registrar and has existed for several years, but that alone does not establish legitimacy for the content served from this specific hostname. In cases like this, cloud-hosted subdomains may be used for legitimate testing purposes, but they may also be repurposed for deceptive campaigns depending on how the instance is configured at the time of access.
Safety Assessment for 9000-firebase-deskcrypt0011-1773850667186.cluster-2nmnojxdmnfh2vwda4kd7uoumu.cloudworkstations.dev
Multiple security signals indicate elevated risk for this domain at the time of the scan. It was flagged by 19 out of 91 security engines, and several independent web-classification sources labeled it as phishing, fraud, or spam-related. That level of multi-engine agreement is a meaningful warning sign, especially for a little-known cloud-hosted subdomain with no established traffic profile.
At the same time, not every data source reported malicious activity. The malware scan summary showed no flagged files, and some blacklist checks were clean. However, those cleaner results do not outweigh the broader phishing-related consensus in the reputation data, particularly because phishing pages often contain little or no traditional malware and can still present credential-theft risk.
The published trust score for this scan is very low, which is consistent with the reputation findings. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The domain uses a valid TLS certificate issued by a mainstream certificate authority, with expiry listed as 2026-06-27. It resolves to an IP address hosted on Google Cloud in the europe-west4 region, with location data pointing to Groningen, Netherlands. The nameserver configuration uses Google-managed DNS infrastructure, and the domain is registered through MarkMonitor.
From a security-configuration perspective, DNSSEC appears to be unsigned, which means DNS responses may not benefit from that additional layer of authenticity protection. No web server banner was identified in the provided data, and the malware scan did not report flagged files, external links, or iframes. Even so, the main concern here appears to be reputation-based phishing detection rather than server misconfiguration or embedded malware artifacts.
Share your experience with this website. Was it safe? Did you encounter any issues?